Cyber-Security


exterro300x200

CPE Webcast: Data breach litigation post CCPA

2020-06-30T14:00:00+01:00Provided by

The biggest impact on business post CCPA, and presumably subsequent state regulations, is the impact on data breaches.

Cyber-security

Bill proposes national cyber-security czar

2020-06-26T18:09:00+01:00By

A bill with bipartisan Congressional support proposes to create a national cyber-security czar who would report directly to the president.

Cyber-security

Report slams ‘woefully lax’ cyber-security controls at CIA

2020-06-18T17:00:00+01:00By

Cyber-security protections deployed for some of the nation’s most secret data was “woefully lax,” according to a 2017 intelligence brief that detailed shortcomings at the CIA following the agency’s 2016 data breach.

DigitalChecklist

Five cyber-security lessons from the pandemic

2020-06-16T14:27:00+01:00By David Kessler, CW Guest Columnist

Verizon Public Sector Counsel David Kessler, winner of CW’s “Excellence in Compliance: Cyber-Security” award, offers five lessons garnered from the pandemic to assist companies with their cyber-security compliance.

Data breach

Report: Average data breach costs public companies $116M

2020-06-09T20:02:00+01:00By

An Audit Analytics report on cyber-security breaches at public companies found the sensitivity of customer information stolen—along with length of time it took companies to report breaches—greatly affected the financial damage the breaches caused.

Coronavirus crime

Five ways to protect yourself from coronavirus cyber-attacks

2020-05-26T17:28:00+01:00By Holly Thomas-Wrightson, International Compliance Association

Cyber-criminals are making attempts to test the cyber-security of those working from home during the coronavirus pandemic. Here are ways to help defend yourself and your business from these potential threats.

trustarc 300x200

CPE Webcast: Calculating COVID-19 third-party privacy risks

2020-05-26T14:00:00+01:00Provided by

COVID-19 has completely changed the way organizations do business, both internally and externally. The influx of sensitive data being collected makes proactively identifying and managing privacy risk a big challenge.

power_anderson

Coronavirus has made CW2020 a (virtual) gathering like no other

2020-05-15T14:58:00+01:00By

The coronavirus pandemic has made getting together for our annual National Conference impossible, but it’s also made this virtual gathering (Monday and Tuesday) perhaps the most important one we’ve ever had.

Rosenstein

Rewriting the cyber-compliance playbook

2020-05-11T13:41:00+01:00By Rod Rosenstein & Sumon Dantiki, CW Guest Columnists

Former U.S. deputy attorney general Rod Rosenstein provides some best practices companies can employ in their fight against a new era of cyber-crime.

bitcoin laundering

Cyber-criminals have supply chains, too

2020-05-06T20:02:00+01:00By

All cyber-attacks leave a trail. These trails can be complex, of course, but the criminals cannot avoid them. Thus, they leave a supply chain of intelligence and data.

breach

Current cyber-environment calls for proactive approach

2020-04-30T15:26:00+01:00By

The conventional wisdom on cyber-security is to play defense and respond quickly to breaches. But these are not normal times, and proper cyber-hygiene is more important than ever.

ICA, ICTTF partner on new cyber-risk offering

2020-04-29T15:44:00+01:00By GRC Announcements

The International Compliance Association announced it has partnered with the International Cyber Threat Task Force to offer a new program in cyber-risk management.

finalists banner 600x400

First round of finalists named for Excellence in Compliance Awards

2020-04-06T13:39:00+01:00By

Compliance Week has pared down its list of more than 300 nominees for its first annual Excellence in Compliance Awards and is pleased to announce the finalists for nine of the 15 categories.

Videoconference

Lessons from Zoom: Coronavirus exposes videoconference risks

2020-04-03T17:04:00+01:00By

Stay-at-home orders during the coronavirus pandemic have led to explosions of use for popular videoconferencing platforms, some of which have struggled to adjust to new privacy concerns.

Marriott

Latest Marriott breach exposes 5.2M guests

2020-03-31T19:51:00+01:00By

Marriott International says a breach may have compromised the personal data of 5.2 million customers, the second significant data breach for the hotel chain since 2018.

Houseparty

App offers $1M bounty for proof of alleged hacking smear campaign

2020-03-31T18:44:00+01:00By

Popular face-to-face social networking app Houseparty is on the defensive amid claims of a data breach, offering a $1 million bounty for proof in what it believes may be a “paid commercial smear campaign.”

EyeOnDataPrivacy

CCPA, SHIELD Act to take back seat during coronavirus pandemic?

2020-03-24T18:26:00+00:00By

With state attorneys general now fixated on “stay at home” directives amid the coronavirus pandemic, oversight of data privacy regulation may dip. But consumers—and the plaintiffs’ bar—are still watching.

Italy flag

Analysis: Cyber-attacks spike in Italy linked to coronavirus

2020-03-18T15:03:00+00:00By

Italy, a region in quarantine, is experiencing a spike in attempted cyber-attacks to capture the login credentials of employees working remotely. But not all the attacks have been successful, and that’s where the lessons lie.

Hackers

5 tips to immunize yourself against coronavirus-emboldened hackers

2020-03-17T20:16:00+00:00By

In this time of fear and uncertainty, it’s more critical than ever to practice good cyber-security hygiene (just think of it as the technical version of proper handwashing).

Work from home

Employees working from home to avoid coronavirus? Protect your data

2020-03-12T19:54:00+00:00By

With the coronavirus threat having moved on from disrupting your business’s supply chain to threatening your employees’ health at home, now is the time to implement that company-wide remote workplace plan.

proofpoint300x200

Webcast: Regulatory update for financial services

2020-03-12T15:47:00+00:00Provided by

FINRA’s Exam Priorities, Regulation BI, and the SEC’s Cybersecurity Guidance

PhoneHack

T-Mobile data breach: A cautionary tale for all companies

2020-03-06T19:11:00+00:00By

For the second time in a matter of four months, T-Mobile announced it has suffered a data breach. Cyber-security experts say it’s a cautionary tale about the vulnerabilities of e-mail accounts that are not properly secured.

Virgin Media

​Virgin Media could face GDPR pressure after data breach

2020-03-06T17:54:00+00:00By

Virgin Media is likely to be in the GDPR crosshairs after disclosing a recent breach that affected approximately 900,000 customers to the U.K.’s data regulator.

Cathay Pacific

U.K.’s ICO fines Cathay Pacific for pre-GDPR breach

2020-03-04T18:37:00+00:00By

The U.K. Information Commissioner’s Office has fined airline Cathay Pacific £500,000 (U.S. $643,000) for failing to protect the personal data of millions of customers.

Facial recognition

Controversial facial image aggregator Clearview AI reveals breach

2020-02-27T20:03:00+00:00By

A company with a huge database of facial images informed its law enforcement customers this week that it suffered a data breach.

prevalent feb cover img

White paper: Achieving Compliance with TPRM Regulatory and Framework Requirements

2020-02-25T05:37:00+00:00Provided by

Measuring compliance against third-party risk management requirements is complex and time consuming; and with growing numbers of data breaches originating with third parties and all the regulatory activity that comes as a result, it never lets up.

MGM Resorts

Reports: Bieber, Twitter’s Dorsey among 10.6M affected by MGM Resorts hack

2020-02-20T18:03:00+00:00By

Pop star Justin Bieber and Twitter CEO Jack Dorsey were among 10.6 million MGM Resorts guests to have their personal information exposed in a data breach last year, according to multiple reports.

Crypto

Treasury Secretary sets goal for cryptocurrency regulation

2020-02-13T16:54:00+00:00By

Taking into account the Trump administration’s trade concerns involving cryptocurrencies, the Treasury Department has announced it will roll out new regulations later this year.

CCPA

More than minor changes? Assessing the latest CCPA updates

2020-02-13T16:53:00+00:00By

The business community was already rushing to comply with the CCPA’s Jan. 1 effective date. But does this latest change ease the way to compliance or just raise more questions?

Chinese hackers

Equifax indictment and the making of a Chinese cyber-attack

2020-02-10T19:21:00+00:00By

The DOJ announced four members of the Chinese military have been indicted on charges of hacking into the computer systems of Equifax, ultimately resulting in the largest-ever breach of consumer data. From an ERM standpoint, the indictment offers an inside look at the making of a Chinese cyber-attack.

NIST

NIST seeks comment on ransomware, cyber-attack guidance

2020-02-07T17:07:00+00:00By

The National Institute of Standards and Technology is seeking input on a trio of draft guidance published in the past week. Two of the drafts address ransomware attacks, and the third addresses protecting against cyber-attacks in the supply chain.

CCPAUpdate

10 things you need to know about CCPA compliance

2020-02-04T21:37:00+00:00By

As the CCPA enforcement deadline arrives, here are some boxes you’ll need to make sure your company has checked.

600x400 finalist story banner11

First four ‘Excellence in Compliance Awards’ finalists revealed

2020-02-04T17:19:00+00:00By

Compliance Week is proud to announce its first four finalists for the “Excellence in Compliance Awards,” a newly formed program that recognizes individual achievement in one of 13 categories relating to risk and compliance.

Germany privacy

Germany’s dual approach to data regulation under the GDPR

2020-02-03T18:22:00+00:00By

Germany is staying ahead of the game with an advanced crackdown on data privacy and competition law violations.

Avast

Avast dissolves analytics arm following privacy scandal

2020-01-31T22:33:00+00:00By

Avast maintains it always acted “fully within legal bounds,” but the British cyber-security company terminated the provision of data to its analytics arm, Jumpshot, after being accused of putting users’ privacy at risk.

Facebook

Facebook reveals $550M settlement for Illinois privacy lawsuit

2020-01-30T20:10:00+00:00By

Facebook has reached a $550 million settlement in principle in connection with a class-action lawsuit it faced in Illinois over violations of a state biometric law.

Cyber-security

SEC, NSA issue new cyber-security guidance

2020-01-29T19:50:00+00:00By

Two new guidance documents, one from the SEC’s Office of Compliance Inspections and Examinations and another from the National Security Agency, aim to help companies improve their cyber-security efforts, including managing vulnerabilities in the cloud.

Microsoft

Microsoft data leak points to industry-wide security vulnerabilities

2020-01-24T15:41:00+00:00By

Microsoft made headlines when it was discovered that nearly 250 million customer service and support records were exposed on the Web through several unsecured cloud servers. But that’s only a glimpse into wider cloud-security weaknesses throughout the industry.

Cyber locks

Proposed bill seeks to help non-federal entities improve cyber-security

2020-01-21T21:48:00+00:00By

A new bill proposed by Congress would install a federal “cyber-security state coordinator” in each state to facilitate non-federal entities’ access to technical know-how, training, communications, and other resources for improved cyber-security.

Data money

Lawmakers push for FTC probe into Envestnet data sales

2020-01-21T20:47:00+00:00By

Democratic Sens. Ron Wyden and Sherrod Brown and Rep. Anna Eshoo sent a letter to the Federal Trade Commission urging the agency to investigate Envestnet’s selling practices regarding consumer financial data.

Equifax

Equifax must spend ‘a minimum of $1B’ for data security

2020-01-21T19:40:00+00:00By

A massive data breach that was “entirely preventable” will cost credit-reporting agency Equifax another $1 billion to beef up its cyber-security efforts.

Risk

Cyber-threats, regulatory change highlight top-10 risks study

2020-01-14T20:24:00+00:00By

Cyber-incidents, business interruption, and changes in legislation and regulation are the three biggest risks to companies globally, according to research by German insurer Allianz.

FTC

FTC strengthens orders in data security cases

2020-01-08T19:50:00+00:00By

Chief compliance officers seeking more guidance from the Federal Trade Commission on how the agency has improved its orders in data security cases will find helpful a recent blog post by Andrew Smith, director of the Bureau of Consumer Protection.

Cyber

U.S. government warns: Be prepared for Iran cyber war

2020-01-06T20:06:00+00:00By

The killing of Iranian general Qassem Soleimani in a U.S. airstrike may bring about cyber warfare, the U.S. government has warned in a security bulletin.

Wawa

Wawa data breach part of ‘concerning’ industry trend?

2020-01-03T16:58:00+00:00By

While Wawa continues to investigate the source of a widespread data breach that put thousands of customers at risk, its connection to a recent Visa alert suggests other retailers should be on the lookout for similar threats to their cyber-security infrastructure.

riskalert

New COSO guidance addresses cyber-risk management

2019-12-30T17:59:00+00:00By

Boards of directors, audit committee members, and executive management teams interested in learning how to apply COSO’s Enterprise Risk Management framework to protect against cyber-attacks now have new guidance available.

Data transfers

Top EU advisor: Clauses used for EU-U.S. data transfers ‘valid’

2019-12-23T15:18:00+00:00By

Big Tech can breathe a sigh of a relief that the mechanisms it uses to transfer data outside of the European Union to “third countries” provide sufficient privacy protection, according to a key advisor to the EU’s top court.

Credit breach

Widespread Wawa data breach puts thousands at risk

2019-12-20T14:04:00+00:00By

Convenience store chain Wawa announced it has suffered a massive data breach that has affected “potentially all” of its store locations, compromising the debit and credit card information of thousands of customers.

SEC

SEC names new cyber chief

2019-12-03T17:31:00+00:00By

The Securities and Exchange Commission announced the appointment of Kristina Littman as chief of the Division of Enforcement’s Cyber Unit.

Excellence in Compliance Awards

Introducing ‘The Excellence in Compliance Awards’

2019-12-02T22:03:00+00:00By

Compliance Week is making some changes to its annual awards for 2020, evolving the “Top Minds” recognition into a full-blown, specifically targeted awards program dubbed “The Excellence in Compliance Awards.”