Cyber

Legislatures across the country have enacted a variety of laws to respond to the growing threat from cyberattacks. For example, over a number of years, all states have adopted notification laws that require companies to notify individuals of certain data breaches. Other legislatures have enacted regulations that require companies to meet certain cybersecurity standards. Notably, […]

A group of Democratic lawmakers has written to the heads of four federal agencies, expressing an urgent need for the Biden administration to continue combating ransomware, pushing for “stronger coordination” between their departments to address the role of cryptocurrency in facilitating the attacks. Senators Ed Markey (D-MA) and Sheldon Whitehouse (D-RI), and Representatives Jim Langevin […]

Microsoft reports that hackers – likely acting on behalf of the government of Iran – attempted to access the Office 365 accounts of more than 250 employees of U.S. and Israeli defense technology and global maritime companies. During the attack, which began in July, hackers used high-speed “password spraying” to look for effective passwords. They […]

The Food and Drug Administration has issued Best Practices for Communicating Cybersecurity Vulnerabilities to Patients as a guide for healthcare industry stakeholders such as manufacturers and federal agencies. Its goal is to design a “communication approach” for informing patients and caregivers about security holes, in devices ranging from mobile apps to pacemakers. The guidance recommends […]

On September 20, nine Democratic senators wrote a letter to the Federal Trade Commission, requesting that it create new rules to protect consumers’ personal data and privacy. The senators played on FTC Chair Lina Khan’s aversion to Big Tech and aggressive antitrust agenda by stating that “Big Tech companies have used their unchecked access to […]

Last month, the Office of Management and Budget and the Cyber and Infrastructure Security Agency released draft guidance to implement a Zero Trust cybersecurity policy government-wide. OMB and CISA are seeking public comment on the strategical and technical guidance published in direct support of President Biden’s Executive Order on Improving the Nation’s Cybersecurity. The OMB’s […]

Bob Rohrer, director of the National Insider Threat Task Force, warns that improvements in cybersecurity defenses such as zero-trust architectures are likely to push adversaries to focus more on targeting privileged insiders. “I think it’s just as important to keep the insider threat discussion as robust as the cyber threat discussion, because they go hand […]

In Connecticut, if you adopt and maintain and comply with written cybersecurity program that contains administrative, technical and physical safeguards for the protection of personal or restricted information and that conforms to an industry recognized cybersecurity framework then you will not be subject to punitive damages in court against any cause of action founded in […]

The Middle East’s data protection regulatory landscape is complex, and continues to develop with the Kingdom of Saudi Arabia’s (KSA) newly published Personal Data Protection Law. While the PDPL contains the main features of a modern data protection law, it cannot be considered a direct analogue of the GDPR. For example, an unlawful transfer of […]

As part of a 60-day "sprint" launched in September, DHS is adding cybersecurity information sharing requirements for the transportation sector. The Coast Guard is...