CyberSide Chats: Yes, you needed a cyber attorney a long time ago (with Erik Weinick)
Reducing Cybersecurity Burdens with a Customized Data Breach Workflow
Cyber incidents have surged in recent years, with attacks more than doubling since 2020 and the number of victims totaling in the hundreds of millions in 2023 alone. These incidents can cost organizations millions or even...more
Are you using VMware ESXi servers? Why should you worry? Unpatched VMware ESXi servers are actively being attacked against a two-year-old remote code execution vulnerability to deploy a new ESXiArgs ransomware. ...more
On March 15, 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the "Act"), creating new requirements for organizations operating in critical infrastructure sectors to...more
A data breach can be the result of a cyber/ransomware attack or an honest mistake. Either way, the potential impact of compromised data is huge. This impact can be financial (in the form of fines) and reputational (by...more
The Strengthening American Cybersecurity Act of 2022, a bill that narrowly failed to become law last year, was passed in the Senate on Tuesday, March 1 as a package of cybersecurity measures that would require operators of...more
The retention of prolific sensitive, personal electronic information has essentially become a responsibility inherent in the conduct of modern business. From the maintenance of medical records by a healthcare provider to the...more
Companies and consumers alike are under perpetual assault from bad actors as IoT, work from home, and cloud migration – all intended to improve productivity – have expanded the cyber attack surface. The continually evolving...more
There is little doubt that the U.S. Securities and Exchange Commission is making cybersecurity a top priority. SEC Chair Gary Gensler told a Senate committee on Tuesday, September 14, 2021 that the agency is developing a...more
Faced with the resurgence of cyberattacks in our newfound era of dependence on teleworking, our team is primed to guide you through the fraught aftermath of a cyber attack: Our team will discuss: - how to come back to the...more
Report on Patient Privacy 20, no. 11 (November 2020) - In her 14-plus years of investigating and blogging about hacking and breaches, “Dissent” has been yelled at, threatened with lawsuits and accused of being a criminal....more
We are all facing new challenges in this pandemic, including the shift to and growth of remote-work. Meanwhile, we also have to contend with the increased volume of attempted cyberattacks. Despite the distraction of the...more
The Twitter accounts of major companies and individuals were briefly taken over as part of a bitcoin scam. Former and current heads of states, global corporations, and presidential candidates had their twitter accounts...more
Ransomware attacks on municipalities were on the rise in 2019, with two-thirds of known ransomware attacks in the United States targeting governments, and the trend is expected to continue for 2020. It is important for...more
Start-up companies know that, when potential investors kick the tires, they will look carefully at the company’s business model and IP portfolio. These days, investors are also likely to look at whether the company is in...more
Second only to health care, the manufacturing industry is now one of the most frequently hacked industries (according to IBM’s 2016 Cyber Security Intelligence Index). And more importantly, automotive manufacturing was the...more
In January, we hosted an event with the Northeast Chapter of the Association of Corporate Counsel (ACC) on cyber security. Matt Field, an a cyber insurance expert, participated on the panel, and we are thrilled to offer you a...more
It is an otherwise normal day until you, the General Counsel, receive a call from the CIO: “We have a cyber-security breach. We’ve identified some unusual activity and it appears that data has been sent out through unknown...more
Cyber-attacks have become a matter of everyday reality for all businesses: regardless of industry or size, it is no longer if a data breach will happen, but when. And waiting for a breach to occur before designing and...more
This article begins by providing an overview of the duty of directors to oversee risk, including cybersecurity risk, in the cyberattack context and then outlines actions that board of directors are taking as reported by...more
Results from the SEC’s First Round of Cybersecurity Examinations - On February 3, 2015, the OCIE published a risk alert summarizing its findings from its examinations of over 100 registered investment advisers and...more
What makes data privacy law interesting for academics, challenging for lawyers, and frustrating for businesses its shape-shifting structure in the face of rapidly changing technology. The recent change in the invalidation of...more
In April 2014, the Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert announcing its first cybersecurity sweep initiative. Pursuant to that initiative,...more
As we head into the end of 2015, state legislators across the country continue to strengthen, update and, in some instances, broaden the scope of their respective state data breach notification laws. Specifically, many...more
On September 15, 2015, the Security and Exchange Commission’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert to provide additional information on the areas of focus for its second round of...more
Second Round of Cybersecurity Examinations to Begin - On September 15, 2015, the Office of Compliance Inspections and Examinations (OCIE) of the Securities and Exchange Commission (SEC) issued a Risk Alert announcing a...more