LATEST POST
The Shifting Dynamics of Cyber Insurance
With the increased threat landscape and the increasing likelihood that clients will be attacked, cyberinsurers now require more extensive assessments and increased costs to renew policies. Erik Decker, vice president and CISO of Intermountain Healthcare, outlined five critical controls that cyber insurance providers look for when assessing an organization’s eligibility for coverage: endpoint detection and […]
India Passes Digital Personal Data Protection Act
Stephen Mathias from Kochhar & Co. reports that in early August 2023, the Indian Parliament passed the Digital Personal Data Protection Act (the “Act”), bringing to a close a 5-year process to enact an omnibus data privacy law in India. The Act was ratified by the President of India and will come into effect once notified […]
SEC Cybersecurity Rule Leans on Materiality and Reasonableness
The US Securities and Exchange Commission released its final rule, effective Sept. 5, 2023, on cybersecurity risk management, strategy, governance, and incident disclosure. Investors, registrants, and other market participants should take special notice of two key terms in the regulations: “materiality” and the “reasonable investor.” Read more at Bloomberg Law.
Software Makers May Face Greater Liability in Wake of MOVEit Lawsuit
Makers of vulnerable apps that are exploited in wide-scale supply chain attacks such as the MOVEit breach need to improve software security or face steep fines and settlement fees. Read more of this article at Darkreading.com.
Cyberattack on UK IT Firm Swan Retail Affects up to 300 Retailers
A UK-based Retail Management and EPOS Solutions provider called Swan Retail was the victim of a cyberattack that has significantly disrupted about 300 retail companies. The type of attack was not disclosed. Read more of this article by DEEBA AHMED at Hackread.com.
For Customers in CloudNordic
Danish hosting firm CloudNordic was hit with a ransomware attack that shut down all systems. websites, e-mail systems, customer systems, and customers’ websites. Read more of this article at CloudNordic.
Data Breach Notification Laws
One, in the absence of any specific law or regulation the person who was hacked is not required to notify anyone, including the people whose information was accessed, that their information was compromised. That is why access to the below specific notification requirements is critically important. Two, if there is a requirement to notify people […]
Q2 2023 Threat Landscape Report: All Roads Lead to Supply Chain Infiltrations
The significant increase in supply-chain attacks has been discussed in a Q2 report by Kroll, who also noted a significant increase in email compromises. Read more of this article Kroll.com.