Kim Peretti

About Kim Peretti

A former DOJ cybercrime prosecutor and former director of PwC's cyber forensics group, Kim delivers top of the line cyber risk management and information security counsel to her clients. As co-leader of our Privacy, Cyber & Data Strategy Team, Kim is recognized by select publications and is frequently quoted by the media.

[Read Bio]

NYDFS Revises Prescriptive FAQs on Multifactor Authentication

March 5, 2026 By Kim Peretti, Kate Hanniford, Lance Taubin, Ashley Miller and Carson Kuck

Two months after the New York Department of Financial Services (“NYDFS”) updated its Frequently Asked Questions (“FAQs”), which we wrote about here, NYDFS has released updated FAQs on multifactor authentication (“MFA”) that further clarify 23 NYCRR § 500.12. As we previously reported, the FAQs from December 2025 provided prescriptive guidance, including clarifications on technical requirements […]

Threat Actors Exploit Google’s Gemini to Accelerate Cyberattacks

March 3, 2026 By Seol Namgoong and Kim Peretti

Google Threat Intelligence Group (GTIG) recently reported that cybercriminals—in particular, state-sponsored threat actors from North Korea, Iran, China, and Russia—are misusing Gemini, Google’s large language model (LLM), to support all stages of their attack lifecycle. Specifically, GTIG observed threat actors using Gemini to code and script tasks, accelerate reconnaissance, research publicly known vulnerabilities, and enable […]

CISA Revives CIRCIA Rulemaking

March 2, 2026 By Kim Peretti, Lance Taubin and Scott Hilsen

Almost two years after seeking stakeholder input about a final rule under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), the Cybersecurity and Infrastructure Security Agency (CISA) announced that it will hold virtual town hall meetings for certain industry sectors in March and April 2026 to solicit additional input on the Notice […]

FBI Launches Operation Winter SHIELD in Effort to Advance Cyber Resilience Across Critical Sectors

February 4, 2026 By Kim Peretti, Lance Taubin and Andrew Rice

On January 28, 2026, the Federal Bureau of Investigation (FBI) announced the launch of Operation Winter SHIELD, a coordinated initiative designed to promote adoption of core defensive measures that are shown to mitigate common intrusion vectors. Operation Winter SHIELD identifies ten priority actions the FBI views as important in improving organizational cyber resilience. The FBI […]

New York Regulates Large Artificial Intelligence Models

January 21, 2026 By Kim Peretti, Jennifer Everett, Scott Hilsen, Dorian Simmons and Santi Villar

On December 19, 2025, just eight days after President Trump issued an executive order titled “Ensuring a National Policy Framework for Artificial Intelligence” to challenge burdensome state laws that regulate artificial intelligence (the “December 2025 EO”), New York Governor Kathy Hochul signed the Responsible Artificial Intelligence (“AI”) Safety and Education Act (the “RAISE Act”). The […]