The National Institute of Standards and Technology (NIST) has released the second draft of its Artificial Intelligence (AI) Risk Management Framework (RMF) for comment. Comments are due by September 29, 2022.
NIST, part of...more
On July 29, 2022, the New York Department of Financial Services (NYDFS) published the pre-proposed second amendment to its Cybersecurity Regulations, 23 NYCRR 500 (Part 500), that if adopted, would likely require numerous...more
9/2/2022
/ Covered Entities ,
Cybersecurity ,
Enforcement ,
Exemptions ,
Financial Institutions ,
Financial Services Industry ,
Incident Response Plans ,
Multi-Factor Authentication ,
Notice Requirements ,
NYDFS ,
Policies and Procedures ,
Popular ,
Second Amendment ,
Third-Party Service Provider
In February 2022, Executive Order 14024 highlighted that Russia’s invasion of Ukraine threatened not only Ukraine but also the national security and foreign policy of the United States. Pursuant to this executive order, and...more
According to several recent media reports, malicious cyber actors have begun to utilize four new types of cyberattacks as part of their current destructive repertoire. The website www.databreachtoday.com noted that these new...more
On May 5, 2022, the U.S. Department of Health and Human Services (HHS) issued a report entitled “Ransomware Trends in the HPH Sector” (HHS Report) that reviewed key cybersecurity threats and trends affecting the U.S....more
Last month, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Energy (DOE) issued a joint advisory providing “information on multiple...more
4/26/2022
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Protection ,
Data Security ,
Department of Energy (DOE) ,
FBI ,
Information Sharing ,
International Trade ,
Popular ,
Russia
In the insurance industry, an “endorsement” is used to amend an insurance policy. Endorsements can be used to add items to a policy, amend policy provisions, or update an insured’s coverage. Endorsements also can be used to...more
The United States Congress recently passed legislation that includes new cybersecurity provisions requiring critical infrastructure providers to report cyber security incidents, including the payment of ransom, to the...more
Cryptocurrency has increasingly become an accepted form of financial exchange. However, it has also become a favored form of payment for cyber criminals. In an effort to deter the use of cryptocurrencies in furtherance of...more
The Federal Trade Commission (FTC) recently warned private entities to remediate any ongoing Log4j vulnerabilities present within their networks or face possible enforcement action....more
The televised “thud” of explosions in Ukraine has an ominous but deceptively distant tone. For many organizations the hostilities are closer at hand, in the form of cyberattacks that could spread beyond the Russian-Ukrainian...more
The success of ransomware attacks in 2021 has only emboldened cyber threat actors around the globe to continue these nefarious attacks on innocent victims. Ransomware attacks are only going to be growing in 2022. This...more
2/17/2022
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Protection ,
Data Security ,
Hackers ,
Phishing Scams ,
Popular ,
Ransomware
On January 11, 2022, the U.S. Department of Homeland Security’s Cyber Security and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) issued a joint...more
CISA Director Jen Easterly on Log4j: “These vulnerabilities are the most severe that I’ve seen in my career.”
On December 11, 2021, the Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the FBI...more
According to numerous government and media sources, malicious cyber actors are targeting a new “zero day” vulnerability on a massive scale. This vulnerability, referred to as “Log4j” or “Log4Shell,” has resulted in widespread...more
12/22/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Data Security ,
Hackers ,
Incident Response Plans ,
Popular ,
Risk Management ,
Software
On December 6, 2021, in the Memorandum for the Heads of Executive Departments and Agencies, the Office of Management and Budget took a more aggressive position on strengthening the nation’s cybersecurity posture. Under this...more
12/20/2021
/ Covered Entities ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
OMB ,
Popular ,
Proposed Legislation ,
Risk Management
In October, the United States Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) published new guidance for the virtual currency industry focusing on compliance with the financial industry’s obligations...more
Ransomware incidents continue to be on the rise, wreaking havoc for organizations globally. Ransomware attacks target an organization’s data or infrastructure, and, in exchange for releasing the captured data or...more
I have written multiple times about the danger of disruptionware to both Information Technology (IT) networks as well as Operational Technologies (OT) networks of victims globally. As discussed here, many different nefarious...more
A bipartisan group of 14 United States senators recently introduced proposed legislation that would require federal contractors and operators of critical infrastructure to disclose any cyber intrusion within 24 hours...more
On July 2, 2021, Kaseya Ltd., a Florida-based firm that provides software tools to thousands of primarily small and mid-sized businesses, became the latest victim of a high-profile ransomware attack. The attack is believed to...more
There have been a rash of high-profile cyberattacks in the United States recently. Some of the more visible public attacks include SolarWinds, the Microsoft Exchange attack, Accellion, the Florida Water Treatment Plant and,...more
The Department of Homeland Security (DHS) recently announced a new Security Directive requiring companies in the pipeline sector “to better identify, protect against, and respond to” cyber threats. Among other things, the...more
The year 2021 continues to reveal an alarming rise in ransomware attacks. Two of the most notable of such attacks include the ransomware attack on CNA Financial Corp., with resulting payment of $40 million in ransom, and the...more
6/17/2021
/ Coronavirus/COVID-19 ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Financial Institutions ,
Hackers ,
Healthcare ,
National Security ,
New Legislation ,
Ransomware
The National Institute of Standards and Technology, commonly referred to as NIST, recently published a new computer framework for users to consider as a cyber-framework security model — the Zero Trust Architecture Model...more