In 2024, human error continues to be the number one cause of data breaches, leaks and compliance fines in the enterprise. Despite organizations consistently investing in cybersecurity awareness training, something is going amiss: employees aren’t learning.  For CISOs and their teams, the fallout of ineffective training programs can be severe. Many training initiatives are expensive, […]

On March 29, 2024, the California Privacy Rights Act (CPRA) will come into effect, marking a new era of data privacy requirements for businesses operating in California.  The CPRA aligns California’s data privacy regulations more closely with the European Union’s General Data Protection Regulation (GDPR), putting stringent expectations on companies regarding how they collect, use, […]

Medium and large organizations that operate in the European Union (EU) have just months to comply with NIS2, the EU’s latest and most stringent piece of cybersecurity legislation yet.  Here, we’ll explore how data loss prevention (DLP) can help businesses meet NIS2 compliance requirements before the October deadline.  Key focus areas of NIS2 NIS2’s requirements […]

Telecommunications and media giant Verizon suffered a data breach impacting over 60,000 employees after one employee gained unauthorized access to sensitive files containing personally identifiable information.  How did the Verizon data breach happen? According to a data breach notification shared with the Office of the Maine Attorney General, a Verizon employee “inappropriately handled” a file […]

The National Institute of Standards and Technology (NIST) has released the latest iteration of its renowned Cybersecurity Framework (CSF), designed to help organizations mitigate cybersecurity risk.  The new CIST CSF 2.0 is aimed at organizations of all sizes in all sectors. What’s new in the NIST CSF 2.0?  NIST initially released the CSF in 2014 […]

If you’re considering banning ChatGPT in the workplace, you’re not alone. Samsung, Apple, and Goldman Sachs have publicly announced that they’ve prohibited ChatGPT use in their organizations. However, according to recent research from Glassdoor, 80% of employees are against their companies banning ChatGPT. It’s easy to see why. As McKinsey data shows, generative AI has […]

Organizations operating in the European Union (EU) must make important security strides in the next few months because the second iteration of the Network and Information Security directive (NIS2) will become part of law across EU member states in October.  NIS2 introduces stringent cybersecurity requirements for medium and large-sized organizations in certain sectors that operate […]

On December 26, 2023, the department of defense (DoD) announced the proposed rule for CMMC 2.0, which is open for comments until February 26, 2024.   If you’re an organization that works with the DoD, it’s time to start preparing for CMMC 2.0 compliance.  What is the difference between CMMC 1.0 and CMMC 2.0? In 2020, […]

In January 2024, a security researcher uncovered a colossal database comprising 26 billion leaked records pertaining to millions, possible billions, of individuals. The breach is thought to be the largest in history and is being called the “mother of all breaches.” What happened & who is impacted in the massive leak? Security researcher Bob Diachenko […]

As the cost of data breaches rises year over year, many organizations look to cyber insurance to protect themselves from potential losses. Even in supplier contracts, more companies are now making cyber insurance a prerequisite to do business.  However, cyber insurance is costly. Five years ago, obtaining coverage was easy and relatively cheap. But, today’s […]

Microsoft has revealed that Russian state-sponsored threat actors successfully breached its corporate email system, stealing sensitive email attachments and messages from the senior leadership team.  This was not a sophisticated attack based on zero days or vulnerability exploits. The attackers leveraged simple cloud misconfigurations and poor password management practices to breach the company.  All companies […]