Examining the Global Impact of AI + Cyber + Data + Privacy + Law = Business Risk
I am super excited to share that next week I will be headed to Charlotte, North Carolina to speak at one of my absolute favorite conferences each year — the United States’ preeminent cybersecurity conference — SecureWorld! On Wednesday, March 1, 2023, I will be leading a full day workshop for SecureWorld Plus registrants on …
Continue reading “Charlotte, NC Area Friends – Join me at SecureWorld Charlotte on March 1 & 2!”
“While this is an oversimplification of all of the requirements and nuances of the forthcoming SEC rules, the SEC’s objectives are to require companies to provide meaningful and actionable information to shareholders to better understand companies’ cyber risks and how companies are managing and responding to them. From a very high level, this can be …
Continue reading “SEC Continues to Emphasize Importance of Cybersecurity and Cyber Risk Governance”
On May 19, 2022, the U.S. Department of Justice directed prosecutors to not charge security researchers who report cybersecurity vulnerabilities in “good faith” with violations of the federal Computer Fraud and Abuse Act (CFAA). The DOJ’s press release titled Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act …
Continue reading “Feds Will Not Charge Good Faith Security Research Under the CFAA”
There are many reasons why the ongoing cyber warfare involving Russia and Ukraine increases the risk of cyberattacks against your business, but, one of the simplest explanations comes from a recent joint FBI and Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity Advisory (Destructive Malware Targeting Organizations in Ukraine) that was published on February 26, 2022: …
The U.S. Government has launched a new resource to help combat the ransomware pandemic. Below is the relevant information it has shared: The U.S. Government launched a new website to help public and private organizations defend against the rise in ransomware cases. StopRansomware.gov is a whole-of-government approach that gives one central location for ransomware resources …
Continue reading “StopRansomware.gov – the U.S. Government’s One-Stop Resource for Ransomware”
On June 8, 2021, Colonial Pipeline CEO Joseph Blount testified to a U.S. Senate committee about the recent ransomware attack on the company. While most of the attention to his testimony has been focused on the propriety of paying the roughly $4.4 million ransom payment to the DarkSide hacking group, I believe there is a …
The threat of ransomware attacks against all American businesses is so great that on June 2, 2021, the White House issued a memo to all corporate executives and business leaders with the subject “What We Urge You To Do To Protect Against The Threat of Ransomware.” This is the first time such a memo has ever been …
Many thanks to the Texas Bar Journal for publishing my recent article, Working From Home During COVID-19? Five Things You Should be Doing–But Probably Are Not–To Be More Cyber Secure, in the Cybersecurity Issue: Without an understanding of the particular organization or the unique risks it faces, it is impossible to know what is best or …
Sun Tzu taught that, when it comes to the art of cybersecurity, you must be wary of your business partners and other third parties. Why?Unless you are living under a rock, you should have heard that FireEye–perhaps the preeminent cybersecurity firm on the face of the planet–was the victim of a successful cyberattack. So were …
***URGENT MEMORANDUM*** TO: “The IT Guy” FROM: Your clients’ Incident Response Coach SUBJECT: Securing RDP Access–Changing the RDP Port Does Not Work! This Memo comes out of necessity, please take it seriously. I have now lost track of how many times over the past couple of months I have been on “scoping calls” with a …
You must be logged in to post a comment.