The Strengthening American Cybersecurity Act of 2022, a bill that narrowly failed to become law last year, was passed in the Senate on Tuesday, March 1 as a package of cybersecurity measures that would require operators of critical infrastructure and federal civilian agencies to report cyber incidents to the Department of Homeland Security’s Cybersecurity and […]
Search Results for: ransomware
CISA Releases Warning of Destructive Malware Targeting Ukrainian Organizations
On January 16, 2022, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) released a warning regarding destructive malware targeting Ukrainian organizations, including Ukrainian government agencies. The malware was found in multiple government, non-profit, and information technology organizations, all based in Ukraine. CISA’s warning comes on the heels of a separate targeted attack […]
EDPB Issues New Guidance for Assessing Personal Data Breaches under the EU GDPR
On Monday, 3 January 2022, the European Data Protection Board (“EDPB”) published the finalized version of its regulatory guidance entitled “Examples regarding Personal Data Breach Notification” (the “Guidelines”), following a public consultation on a draft set of guidelines in 2021. The finalized Guidelines are a practice-oriented, and case-based set of examples that leverage the experiences […]
NYDFS Issues Guidance on Multi-Factor Authentication
The New York Department of Financial Services (NYDFS) continues to refine its position regarding the importance of and requirements regarding Multi-Factor Authentication (MFA), as evidenced most recently with the release of new guidance. This new guidance is consistent with its June guidance, in which NYDFS clarified its expectation that NYDFS-regulated covered entities subject to 500.12 […]
The Cybersecurity Incident Reporting Requirements Fail in the Latest Version of the National Defense Authorization Act
On December 7, 2021, the House of Representatives passed the National Defense Authorization Act for Fiscal Year 2022 (NDAA), which notably excluded any cybersecurity incident reporting requirements. In September, the House approved a previous version of the bill that included a mandatory breach notification provision that would have required the Department of Homeland Security’s Cybersecurity […]