Business Cyber Risk
Analyzing the Global Impact of Cybersecurity, Law, and Business Risk
Business Cyber Risk

The Home Depot / State Attorneys General Settlement – My 1st and 2nd Thoughts

The Attorneys General of 46 states reached a $17.5 million-dollar settlement with The Home Depot, which was announced on November 24, 2020. Texas Attorney General Ken Paxton announced that this settlement was led by the Connecticut, Illinois, and Texas AGs and Texas will collect $1,777,440.00. I will have more to say about this settlement in…

Read More

ASPR Warns Ransomware Threat is Persistent, as Actors Leak More Data

“In general, maintaining anti-ransomware best practices like the 3-2-1 backup system or conducting regular vulnerability scanning to identify and address vulnerabilities will help protect your organization against future threats from other ransomware operators,” according to the alert. — Read on healthitsecurity-com.cdn.ampproject.org/c/s/healthitsecurity.com/news/amp/aspr-warns-ransomware-threat-is-persistent-as-actors-leak-more-data

Read More

Free Virtual Event: Reimagine Your Company Operating Again After a Ransomware Attack (DBU Tech Symposium)

You are invited to attend a free virtual DBU Tech Symposium on November 18 – 19, 2020. Did I mention this is both free and virtual? You have no excuse for not attending! RSVP here: https://www.dbu.edu/pages/tech-symposium/  I will be presenting on Wednesday, November 18, from 2:30 – 3:00 pm CT and the title of my…

Read More

Podcast: #DtSR Episode 410 – TPA CISO Accountability Problems

I was a guest recently on the Down the Security Rabbithole Podcast with Raf Los, James Jardine, and Brandon Dunlap for episode 410 titled TPA CISO Accountability Problems. As they described it: Because we can’t get enough of Brandon Dunlap and Shawn Tuma over here on the podcast, here we go again. Last episode Brandon…

Read More

Podcast: Unboxing a phishing email from the World Health Organization with Shawn Tuma

I was a guest recently on the “Can I Be Phished? Podcast” where we walked through analyzing an example phishing email to look for tell-tale signs of a a classic “Nigerian Prince” type of a phishing attempt. We also discussed current attack trends that we are seeing in our work as cyber incident response first…

Read More

Why did Lifespan Health face such a stiff HIPAA penalty for a stolen laptop? (publication)

Many thanks to HealthcareITNews for publishing my recent article Why did Lifespan Health face such a stiff HIPAA penalty for a stolen laptop? HHS is trying to get companies to comply with the law and, more broadly, their obligation to protect the sensitive information that people have entrusted to them. We have handled numerous cases…

Read More

With ransomware attacks increasing, cyber insurance now seen as a necessity, not a luxury (publication)

Many thanks to Security Magazine for publishing my recent article With ransomware attacks increasing, cyber insurance now seen as a necessity, not a luxury In reality, there is no “secure” — even when the best security measures are taken. When hackers want to get in and disrupt a business, they will. Companies must be resilient,…

Read More
%d bloggers like this: