The European Parliament and the Council of the European Union on Friday reached a provisional agreement to set a "baseline for cybersecurity risk management measures and reporting obligations." Called NIS2, it is a modernized framework based on the EU Network and Information Security Directive.
CERT-In has mandated that starting June 28, both government and private organizations in the country must inform the agency within six hours of discovering a cybersecurity incident. What do CISOs feel about this, and how are they planning to approach this new requirement?
New York state officials are investigating a data breach at Illuminate Education, maker of a widely used software platform for K-12 schools. More than 1 million current and former New York students' personal details were exposed, and some students in California, Colorado and Connecticut were also affected.
The number of organizations being breached is on the rise, according to Forrester's 2021 State of Enterprise Breaches report. Allie Mellen describes the trend as "disappointing" and discusses the misaligned expectations some organizations have about breaches, as well as other report findings.
New cyber incident reporting rules are set to come into effect in the U.S. on May 1. Banks in the country will be required to notify regulators within 36 hours after an organization suffers a qualifying "computer-security incident." What does this mean for banks, and what are the likely challenges?
Half of the 10 largest health data breaches so far in 2022 - affecting millions of individuals - have been added to the federal tally in just the last month as the latest wave of major hacking incidents being reported to regulators continues to grow.
To answer questions about the state of their cybersecurity posture, CISOs need to have a rigorous process to measure and analyze cyber risk. Furthermore, understanding and quantifying risk levels is key to developing a bulletproof cybersecurity strategy.
In this eBook, we cover:
Why cyber risks arise and how to...
New legislation mandating cyber incident reporting for critical infrastructure providers within 72 hours, and the reporting of ransom payments within 24 hours, is "groundbreaking," says former National Security Agency deputy commander Tim Kosiba, CEO of security firm bracket f.
We’re in the 4th Industrial Revolution, and it came unannounced...that's the backdrop of this 2022 study. The revolution came with smart devices, automation, cloud migration and a new streamlined ability to engage with customers and partners - along with the vulnerabilities inherent in legacy technology: the...
A proposed rule requiring publicly traded companies to disclose a breach within four days of deeming it material will force CISOs to determine the consequences of breaches sooner. CISOs will need to have board-level conversations within a day or two of discovering an issue to assess materiality.
In the latest "Proof of Concept," Lisa Sotto, partner and chair of the global privacy and cybersecurity practice at Hunton Andrews Kurth LLP and David Pollino, former CISO at PNC Bank, join Information Security Media Group editors to discuss U.S. regulatory trends and supply chain risk management.
The disruption of tens of thousands of Viasat consumer broadband modems across central Europe on Feb. 24 when Russia invaded Ukraine may have involved "AcidRain" wiper malware, security researchers at SentinelOne report. Viasat says those findings are "consistent" with the known facts of the attack.
Days after the recent Okta data breach, parts of a security report, allegedly created by Mandiant, were leaked, giving the breach timeline and how the threat group gained access to Okta's environment. Security experts, including an Okta customer, discuss the report, supply chain risks and redress.
Life comes at you fast, especially when you're a breached business such as Okta, which may have exposed customer data or otherwise put the businesses paying for your product at risk. Here's how after detecting the breach, Okta fumbled its response, and what others should learn from this experience.
The latest edition of the ISMG Security Report reviews the latest cyber resilience "call to action" from the White House and also explores authentication provider Okta's failure to inform hundreds of customers in a timely manner that their data could have been stolen by the Lapsus$ group.