Ransomware

Cyber Ransoms: To Pay or Not to Pay?

Ransomware attacks are an increasingly prevalent form of cyber threat. COVID-19 has contributed to the increase in ransomware attacks, as remote workforces are increasingly dependent on email and therefore susceptible to phishing attacks. In a typical ransomware attack, the hacker encrypts key files and systems at the target organization to cripple its operations and demands…
Read More
CISA

CISA Issues Broad Cybersecurity Directive

On Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to fix several software and hardware vulnerabilities. Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk and establishes requirements for agencies to remediate any such vulnerabilities included…
Read More
Data Protection

Opinion: How the U.S. Government’s Efforts Can Improve Data Privacy and Protection in 2021

This year, cybersecurity incidents, such as data breaches, have led to the proliferation of identity theft and fraud, facilitated by a lack of digital identity verification credentials. Additionally, data privacy legislation has gained momentum at the state level and become a key area of concern for lawmakers and citizens alike. Meanwhile, artificial intelligence and blockchain…
Read More
FTC

FTC Focuses on Data Privacy and Cybersecurity as Priorities

The Federal Trade Commission (FTC) has made it clear: data privacy and cybersecurity are now a priority, and will be for years to come. In the wake of PrivacyCon 2021, the FTC’s sixth annual privacy, cybersecurity and consumer protection summit, held this summer, the FTC finally took official and sweeping action on privacy and cybersecurity. In…
Read More
House

House Passes Bills to Strengthen Telecommunications Infrastructure and Supply Chains

On Wednesday, The U.S. House of Representatives passed a slate of bipartisan bills aimed at securing U.S. telecommunications infrastructure. Concern is growing throughout the government about the risk to U.S. telecom networks from foreign adversaries, particularly from China. According to Reuters, a group of five senators recently wrote a letter urging the Federal Communications Commission…
Read More
Cybersecurity

DOJ Will Use False Claims Act to Target Cybersecurity Fraud

On October 6, Deputy Attorney General Lisa Monaco announced the launch of the US Department of Justice’s (DOJ) Civil Cyber-Fraud Initiative. The DOJ will utilize the False Claims Act (FCA) to pursue cybersecurity related fraud by government contractors and grant recipients.  The False Claims Act was enacted during the Civil War to stamp out fraud…
Read More
Ransomware

Senate Introduces Ransomware Notification Mandate 

The US Senate has introduced a bill that would require businesses with more than 50 employees to report ransomware payments within 24 hours.  (S. 2666), the “Sanction and Stop Ransomware Act of 2021,” was introduced by the Senate Homeland Security Committee and Governmental Affairs Committee and also would apply to nonprofits, state and local government…
Read More

NIST Releases New Guidance for Assessing Risk

On September 1, the National Institute of Standards and Technology (NIST) released a new report that outlines the need for determining risk priorities and outlines options for properly treating risk. NISTIR8286B; Prioritizing Cybersecurity Risk for Enterprise Risk Management describes how risk priority and response information should be added to a cybersecurity risk register (CSRR). The…
Read More
Ransomware

New Ransomware Guidance Issued

On September 21, 2021, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued new ransomware guidance, discouraging companies and citizens from paying ransoms. The Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments is the latest step taken by the Biden Administration to curb the increase in ransomware attacks. In…
Read More
NIST

Implementing the NIST Privacy Framework – Identify Function

The National Institute of Standards and Technology (NIST) Privacy Framework, published in January 2020, is quickly becoming the mainstream control set for organizations to align with when assessing their data privacy posture, developing readiness roadmaps, and maturing their privacy program. We have previously written about how the controls in the NIST Privacy can be mapped to…
Read More
Back To Top