Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

Data Privacy or Cybersecurity: Which is More Important?

To any good lawyer, the answer is ‘both’ are important.  However, most in-house counsel know the answer is which receives the limited available budget.  Compliance budgets usually follow the greatest risks for the company.  Therefore, in Europe, where the EU’s General Data Protection Regulation is the scariest new compliance issue, it stands to reason that … Continue Reading

California Passes First Cybersecurity Law Regulating IoT Devices

California has become the first state in the US to adopt a cybersecurity law governing Internet of Things (IoT) devices, or those capable of connecting to the internet. In this rapidly growing industry, the law is a first step toward developing regulations to improve the security of IoT.  While it does require manufacturers to equip … Continue Reading

SEC Fines Yahoo $35 Million for Misleading Investors by Failing to Disclose Cybersecuity Breach

In a first of its kind, the SEC recently fined Yahoo US$35 million for failing to assess and disclose a 2014 data breach that affected over 500 million user accounts. What caused the SEC to charge Yahoo with cybersecurity-related disclosure violations?  Our colleagues Tara Swaminatha and Coates Lear have prepared an analysis of this enforcement action, including … Continue Reading

Emerging Technologies and Cybersecurity

Ann LaFrance has published an article in this month’s Cyber Security Practitioner on a recent report by the European Union Agency for Network and Information Security on cybersecurity issues in relation to emerging technologies, including: The Internet of Things (IoT) Autonomous systems (e.g., vehicles) Next-generation virtualized infrastructures (e.g., software-defined networks and 5G) Upcoming societal challenges … Continue Reading

Federal Financial Institutions Examination Council Cautions Companies Not to Over-Rely On Cyber Insurance in Lieu of Robust Security Controls

In a Joint Statement issued this week, the Federal Financial Institutions Examination Council (“FFIEC”) – which comprises the principals of the Board of Governors of the Federal Reserve System, Consumer Financial Protection Bureau, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, and State Liaison Committee – cautioned the … Continue Reading

Alternative Communications Planning and Cybersecurity Incident Response

In her fourth installment of “Cybersecurity Law” for CSO, Tara Swaminatha focuses on communications planning as part of an incident response plan (IR). Many companies are now rightfully revisiting their IR protocols to prepare themselves for future attacks. More and more regulatory requirements dictate that organizations must have a written IR plan. While an IR plan … Continue Reading

The CLOUD Act, Part 2

Our March 22, 2018 our readers were directed to a post published on our sister Anticorruption Blog which discussed the at the time proposed The CLOUD Act.  The act was signed into law as part of the Omnibus Spending Bill on March 23, 2018.  In Part 2 of her article, Ericka Johnson focuses on The … Continue Reading

Supreme Court Hears Arguments on Cloud Security

On February 27, 2018 the Supreme Court heard arguments surrounding the privacy of data stored abroad and the reach of U.S. search warrants to retrieve such data.  While the Supreme Court decides the merits of United States v. Microsoft, Congress will debate on overhauling the Stored Communications Act (“SCA”) to reflect technological advances that were … Continue Reading

SEC Emphasizes Cybersecurity as a Focus Area for the Coming Year

Last week, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations released its enforcement priorities for 2018.  Making the list for the fifth year in a row, cybersecurity was emphasized as a focus for the SEC in the coming year. In a recent post on Squire Patton Boggs’ anticorruption blog, Coates Lear, Tara Swaminath, … Continue Reading

A Week Later, Early Predictions about Meltdown and Spectre Largely Hold True

The two attacks affect nearly 90 percent of the world’s computers. Recent reports suggest that computers – personal, business, and cellular alike – are susceptible to two newly discovered major security flaws. These flaws, colloquially known as “Meltdown” and “Spectre,” could open the door for hackers to access the contents of almost any computer. Meltdown … Continue Reading

A New French Scientific Committee For Cybersecurity of Medical Device Software

The French  National Agency for Safety of Medicines and Health Products (Agence nationale de sécurité du médicament et des produits de santé or ANSM) has announced on its website in October 2017 the  creation of a  “temporary specialized scientific committee” (comité scientifique spécialisé temporaire CSST) on the cybersecurity of medical device software.… Continue Reading

“Bug Bounty” Programs – US DOJ’s Guidance

These days, organizations (including the U.S. Air Force) have been turning to third parties to help hunt for security weaknesses (under “bug bounty” programs) in company software and applications. In July 2017, the Department of Justice released guidance for a structured program (entitled, A Framework for a Vulnerability Disclosure Program for Online Systems) designed to … Continue Reading
LexBlog