On March 15, 2021, the California Attorney General’s office announced that the Office of Administrative Law has approved the Attorney General’s proposed changes to the CCPA regulations. The new regulations make three general changes relating to the right to opt out of sales and one change to authorized agent requests. In addition, the Attorney General’s press release reaffirms that enforcement activities are proceeding.
In the current environment, it is wise to incorporate security into your software development lifecycle as early as possible. Historically, security checks were a pre-release gateway for a software team: if you passed, your product/service could go to production. At the same time, security checks used to require a code and environment freeze, while audit preparations led to chaos and a non-systematic approach in collecting important security documentation. All these elements led to a bottleneck for the project team. However, a long wait for security testing results is no longer an option since the typical project pace has significantly increased. Various project models suggest their own approaches for introducing security into software development.
Today, it seems like every few weeks, a new content provider launches an exclusive way to access entertainment. In the last year alone, we saw the introduction of Disney+, Peacock, HBO Max, and others. This is good news for consumers who want exclusive access to content, good news for broadcasters who can charge a premium for access, and especially good news for hackers. Yep, hackers. Streaming services are an enticing target for cybercriminals who use malicious bots to grab your customer’s account information and then sell or even use it themselves to access other services.
Business resilience programs may not generate revenue for organizations, but will most certainly create awareness, change a responsiveness culture into a preparedness culture, cut expenditure, save time and minimize reputational impact – not if, but when improbable circumstances become reality.
While password spraying results in the infiltration of many accounts every year, it’s also one of the easiest attacks for cyber-aware employees to thwart. In other words, password spraying needs to be a top consideration for any successful cybersecurity platform.
Risk professionals take note. Experts say the greatest cybersecurity risks to local governments and their "smart city" programs are emergency alert systems, video surveillance devices and traffic signals - a greater risk than breaches of open data, water consumption and gunshot detection technologies and more.
The SolarWinds hack is a strong reminder why third-party risk management is so important. Not only was SolarWinds breached, but the hack is now believed to have affected upward of 250 federal agencies and businesses. Here, we speak to Jonathan Ehret, Vice President of Strategy & Risk at RiskRecon, who believes organizations should be asking their vendors about the third-party risk management and cybersecurity policies they have in place to protect against a breach and leak of critical data.
RSS
