On February 7, 2020, the California Office of the Attorney General released Modified Regulations to the California Consumer Privacy Act (“CCPA”). The Modified Regulations update the Initial Proposed Regulations, which were previously published on October 11, 2019. The deadline to submit written comments is February 24, 2020 at 5:00 pm PST. We will follow up […]
Cyber Risk
NIST Publishes Privacy Framework Version 1.0
On January 16, 2020, the National Institute of Standards and Technology (“NIST”) published Version 1.0 of its Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management (“Privacy Framework”). A draft version was initially published for public comment on September 6, 2019. The new Privacy Framework is designed to support organizations in building customer’s […]
Warning: Iranian Cyber Response Possible Against Private Industry
After Friday’s announcement of the killing of Major General Qassem Soleimani, a leader of Iran’s Quds Force, several regulators have put industry on high alert of the increased potential for cyber-attack. Iran has a known history of launching cyber-attacks against US industry, and regulators warn industry to prepare for a possible rise in cyber-attacks. The […]
Treasury Announces Sanctions Against Cybercriminal Group Behind ‘Dridex’ Malware, Offering Mitigation Strategies for Businesses
On December 5, 2019, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) issued sanctions against Evil Corp, a Russian cybercriminal organization that is known for distributing the Dridex malware. Dridex is a banking trojan that has been used to target financial institutions across the globe and has resulted in more than $100 million […]
Critical Audit Matters Disclosure Implicates Information Technology and Security
As independent auditors to public companies and business development companies begin to make required disclosure of Critical Audit Matters (CAMs) to the audit committee, such reports are beginning to include discussion of information security programs and information technology controls. Independent auditors have treated material weaknesses in certain information technology controls as material weaknesses in internal […]