OCC

What’s the OCC Banking Regulatory Outlook for 2022?

As the year’s end approaches, the US Office of the Comptroller of the Currency (OCC), a primary US banking regulator, has published its Banking Supervision Operating Plan for 2022. As you might expect, much of the OCC’s focus is on managing the repercussions of the pandemic and the resulting economic, financial, operational, and compliance implications. The specific points it…
Read More
SolarWinds

Shareholders Seek to Hold Current and Former SolarWinds Officials Liable for Massive 2020 Security Breach

Investors filed a derivative suit claiming that the company knew about, and failed to mitigate known, existing cybersecurity risks and shortfalls prior to the security breach. In early November, pension funds and individual shareholders filed a lawsuit against SolarWinds Corporation (“SolarWinds”) as well as current and former members of the board directors. The suit comes in the…
Read More
ZTA

An Understandable Guide to Zero Trust Architecture (“ZTA”)

While cybersecurity professionals are generally nice people, and I have nothing against them, they have trust issues. Their spouse, friends, and family may not appreciate the lack of trust, but it goes a long way towards protecting the systems entrusted to them. Cybersecurity best practices are to employ a Zero Trust Architecture (“ZTA”) to the…
Read More
Cyberattacks

Congressional Cybersecurity Report Warns of Dim Outlook

Cybersecurity has become a primary focus for lawmakers, federal agencies, and the private sector. Cyberattacks have prompted official government actions in the form of Executive Orders, Operational Directives, ransomware guidance, ransomware notification legislation, and dozens of bills aimed at enhancing cybersecurity across industry sectors. A recent report by the Congressional Research Service highlights the different…
Read More
NIST

NIST Publishes Draft Security Criteria for Consumer Software

Consumer software providers will soon have the option to label their software as compliant with National Institute of Standards and Technology (NIST) standards for software security. On November 1, 2021, NIST published its initial draft of this standard in a white paper titled “DRAFT Baseline Criteria for Consumer Software Cybersecurity Labeling” (the White Paper). The…
Read More
Payments

CNIL Publishes White Paper on Digital Payments and Data Privacy

The French Data Protection Authority’s white paper discusses how companies can comply with data privacy and security obligations. The use of card, contactless, and innovative digital payment solutions has significantly increased in recent years, fueled by the immediate impacts of the ongoing COVID-19 pandemic and the longer-term growth of e-commerce and open banking. In this…
Read More
Fintech

Fintech Cybersecurity: A Plan for Innovation with Risk Mitigation

As the fintech industry rushes ahead to integrate new technologies, it’s leaving the door open for cyber attackers. The financial technology (fintech) industry is evolving at breakneck speed, driven in large part by its rapid adoption of innovative new technologies like artificial intelligence and blockchain-powered assets. By 2026, the current global fintech market is projected to…
Read More
CPPA

CPPA to Target Ad-Tracking

California is gearing up to write rules to enforce its California’s Privacy Rights Act (CPRA). Regulators, led by California Privacy Protection Agency Director Ashkan Soltani, are preparing to write rules to guide that enforcement and those rules could address the new forms of identity technologies that advertisers and publishers are currently testing. Soltani criticized email-based…
Read More
Export

BIS Finalizes the Rule Covering Cybersecurity Activities

On October 21, 2021, the Commerce Department’s Bureau of Industry and Security (“BIS”) published a rule that will restrict some exports, reexports, and other overseas transfers of equipment, software, and technology (technical know-how) that can be used for cyberattacks or surveillance. The rule, part of the Export Administration Regulations, has two components: (i) controls on…
Read More
Cybersecurity

New York DFS Issues New Cybersecurity Guidance

Under New York’s Cybersecurity Regulation, issued in 2017, any entity (a “Covered Entity”) regulated by the New York State Department of Financial Services (DFS) must maintain a risk-based cybersecurity program that protects its information systems and nonpublic data. For years, DFS has allowed Covered Entities to adopt the cybersecurity program of an affiliate. This has…
Read More
Back To Top