India's stock brokers and depository participants must now report all cyberattacks and breaches to the Securities and Exchange Board of India within six hours of detection under a mandate implementing what is likely the world's tightest breach reporting timeline requirement.
Publicly traded companies will need to beef up their cybersecurity knowledge since the the U.S. Securities and Exchange Commission is proposing rules and guidelines that would mandate more stringent oversight of cyber risk, says Roger Sels, former vice president of cyber solutions for BlackBerry.
Canada's Desjardins Group has reached an out-of-court settlement to resolve a data breach class action lawsuit. The breach, which the credit union group first disclosed in 2019, traced to a "malicious" insider who for 26 months had been selling personal details for 4.2 million active customers.
A bipartisan U.S. proposal for a national privacy law also imposes new cybersecurity regulatory mandates onto the private sector. The inclusion of a data security section in draft privacy legislation shows the Washington consensus for voluntary industry measures is wearing thin.
The European Parliament and the Council of the European Union on Friday reached a provisional agreement to set a "baseline for cybersecurity risk management measures and reporting obligations." Called NIS2, it is a modernized framework based on the EU Network and Information Security Directive.
New York state officials are investigating a data breach at Illuminate Education, maker of a widely used software platform for K-12 schools. More than 1 million current and former New York students' personal details were exposed, and some students in California, Colorado and Connecticut were also affected.
The number of organizations being breached is on the rise, according to Forrester's 2021 State of Enterprise Breaches report. Allie Mellen describes the trend as "disappointing" and discusses the misaligned expectations some organizations have about breaches, as well as other report findings.
New cyber incident reporting rules are set to come into effect in the U.S. on May 1. Banks in the country will be required to notify regulators within 36 hours after an organization suffers a qualifying "computer-security incident." What does this mean for banks, and what are the likely challenges?
The U.S. telecom carrier T-Mobile has confirmed that the Lapsus$ ransomware group has breached its internal network by compromising employee accounts. The company says hackers did not steal any sensitive customer or government information during the incident.
To answer questions about the state of their cybersecurity posture, CISOs need to have a rigorous process to measure and analyze cyber risk. Furthermore, understanding and quantifying risk levels is key to developing a bulletproof cybersecurity strategy.
In this eBook, we cover:
Why cyber risks arise and how to...
Decentralized credit-based stablecoin protocol Beanstalk was the victim of "a theft of about $76 million in non-Beanstalk user assets." The Ethereum-based protocol did not specify what those assets included, but blockchain security firm PeckShield says the total losses are likely $182 million.
New legislation mandating cyber incident reporting for critical infrastructure providers within 72 hours, and the reporting of ransom payments within 24 hours, is "groundbreaking," says former National Security Agency deputy commander Tim Kosiba, CEO of security firm bracket f.
We’re in the 4th Industrial Revolution, and it came unannounced...that's the backdrop of this 2022 study. The revolution came with smart devices, automation, cloud migration and a new streamlined ability to engage with customers and partners - along with the vulnerabilities inherent in legacy technology: the...
BlackCat, believed a rebranded version of the BlackMatter or DarkSide ransomware group, claims to have successfully targeted popular Nigerian betting platform Bet9ja, three universities - FIU, NCAT State University, AIT-Thailand, and the largest natural gas supplier in Latin America - TGS. Bet9ja, FIU, and NCAT State...
A proposed rule requiring publicly traded companies to disclose a breach within four days of deeming it material will force CISOs to determine the consequences of breaches sooner. CISOs will need to have board-level conversations within a day or two of discovering an issue to assess materiality.