No Password Required: SVP at SpyCloud Labs, Former Army Investigator, and Current Breakfast Champion
Fintech Focus Podcast | Responding to a Cyber Attack – Key Considerations for GCs and CISOs
On-Demand Webinar: Bring Predictability and Reduce the Spiraling Cost of Cyber Incident Response
Episode 334 -- District Court Dismisses Bulk of SEC Claims Against Solarwinds
The Justice Insiders Podcast - Human Beings: Cybersecurity's Most Fragile Attack Surface
FBI Lockbit Takedown: What Does It Mean for Your Company?
Privacy Officer's Roadmap: Data Breach and Ransomware Defense – Speaking of Litigation Video Podcast
Decoding Cyber Threats: Protecting Critical Infrastructure in a Digital World — Regulatory Oversight Podcast
No Password Required: Chief Adversarial Officer at Secure Yeti, a DEF CON Groups Global Ambassador, and a World-Class Awkward Hugger
2023 DSIR Deeper Dive: How International and Domestic Regulatory Enforcement Spotlights the Information Governance Tensions Between ‘There’ and ‘Here’ and Between ‘Keep’ and ‘Delete’
Marketing Minute with NP Strategy (Video): How to Respond to a Cyber Security Breach
Life With GDPR – Lessons Learned from The Singtel Opus Data Breach
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
2023 DSIR Deeper Dive: State Privacy and Data Collection
Digital Planning Podcast Episode: When Cyber Attacks Hit Home
No Password Required: Threat Intelligence Analyst at Recorded Future, the Ransomware Sommelier, and a Guy With a Mildly Exciting Expense Account
Compliance & Disaster Preparedness
Taking the Pulse, A Health Care and Life Sciences Video Podcast | Episode 157: Sarah Glover, Maynard Nexsen Cybersecurity Attorney
Overview of Cybersecurity in Government Contracts
Episode 282 -- CISO and CCOs -- The Evolving Partnership
The Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Tuesday, March 11, 2025, that the Multi-State Information Sharing and Analysis Center (MS-ISAC) will lose its federal funding and cooperative agreement...more
In the July 2024 King’s Speech, the UK government announced its intention to introduce a Cyber Security and Resilience Bill (the “Bill”) to improve the UK’s cyber defenses and protect essential public services. The...more
If you are a customer of CrowdStrike, you are working on recovering from the outage that occurred on July 19, 2024. As if that isn’t enough disruption, CrowdStrike is warning customers that threat actors are taking advantage...more
Why does it matter to you? In February of 2024, Change Healthcare, a prominent player in the healthcare industry, fell victim to a ransomware attack that sent shockwaves through its systems and networks. The incident...more
The U.S. Department of Health and Human Services (“HHS”) has expanded upon its recent Healthcare Sector Cybersecurity Concept Paper (which we covered in a prior blog post), issuing cybersecurity performance goals (“CPGs”) for...more
In October 2023, the Transportation Security Administration (TSA) updated three of its cybersecurity directives regulating passenger and freight railroad carriers. The following security directives have been renewed for one...more
In the 1970’s, a series of tests of community water systems across the country led to some disturbing findings; varied standards of water containment, transmission, and handling were resulting in substantial health risks to...more
On July 25, Missouri, Arkansas, and Iowa (the states), along with intervenors American Water Works Association and National Rural Water Association (the water associations), petitioned the Eighth Circuit to review the U.S....more
Cybersecurity research agencies around the world are warning organizations using VMware ESXi servers to patch an almost two (2) year old vulnerability to prevent being compromised by threat actors in the "ESXiArgs" ransomware...more
The rise of cyberattacks has led to a significant increase in the demand for cyber insurance policies. However, the insurance industry is struggling to keep pace with the ever-evolving threat landscape, which has resulted in...more
Over the past several years, the energy sector has become a prime target for hacking and ransomware attacks, with over 40 attacks on the industry since 2017. Cyber attacks have only continued to rise, with a record high of...more
EPA Aims to Mitigate Risk of Cyberattack on Public Water Systems On March 3, 2023, the U.S. Environmental Protection Agency (EPA) issued its Memorandum Addressing Public Water System (PWS) Cybersecurity in Sanitary Surveys or...more
At its open monthly meeting on March 16, 2023, the Federal Energy Regulatory Commission (FERC) approved a new cybersecurity standard proposed by the North American Electric Reliability Corporation (NERC) to address the supply...more
The FBI and the Cybersecurity & Infrastructure Security Agency have been warning the healthcare sector for years about vulnerabilities and ransomware gangs targeting those vulnerabilities. With millions of records -- and...more
What is in store for Privacy and Cybersecurity in 2023 - As the year ends, we offer this special edition with predictions for 2023 from each member of the Cyber Bits Partner Committee. Regardless of what happens in 2023, we...more
In its continued efforts to enhance the cybersecurity of transportation and other critical infrastructure systems across the country, the Transportation Security Administration (TSA) issued on October 19, 2022 a new security...more
On March 15, 2021, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), which will require critical infrastructure owners and operators (among other things) to report...more
Editor’s Note: On August 31, 2022, HaystackID shared an educational webcast on the topic of data mining in data breach incident response. As data mining has increasingly become one of the largest expenses during a cyber...more
Following significant collaboration with the industry, the Transportation Security Administration (TSA) issued a revised directive, effective July 27, 2022, which updates one of the prior directives issued in the wake of a...more
The frequency and severity of cyber incidents, particularly ransomware attacks targeting businesses and critical infrastructure organizations, have been on the increase and are unlikely to subside anytime soon. Higher claim...more
The Cybersecurity and Infrastructure Security Agency (“CISA”) released a “Sharing Cyber Event Information” Fact Sheet on April 7 that may preview its implementation of the new federal government cyber incident reporting...more
Earlier this month, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act. The purpose of the Act is to facilitate the hardening of the defenses of key U.S. infrastructure against cyber...more
As we begin to better understand the main components of the Infrastructure Investment and Jobs Act that the US Senate is working to pass this week, it is clear that public-private partnerships ("P3s") are a favored funding...more
CYBERSECURITY - Second Security Directive Issued by TSA to Pipeline Operators - The U.S. Transportation Security Administration (TSA) issued its second Security Directive to the pipeline industry on July 20, 2021,...more
The U.S. Transportation Security Administration (TSA) issued its second Security Directive to the pipeline industry on July 20, 2021, following the Colonial Pipeline cybersecurity incident. ...more