2016, Information Security, Insurance and IT - Information Management Today

France data protection agency fines Uber 400k Euros Over 2016 Data Breach

Security Affairs

DECEMBER 23, 2018

France’s data protection agency had fined the ride-sharing company Uber with 400,000 euros ($455,000) over a 2016 data breach. The data breach suffered by Uber in 2016 exposed the personal data of some 57 million clients and drivers worldwide. SecurityAffairs – hacking, 2016 data breach). Pierluigi Paganini.

Data breaches

Data breaches Personal data Insurance Access

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Data Matters

MARCH 12, 2019

Last week, the Federal Trade Commission (“FTC”) got into the act as well, releasing two notices of proposed rulemaking (“NPRM”) on potential changes to its the Standards for Safeguarding Customer Information (“Safeguards Rule”) and Privacy of Consumer Financial Information Rule (“Privacy Rule”) under the Gramm-Leach-Bliley Act.

Privacy

Privacy IT Information Security Insurance

Insurers’ role will be critical in improving cybersecurity standards

CGI

AUGUST 31, 2016

Insurers’ role will be critical in improving cybersecurity standards. Wed, 08/31/2016 - 08:00. As the cyber liability market grows, the insurance industry may also play an increasingly important role in driving change in the cybersecurity landscape. The unique challenges of cyber risk.

Insurance

Insurance Cybersecurity Risk Marketing

Webinars

Improving the Accuracy of Generative AI Systems: A Structured Approach

MORE WEBINARS

FIN8 group used a previously undetected Sardonic backdoor in a recent attack

Security Affairs

AUGUST 25, 2021

The group has been active since 2016, it leverages known malware such as PUNCHTRACK and BADHATCH to infect PoS systems and steal payment card data. The group focuses on organizations in the insurance, retail, technology, and chemical industries in the U.S., Canada, South Africa, Puerto Rico, Panama, and Italy.

Retail

Retail Insurance Cybersecurity Phishing

New York Announces Proposed Cybersecurity Regulation to Protect Consumers and Financial Institutions

Hunton Privacy

SEPTEMBER 15, 2016

The proposed regulation requires regulated financial institutions to take various actions, including: adopting a written cybersecurity policy; establishing a cybersecurity program; designating a Chief Information Security Officer to oversee and enforce its new program and policy; and.

Cybersecurity

Cybersecurity Financial Services Insurance Information Security

Why Cybersecurity Pros Should Care About Governance

Getting Information Done

APRIL 18, 2017

Ultimately, the chief information security officer (CISO) needs to understand the information footprint across systems, determine the value/risk of loss, and protect against cyberattacks through the deployment of control activities, which are commensurate with the value/risk of these information systems.

Government

Government Cybersecurity Insurance Information governance

Court Rules Fraud Involving a Computer Is Not ‘Computer Fraud’ under Crime Protection Policy

Hunton Privacy

OCTOBER 25, 2016

On October 18, 2016, the United States Court of Appeals for the Fifth Circuit held in Apache Corp. Apache recouped a portion of the payments from its bank and attempted to recover the balance from its insurer. Apache was insured under a crime-protection insurance policy issued by Great American Insurance Company (“GAIC”).

Computer and Electronics

Computer and Electronics Insurance IT Cybersecurity

FTC Issues Guide for Businesses on Handling Data Breaches

Hunton Privacy

OCTOBER 26, 2016

On October 25, 2016, the Federal Trade Commission released a guide for businesses on how to handle and respond to data breaches (the “Guide”). The Guide also underscores the need for cyber-specific insurance to help offset potentially significant response costs.

Data breaches

Data breaches Insurance Cybersecurity Security

Eleventh Circuit Vacates FTC Data Security Order

Hunton Privacy

JUNE 8, 2018

Court of Appeals for the Eleventh Circuit vacated a 2016 Federal Trade Commission (“FTC”) order compelling LabMD to implement a “comprehensive information security program that is reasonably designed to protect the security, confidentiality, and integrity of personal information collected from or about consumers.”

Security

Security Information Security Insurance Risk

Georgia Governor Vetoes Broad-Reaching Computer Crime Bill, Highlighting Debate Around Bug Bounty Programs

Data Matters

MAY 17, 2018

SB 315 faced opposition from both private companies and information security researchers. Senate subcommittee on consumer protection, product safety, insurance, and data security to question Uber’s chief information security officer about its bug bounty program and its reported $100,000 payment to the intruders.

Systems administration

Systems administration Information Security Cybersecurity Access

How are the EU member states progressing in their implementation of the NIS Directive?

IT Governance

APRIL 10, 2019

On 6 July 2016, the EU officially adopted the NIS Directive (Directive on security of network and information systems) and gave each EU member state just under two years to implement its requirements into national law. Implementation status : Transposed, as IT Security Law. Implementation status : In progress.

Compliance

Compliance Information Security Government Insurance

French DPA Publishes a Compliance Pack Regarding Connected Vehicles

Hunton Privacy

OCTOBER 27, 2017

On October 17, 2017, the French Data Protection Authority (“CNIL”), after a consultation with multiple industry participants that was launched on March 23, 2016, published its compliance pack on connected vehicles (the “Pack”) in line with its report of October 3, 2016. 3. “IN -> OUT -> IN” scenario.

Compliance

Compliance Data collection GDPR Insurance

Prometei botnet is targeting ProxyLogon Microsoft Exchange flaws

Security Affairs

APRIL 26, 2021

A deep investigation on artifacts uploaded on VirusTotal allowed the experts to determine that the botnet may have been active at least since May 2016. Prometei has been observed to be active in systems across a variety of industries, including: Finance, Insurance, Retail, Manufacturing, Utilities, Travel, and Construction.”

Mining

Mining Retail Insurance Manufacturing

FTC Reverses ALJ Decision, Finds LabMD Liable for Unfair Data Security Practices

Hunton Privacy

AUGUST 2, 2016

On July 29, 2016, the Federal Trade Commission (“FTC”) announced that it had issued an opinion and final order concluding that LabMD, Inc. LabMD”) violated the unfairness prong of Section 5 of the FTC Act by failing to maintain reasonable security practices to protect consumers’ sensitive personal information.

Security

Security Insurance Information Security IT

Police Scotland needs to invest millions in cyber security

IT Governance

JUNE 28, 2018

Police Scotland had agreed to spend £46 million improving its computer systems in 2016 , but the plan was scrapped after a series of errors, including disagreements over the project’s timeframe and budget. Save money, because insurance agencies look favourably on organisations with Cyber Essentials certification.

Security

Security GDPR Insurance Government

Op Wocao – China-linked APT20 was able to bypass 2FA

Security Affairs

DECEMBER 23, 2019

China-linked cyber espionage group APT20 has been bypassing two-factor authentication (2FA) in recent attacks, cyber-security firm Fox-IT warns. Security experts from cyber-security firm Fox-IT warns of a new wave of attacks, tracked as Operation Wocao, carried out by China-linked cyber espionage group APT20 that has been bypassing 2FA.

Authentication

Authentication Insurance Access Government

Global Ransomware Attacks Raise Key Legal Considerations

Hunton Privacy

MAY 16, 2017

In a November 2016 blog entry , the FTC noted that “a business’ failure to secure its networks from ransomware can cause significant harm to the consumers (and employees) whose personal data is hacked. Data Security Laws. A number of U.S. As a general matter, these laws (such as Section 1798.81.5

Ransomware

Ransomware Insurance Access Information Security

New European Cyber Laws (NISD) – Do you understand the potential impact on your business?

CGI

JANUARY 22, 2016

Fri, 01/22/2016 - 04:18. This blog focuses on the new Network and Information Security Directive (NISD) which was agreed at the same time and also has significant implications for business. The likely implications will be: Organisations will need to be able to demonstrate that they have taken ‘appropriate security measures’.

Insurance

Insurance GDPR Personal data Marketing

Spotlight Podcast: Rethinking Your Third Party Cyber Risk Strategy

The Security Ledger

SEPTEMBER 11, 2019

Episode 158: How NotPetya has Insurers grappling with Systemic Cyber Risk Episode 159: Deep Fakes and Election (in)Security with ZeroFOX. That means that, for companies holding onto personally identifiable information, the cost of ignoring third party risk is growing. . Marriott acquired Starwood in 2016.)

Risk

Risk GDPR Data Privacy Personal data

OCR Enters into Record Settlement with Anthem

Hunton Privacy

OCTOBER 22, 2018

Three years ago, in February 2015, OCR opened a compliance review of Anthem, the nation’s second largest health insurer, following media reports that Anthem had suffered a significant cyberattack. million, which OCR imposed in 2016 against Advocate Health Care Network. prevent unauthorized access to ePHI.

Computer and Electronics

Computer and Electronics Passwords Data breaches Compliance

NHTSA Releases New Automobile Cybersecurity Best Practices

Hunton Privacy

OCTOBER 28, 2016

NHTSA also recommends the use of certain industry standards such as ISO 27000 series standards, and other best practices, such as the Center for Internet Security’s Critical Security Controls for Effective Cyber Defense. Comments are due on November 28, 2016.

Cybersecurity

Cybersecurity Energy and Utilities Manufacturing Insurance

HHS Announces HIPAA Settlement with UMass

Hunton Privacy

NOVEMBER 30, 2016

On November 22, 2016, the Department of Health and Human Services (“HHS”) announced a $650,000 settlement with University of Massachusetts Amherst (“UMass”), resulting from alleged violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy and Security Rules. .

Computer and Electronics

Computer and Electronics Insurance Privacy Risk

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

HL Chronicle of Data Protection

MARCH 14, 2019

It includes general, high level elements of a security program, but lacks detailed security steps. The proposed amendments follow the FTC’s receipt of public comments in 2016 regarding the Safeguards Rule as part of the FTC’s regular review cycle. Chief Information Security Officer (“CISO”). Board reporting.

Privacy

Privacy Risk Cybersecurity Information Security

Hunton & Williams Launches Cyber and Physical Security Task Force

Hunton Privacy

APRIL 8, 2016

Team helps companies devise legal strategies to enhance security and mitigate threat risk. On April 4, 2016, Hunton & Williams LLP announced the formation of a Cyber and Physical Security Task Force to assist companies in minimizing the risks and consequences of a serious security incident.

Security

Security Cybersecurity Risk Insurance

CIPL and AvePoint Release Global GDPR Readiness Report

Hunton Privacy

NOVEMBER 10, 2016

On November 9, 2016, the Centre for Information Policy Leadership (“CIPL”) at Hunton & Williams LLP and AvePoint released the results of a joint global survey launched in May 2016 concerning organizational preparedness for implementing the EU General Data Protection Regulation (“GDPR”).

GDPR

GDPR Data Privacy Compliance Privacy

Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

Data Matters

OCTOBER 8, 2020

national security interests and that third-party service providers that facilitate ransomware payments on behalf of a victim must consider and ensure compliance with OFAC regulations. December 2016: Evegeniy Mikhailovich Bogachev, creator of Cryptolocker. Since 2015, the U.S. Notable sanctions designations include.

Ransomware

Ransomware Compliance Risk Government

The Problem With the Small Business Cybersecurity Assistance Act

Security Affairs

JULY 18, 2019

In 2016, companies with fewer than 100 employees made up 33.4% It could be fairly useful to educate small business owners on the security best practices these third parties should follow in their operations — either by law or according to common sense. It’s as bipartisan a bill as the U.S. In contrast, the U.S. of the U.S.

Cybersecurity

Cybersecurity Education Government Risk

HHS Announces Settlements with Health Care System and Medical Research Institute over Potential HIPAA Violations

Hunton Privacy

MARCH 22, 2016

On March 16, 2016, and March 17, 2016, respectively, the Department of Health and Human Services (“HHS”) announced resolution agreements with North Memorial Health Care of Minnesota (“North Memorial”) and The Feinstein Institute for Medical Research (“Feinstein Institute”) over potential violations of the HIPAA Privacy Rule.

Computer and Electronics

Computer and Electronics Risk Passwords Privacy

FTC Settles with Dental Practice Software Provider over Charges of Misleading Consumers with Respect to Data Encryption

Hunton Privacy

JANUARY 13, 2016

On January 5, 2016, the Federal Trade Commission announced that dental office management software provider, Henry Schein Practice Solutions, Inc. Schein”), agreed to settle FTC charges that accused the company of falsely advertising the level of encryption it used to protect patient data.

Encryption

Encryption Insurance Data breaches Privacy

Insurance Occurrence Assurance?

Andrew Hay

JULY 26, 2018

Though the breaches are concerning, the real story is that the financial institution suing its insurance provider for refusing to fully cover the losses. According to the lawsuit, in June 2018 Everest determined both the 2016 and 2017 breaches were covered exclusively by the debit card rider, and not the $8 million C&E rider.

Insurance

Insurance Computer and Electronics Information Security Security

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

The Last Watchdog

AUGUST 15, 2019

insurance giant Beazley Worldwide reported that the average ransomware demand in 2018 was more than $116,000, a figure admittedly skewed by some very large demands. “All we know is MONEY! Tik Tak, Tik Tak, Tik Tak!” The attackers demanded $76,000, paid in Bitcoin, for a decryption key. A poll of IT pros in the U.S., The median was $10,310.

Ransomware

Ransomware Access Cybersecurity Insurance

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

Information security is not yet a science; outside of the handful of issues falling under the field of cryptography, there is no formalized system of classification. The most prepared cybersecurity programs of today will not attempt to implement a static, “out-of-the-box” solution to cyber risk. Principle 2. Principle 3.

Cybersecurity

Cybersecurity Risk Passwords Authentication

Survey Says…Cybersecurity Remains A Critical Challenge For Business

Privacy and Cybersecurity Law

MARCH 23, 2018

23% of respondents say they do not currently have a CISO or security leader. ” A prior IBM Study on the cost of data breaches found, using a sample of 419 companies in 13 countries and regions, that 47% of data breach incidents in 2016 involved a malicious or criminal attack, 25% were due to negligent employees or contractors (i.e.,

Cybersecurity

Cybersecurity Data breaches Artificial Intelligence IoT

Cybersecurity in the boardroom: 7 steps to improve cyber governance

CGI

JUNE 15, 2016

Wed, 06/15/2016 - 08:45. This flagship research surveyed 150 C-level and boardroom business leaders from the UK’s largest companies (1,000+ employees) across the commercial sectors of retail, banking, insurance, utilities and telco. Less than half of UK boardrooms are confident in the IT security advice they receive today.

Cybersecurity

Cybersecurity Government Retail Insurance

Cybersecurity in the boardroom: 7 steps to improve cyber governance

CGI

JUNE 14, 2016

Tue, 06/14/2016 - 08:00. This flagship research surveyed 150 C-level and boardroom business leaders from the UK’s largest companies (1,000+ employees) across the commercial sectors of retail, banking, insurance, utilities and telco. Less than half of UK boardrooms are confident in the IT security advice they receive today.

Cybersecurity

Cybersecurity Government Retail Insurance

The Hacker Mind Podcast: Tib3rius

ForAllSecure

JANUARY 11, 2023

Tib3rius from White Oak Security discusses his experience as a web application security pen tester, his OSCP certification, and how he’s giving back to the community with his Twitch , Youtube , and tools he's made available on GitHub. You don’t. In fact, the word “hack” simply means to take things apart.

IT

IT Security Access Education

Q&A: NIST’s new ‘Enterprise Risk Management’ guidelines push cyber risks to board level

The Last Watchdog

JUNE 1, 2020

I think the whole digital age came upon us so quickly, so easily, so pleasantly and so profitably that we simply missed the security downside at first. Most people thought since operating the system was so easy, securing the system must be simple too. Consumers chose to value convenience over security.

Risk

Risk Insurance Cybersecurity Marketing

Top Cybersecurity Startups to Watch in 2022

eSecurity Planet

JANUARY 11, 2022

Information security products , services, and professionals have never been in higher demand, making for a world of opportunities for cybersecurity startups. With evolving attack methodologies due to machine learning, quantum computing, and sophisticated nation-state hackers, security startups are receiving record funding.

Cybersecurity

Cybersecurity Cloud Compliance Analytics

France data protection agency fines Uber 400k Euros Over 2016 Data Breach

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Webinars

Trending Sources

Insurers’ role will be critical in improving cybersecurity standards

Webinars

FIN8 group used a previously undetected Sardonic backdoor in a recent attack

New York Announces Proposed Cybersecurity Regulation to Protect Consumers and Financial Institutions

Why Cybersecurity Pros Should Care About Governance

Court Rules Fraud Involving a Computer Is Not ‘Computer Fraud’ under Crime Protection Policy

FTC Issues Guide for Businesses on Handling Data Breaches

Eleventh Circuit Vacates FTC Data Security Order

Georgia Governor Vetoes Broad-Reaching Computer Crime Bill, Highlighting Debate Around Bug Bounty Programs

How are the EU member states progressing in their implementation of the NIS Directive?

French DPA Publishes a Compliance Pack Regarding Connected Vehicles

Prometei botnet is targeting ProxyLogon Microsoft Exchange flaws

FTC Reverses ALJ Decision, Finds LabMD Liable for Unfair Data Security Practices

Police Scotland needs to invest millions in cyber security

Op Wocao – China-linked APT20 was able to bypass 2FA

Global Ransomware Attacks Raise Key Legal Considerations

New European Cyber Laws (NISD) – Do you understand the potential impact on your business?

Spotlight Podcast: Rethinking Your Third Party Cyber Risk Strategy

OCR Enters into Record Settlement with Anthem

NHTSA Releases New Automobile Cybersecurity Best Practices

HHS Announces HIPAA Settlement with UMass

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

Hunton & Williams Launches Cyber and Physical Security Task Force

CIPL and AvePoint Release Global GDPR Readiness Report

Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

The Problem With the Small Business Cybersecurity Assistance Act

HHS Announces Settlements with Health Care System and Medical Research Institute over Potential HIPAA Violations

FTC Settles with Dental Practice Software Provider over Charges of Misleading Consumers with Respect to Data Encryption

Insurance Occurrence Assurance?

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Survey Says…Cybersecurity Remains A Critical Challenge For Business

Cybersecurity in the boardroom: 7 steps to improve cyber governance

Cybersecurity in the boardroom: 7 steps to improve cyber governance

The Hacker Mind Podcast: Tib3rius

Q&A: NIST’s new ‘Enterprise Risk Management’ guidelines push cyber risks to board level

Top Cybersecurity Startups to Watch in 2022

Stay Connected