In recent days, all eyes have been on the escalating tension between Iran and the US. While we wait and watch politics unfold, the Department of Homeland Security (DHS), New York’s Department of Financial Services and the Cybersecurity and Infrastructure Security Agency (CISA) have all issued notices concerning the heightened risk of an Iranian cyberattack. … Continue Reading
I was recently helping a client in Tokyo respond to a serious and sophisticated cyber breach where hackers executed a transfer of nearly US$1M out of the client’s Hong Kong bank account. In this instance, the hackers had hacked into the CEO’s cloud-based corporate e-mail account and had determined a way to create a transaction … Continue Reading
Cybersecurity awareness recently took center stage in the healthcare industry when the Department of Health and Human Services (HHS) issued comprehensive risk-prioritized cybersecurity best practices to combat top threats. HHS mapped this guidance to the National Institute of Standards and Technology (NIST) Cybersecurity Framework, cross-referencing 88 individual sub-practices for healthcare organizations of all sizes. The … Continue Reading
To any good lawyer, the answer is ‘both’ are important. However, most in-house counsel know the answer is which receives the limited available budget. Compliance budgets usually follow the greatest risks for the company. Therefore, in Europe, where the EU’s General Data Protection Regulation is the scariest new compliance issue, it stands to reason that … Continue Reading
California has become the first state in the US to adopt a cybersecurity law governing Internet of Things (IoT) devices, or those capable of connecting to the internet. In this rapidly growing industry, the law is a first step toward developing regulations to improve the security of IoT. While it does require manufacturers to equip … Continue Reading
In a first of its kind, the SEC recently fined Yahoo US$35 million for failing to assess and disclose a 2014 data breach that affected over 500 million user accounts. What caused the SEC to charge Yahoo with cybersecurity-related disclosure violations? Our colleague Coates Lear has prepared an analysis of this enforcement action, including the post-breach information relayed … Continue Reading
Ann LaFrance has published an article in this month’s Cyber Security Practitioner on a recent report by the European Union Agency for Network and Information Security on cybersecurity issues in relation to emerging technologies, including: The Internet of Things (IoT) Autonomous systems (e.g., vehicles) Next-generation virtualized infrastructures (e.g., software-defined networks and 5G) Upcoming societal challenges … Continue Reading
In a Joint Statement issued this week, the Federal Financial Institutions Examination Council (“FFIEC”) – which comprises the principals of the Board of Governors of the Federal Reserve System, Consumer Financial Protection Bureau, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, and State Liaison Committee – cautioned the … Continue Reading
In her fourth installment of “Cybersecurity Law” for CSO, Tara Swaminatha focuses on communications planning as part of an incident response plan (IR). Many companies are now rightfully revisiting their IR protocols to prepare themselves for future attacks. More and more regulatory requirements dictate that organizations must have a written IR plan. While an IR plan … Continue Reading
Our March 22, 2018 our readers were directed to a post published on our sister Anticorruption Blog which discussed the at the time proposed The CLOUD Act. The act was signed into law as part of the Omnibus Spending Bill on March 23, 2018. In Part 2 of her article, Ericka Johnson focuses on The … Continue Reading
On February 27, 2018 the Supreme Court heard arguments surrounding the privacy of data stored abroad and the reach of U.S. search warrants to retrieve such data. While the Supreme Court decides the merits of United States v. Microsoft, Congress will debate on overhauling the Stored Communications Act (“SCA”) to reflect technological advances that were … Continue Reading
Last week, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations released its enforcement priorities for 2018. Making the list for the fifth year in a row, cybersecurity was emphasized as a focus for the SEC in the coming year. In a recent post on Squire Patton Boggs’ anticorruption blog, Coates Lear and Elizabeth Weil … Continue Reading
In her second installment of “Cybersecurity Law” for CSO, Tara Swaminatha considers the most noteworthy cybersecurity and data privacy-related cases and pieces of legislation in the year ahead.… Continue Reading
The two attacks affect nearly 90 percent of the world’s computers. Recent reports suggest that computers – personal, business, and cellular alike – are susceptible to two newly discovered major security flaws. These flaws, colloquially known as “Meltdown” and “Spectre,” could open the door for hackers to access the contents of almost any computer. Meltdown … Continue Reading
The latest data privacy Alert from the Squire Patton Boggs’ Data Protection & Cybersecurity team covers news from the week of 11 December 2017.… Continue Reading
The latest data privacy Alert from the Squire Patton Boggs’ Data Protection & Cybersecurity team covers news from the week of 27 November 2017.… Continue Reading
The French National Agency for Safety of Medicines and Health Products (Agence nationale de sécurité du médicament et des produits de santé or ANSM) has announced on its website in October 2017 the creation of a “temporary specialized scientific committee” (comité scientifique spécialisé temporaire CSST) on the cybersecurity of medical device software.… Continue Reading
These days, organizations (including the U.S. Air Force) have been turning to third parties to help hunt for security weaknesses (under “bug bounty” programs) in company software and applications. In July 2017, the Department of Justice released guidance for a structured program (entitled, A Framework for a Vulnerability Disclosure Program for Online Systems) designed to … Continue Reading
