Cyber-Security


intsights 300x200

CPE Webcast: How modern cyber-threat intelligence can enrich system security

2021-02-23T14:00:00+00:00Provided by

Threat Intelligence is normally used to enrich the process of security assessment, providing proof on the enforcement of security controls required to be secure and compliant.

cyber insurance

Cyber-insurance: Why you need it and how to choose the right plan

2021-02-22T20:49:00+00:00By

As cyber-attacks surge, the need for cyber-insurance is growing more urgent. But it’s critical for companies to first familiarize themselves with how to navigate the labyrinth of cyber-insurance products on the market so that they are properly covered.

Kroger

Kroger joins victims of Accellion data breach

2021-02-22T19:58:00+00:00By

Two months after cloud service vendor Accellion first identified one of its legacy products was targeted by a sophisticated cyber-attack, users of the product continue to feel the impact, with grocery chain Kroger the latest to reveal its exposure.

Cyber-guard

Survey: Firms enhanced cyber-security in 2020, but not enough

2021-02-17T14:26:00+00:00By

Companies forced to pivot to remote work in a global health crisis spent the bulk of 2020 grappling with heightened cyber-security risks. A year later, compliance practitioners say their companies’ cyber-security postures are better for it—even in the wake of the stunning SolarWinds hack.

exterro300x200

CPE Webcast: Vital framework to defensible data incident and breach response

2021-02-16T14:00:00+00:00Provided by

Today’s breach landscape is unprecedented and complex. Every organization is facing potential enforcement of many interconnected and overlapping laws in multiple jurisdictions.

Risk

FINRA report: Top risk areas for AML, cyber-security

2021-02-05T20:31:00+00:00By

The Financial Industry Regulatory Authority has published a new report designed to help inform member firms’ compliance programs by providing annual insights from its examinations and risk monitoring programs.

2021

Survey: Pandemic pervades executives’ top 10 risks for 2021

2021-02-05T17:39:00+00:00By

The aftermath of the coronavirus pandemic dominates the top risks that will keep boards of directors and executive management teams on their toes in 2021, a new survey by Protiviti and NC State’s ERM Initiative finds.

cybergrx digital transformation

White paper: Digital Transformation & Cyber Risk: What You Need to Know to Stay Safe

2021-02-03T06:07:00+00:00Provided by

CyberGRX and Ponemon Institute surveyed 581 IT security and 302 C-suite executives to determine what impact digital transformation is having on cybersecurity and how prepared organizations are to deal with that impact.

SolarWinds

SolarWinds hack turning into Pandora’s box of cyber-risk

2021-02-02T20:47:00+00:00By

The more we learn about the SolarWinds hack, the more troubled compliance officers should be by the scope and breadth of the risks their companies might have incurred.

Maria Vullo

NYDFS regulation a best-practices model for cyber-security training

2021-02-01T17:05:00+00:00By

Companies must make cyber-security a continuous priority as threats evolve, often more quickly than the technology and regulations to counter them. That’s why the New York Department of Financial Services, under Maria Vullo, developed a policy that should act as a model for organizations.

cybergrx fs infosheet coverimg

White paper: Reducing Cyber Risk for the Financial Service Industry

2021-01-26T07:29:00+00:00Provided by

The financial services industry is a leading target for cyber criminals because there’s more than one way one way to profit from an attack.

Cyber-risk panelists

Cyber-Risk Summit: Compliance should view cyber-security through prism of risk

2021-01-21T21:39:00+00:00By

What’s most important for compliance officers is to understand the risks breaches and hacks pose to their organizations, not the technical manner of how those breaches occur, according to an expert panel at CW’s virtual Cyber-Risk & Data Privacy Summit.

Cyber-risk panel

Cyber-Risk Summit: 7 best practices for protecting employee health data

2021-01-21T21:19:00+00:00By

Experts at CW’s virtual Cyber-Risk and Data Privacy Summit explain the importance for companies to review and enhance their current data security compliance policies and procedures.

Health records

Excellus Health Plan fined $5.1M for 2015 data breach

2021-01-20T16:21:00+00:00By

The U.S. Department of Health and Human Services’ Office for Civil Rights fined Excellus Health Plan $5.1 million for failures relating to a 2015 data breach that exposed the personal information of 9.3 million individuals.

British Airways

British Airways breach could cost billions in landmark class-action push

2021-01-15T15:12:00+00:00By

British Airways faces the largest group claim ever made in U.K. legal history over a 2018 data breach that exposed the financial and personal details of more than 400,000 of its customers.

Cyber locks

Biden names NSA cyber head to White House position

2021-01-07T19:41:00+00:00By

Anne Neuberger, currently the cyber-security director at the National Security Agency, has been appointed to fill a newly created cyber-security position on President-elect Joe Biden’s National Security Council.

Cloud supply chain

Learning from SolarWinds: Five steps to fortify your cloud supply chain

2020-12-30T20:24:00+00:00By

For most companies, supply chain risk management traditionally focuses on managing physical third-party risks. But what the SolarWinds cyber-attack revealed is the catastrophic havoc fourth and fifth parties can also wreak in the often-ignored cloud supply chain.

Coronavirus fails

Assessing 2020: Lessons learned for the financial crime landscape

2020-12-29T21:49:00+00:00By James Thomas, International Compliance Association

This year has been one most of us would like to forget. As we look toward 2021, nevertheless, it is worth considering lessons learned over the last 12 months and (where possible) drawing on any positives that have come to light regarding the financial crime landscape.

SolarWinds

Cyber-security lessons from the SolarWinds hack

2020-12-18T15:44:00+00:00By

The lessons from the massive SolarWinds hack on where vulnerabilities still lurk in the third-party vendor supply chain cannot be grasped soon enough.

Twitter

Twitter’s tiny $547K GDPR fine leaves many scratching their heads

2020-12-15T20:19:00+00:00By

Ireland’s first major decision against a Big Tech company under the GDPR has stirred controversy as the country’s data regulator hit Twitter with an underwhelming €450,000 (U.S. $547,000) fine for a 2018 data breach.

Europe

Five challenges for European CCOs heading into 2021

2020-12-10T21:13:00+00:00By

Many of the problems European compliance officers faced in 2020 will remain in place going into the new year, but new risks and new regulations will also present new challenges.

Cyber-security

Preparation, monitoring key to combating third-party cyber-security risk

2020-12-07T17:49:00+00:00By

A spate of recent cyber-security breaches occurring via third parties is a reminder of the importance for companies to stay on top of risk management. Regulators have shown to not take kindly to finger-pointing.

Crypto

Cryptocurrency’s future: What compliance needs to know

2020-11-17T19:15:00+00:00By David Povey, International Compliance Association

Cryptocurrency is complicated, but it’s not going away anytime soon. David Povey of the ICA takes a look at what regulators are trying to do and offers tips on where compliance officers can go to study this complex topic further.

Ticketmaster

Ticketmaster UK fined $1.6M under GDPR for 2018 data breach

2020-11-13T18:18:00+00:00By

The U.K. Information Commissioner’s Office fined Ticketmaster £1.25 million (U.S. $1.6 million) for its failures relating to a 2018 data breach by a third party.

Coronavirus fails

OCC report: Banks sound, but compliance risks elevated amid pandemic

2020-11-11T19:10:00+00:00By

The U.S. banking industry is stable nearly nine months into the coronavirus pandemic, but the OCC warns of increased risks for banks seeking to comply with the Bank Secrecy Act and consumer protection and fair lending requirements.

Cyber risk

Audit committee best practices for understanding and acting on cyber-threats

2020-11-05T20:44:00+00:00By

Cyber-security risk oversight is the area with the greatest increase in audit committee disclosures in proxy statements, so you better make sure you’ve got a handle on understanding your responsibilities.

Coronavirus look ahead

New bank resiliency guidance tackles cyber-risk, pandemic planning

2020-11-02T17:45:00+00:00By

Federal banking regulators have released new operational resiliency guidance aimed to strengthen risk management around technology-based failures, cyber-incidents, pandemic outbreaks, natural disasters, and more.

Marriott

In second drastic reduction, ICO fines Marriott $23.8M

2020-10-30T19:44:00+00:00By

The Marriott GDPR fine handed down by the U.K. Information Commissioner’s Office is less than 20 percent of the original number the regulator proposed, the second time this month such a drastic reduction has taken place.

FourOptions

Choose your ending: What to do when your systems are hacked and ransom is demanded

2020-10-26T14:54:00+00:00By

What should you do if your firm is hit by ransomware? Choose your own ending to this tale about a clinic, a criminal, and coronavirus to learn the risks and rewards of each choice.

NIST

NIST guidance tackles how to integrate cyber-security with ERM

2020-10-22T15:34:00+01:00By

New guidance from NIST aims to demystify a process with which many companies across all industries have long struggled: how to seamlessly integrate cyber-security risk into an overall enterprise risk management program.

M&A activity

Best practices for M&A cyber-security due diligence in a virtual world

2020-10-15T16:12:00+01:00By

The slowdown in mergers and acquisitions in the early stages of the coronavirus pandemic in March is waning, and M&A activity is approaching pre-pandemic levels again, with cyber-security risk now the top concern.

erwin cover img

White paper: The Data Trinity: Governance, Security & Privacy

2020-10-14T07:50:00+01:00Provided by

Creating policies for data handling and accountability and driving culture change so people understand how to properly work with data are two important components of a data governance initiative, as is the technology for proactively managing data assets.

rsa 300x200

CPE Webcast: Tips to jumpstart your CMMC certification plan

2020-10-13T14:00:00+01:00Provided by

With the release of the DOD’s Cybersecurity Maturity Model Certification program in 2020, contractors are required for the first time to comply with a specific set of cybersecurity capabilities—and have that compliance certified by a third party.

Morgan Stanley

OCC fines Morgan Stanley $60M for data inventory risk failures

2020-10-08T20:51:00+01:00By

Morgan Stanley has agreed to pay $60 million as part of a settlement with the OCC for failing to adequately protect customer data when the bank decommissioned two U.S.-based wealth management data centers.

Health records

Breach costs Premera Blue Cross $6.85M; second-largest HIPAA fine

2020-09-28T21:24:00+01:00By

Premera Blue Cross has agreed to pay $6.85 million in a settlement with the U.S. Department of Health and Human Services regarding a 2014 data breach that affected the personal and health plan information of over 10.4 million people.

Nailedit1200x800

Credit to JPMorgan Chase in this week’s banking-themed naughty/nice list

2020-09-10T21:14:00+01:00By Compliance Week

JPMorgan Chase, Danske Bank, Deutsche Bank, and Bank of America all either “Nailed It” or “Failed It” this week.

EU US privacy

European Commission: No Privacy Shield replacement in sight

2020-09-04T15:57:00+01:00By

The European Commission this week warned there will be “no quick fix” to replace the now-invalidated Privacy Shield, which governed data transfers between the European Union and United Sates.

Nailedit1200x800

Credit social media giants for prepping for election chaos

2020-09-03T18:12:00+01:00By Compliance Week

Silicon Valley’s social media heavyweights deserve a nod for “war-gaming” potential misinformation scenarios in advance of November’s elections, while McDonald’s again finds itself on our “Not Lovin’ It” list.

Paul C. Dwyer

Q&A: New training takes compliance leaders on ‘non-technical’ cyber-journey

2020-08-27T16:28:00+01:00By

A new training offered by renown expert Paul C. Dwyer helps non-technical practitioners gain confidence in dealing with all aspects of cyber-security or cyber-risk.

COVID-Prep

Survey: Coronavirus revealed weaknesses in companies’ GRC, data processes

2020-08-24T14:13:00+01:00By

A recent survey from Compliance Week and Riskonnect of 261 compliance and audit professionals found that half of the respondents were not prepared for the coronavirus pandemic with an updated crisis management plan.

Uber

Uber’s former security chief charged in data breach cover-up

2020-08-21T15:01:00+01:00By

Uber’s former security chief has been charged in connection with an alleged cover-up of a 2016 data breach that compromised millions of people’s personally identifiable information.

Employee monitoring

How far is too far with employee monitoring? Barclays case could offer litmus

2020-08-20T14:54:00+01:00By

The U.K. Information Commissioner’s Office is investigating allegations that Barclays Bank had effectively been spying on employees by using an intrusive software system that monitored workers’ activity.

columnist icons - kyle

Trump’s TikTok crusade a hollow win for privacy

2020-08-19T16:44:00+01:00By

There’s no questioning the need to protect the data of U.S. citizens from China, but it’s naïve to think pressuring TikTok to take up a U.S. owner is anything more than a hollow victory given our lack of federal oversight in the area of privacy.

Carnival

Carnival discloses ransomware attack

2020-08-19T16:05:00+01:00By

Carnival Corp., already hit with a complete halt of business since April due to the coronavirus pandemic, is the latest major company to reveal the discovery of a ransomware attack.

Nailedit1200x800

McDonald’s handling of ex-CEO scandal gets compliments, criticism

2020-08-13T14:37:00+01:00By Compliance Week

A fresh podcast from the Theranos whistleblower and a new compliance association for Black practitioners get a round of applause from us this week, while a complicated case involving McDonald’s lands the company on both the “Nailed It” and “Failed It” lists.

CapitaoOneStory

OCC fines Capital One $80M over 2019 data breach

2020-08-07T17:10:00+01:00By

Capital One and Capital One Bank (USA) were fined $80 million for failing to establish sound risk management processes and internal controls related to the company’s data breach last year.

Twitter

Twitter could face up to $250M FTC fine for misuse of data

2020-08-04T15:34:00+01:00By

Twitter disclosed in a regulatory filing that it could face fines of up to $250 million by the Federal Trade Commission for misusing people’s personal information for advertising purposes.

Data money

IBM report: Average data breach cost nearly $4M in past year

2020-07-30T16:41:00+01:00By

An IBM report that examined more than 500 cyber-security breaches occurring between August 2019 and April 2020 found the average breach costs companies $3.86 million and requires nearly 300 days to identify and contain.

cybergrx300x200

CPE Webcast: Digital transformation & cyber risk: What you need to know

2020-07-28T14:00:00+01:00Provided by

Join Larry Ponemon, founder of Ponemon Institute, and Dave Stapleton, CISO of CyberGRX, as they discuss the impact digital transformation is having on cyber-security and some best practices you can implement to better protect your organization.

Nailedit1200x800

Nailed It or Failed It? Disney sends anti-hate message to Facebook

2020-07-22T18:30:00+01:00By Compliance Week

In this week’s “Nailed It or Failed It?”, Disney gets kudos for throwing its weight behind the #StopHateForProfit protest, while PG&E earns criticism after being found responsible for yet another California wildfire.