LATEST POST
SEC Cybersecurity Rule Leans on Materiality and Reasonableness
The US Securities and Exchange Commission released its final rule, effective Sept. 5, 2023, on cybersecurity risk management, strategy, governance, and incident disclosure. Investors, registrants, and other market participants should take special notice of two key terms in the regulations: “materiality” and the “reasonable investor.” Read more at Bloomberg Law.
Software Makers May Face Greater Liability in Wake of MOVEit Lawsuit
Makers of vulnerable apps that are exploited in wide-scale supply chain attacks such as the MOVEit breach need to improve software security or face steep fines and settlement fees. Read more of this article at Darkreading.com.
Cyberattack on UK IT Firm Swan Retail Affects up to 300 Retailers
A UK-based Retail Management and EPOS Solutions provider called Swan Retail was the victim of a cyberattack that has significantly disrupted about 300 retail companies. The type of attack was not disclosed. Read more of this article by DEEBA AHMED at Hackread.com.
For Customers in CloudNordic
Danish hosting firm CloudNordic was hit with a ransomware attack that shut down all systems. websites, e-mail systems, customer systems, and customers’ websites. Read more of this article at CloudNordic.
Data Breach Notification Laws
One, in the absence of any specific law or regulation the person who was hacked is not required to notify anyone, including the people whose information was accessed, that their information was compromised. That is why access to the below specific notification requirements is critically important. Two, if there is a requirement to notify people […]
Vendors to be(a)ware of
After it has been determined that a breach has taken place, there are various tasks that need to be done that are usually not in the sweet spot of the person that has been breached. Several vendors pretend they have a vertically integrated, one stop shop, solution. They don’t. They use third-party vendors who hide […]
Etiology of a Breach
Most data breaches involve some level of victim human error, which theoretically employee training can address. Human error can take the form of clicking on a link, where the email address of the sender is unknown to the person clicking on the link. Malware then enters the scene. Another common human error scenario involves phishing […]
Q2 2023 Threat Landscape Report: All Roads Lead to Supply Chain Infiltrations
The significant increase in supply-chain attacks has been discussed in a Q2 report by Kroll, who also noted a significant increase in email compromises. Read more of this article Kroll.com.