European Commission proposes reinforcement of EU Cybersecurity rules

DLA Piper Privacy Matters

On 16 December 2020, the European Commission adopted a proposal for a Directive on measures for a high common level of cybersecurity across the Union (“NIS II Directive”) that revises the current Directive on Security of Network and Information Systems (“NIS Directive”).

The Race is On! Crypto Agility vs Quantum Computing. Who is ahead?

Thales eSecurity

Preparing for Data Security in the Quantum Computing Era. Each passing day brings the world closer to the exciting reality of powerful quantum computing. Weather prediction, air traffic control, urban planning, defense strategies, medical research and so much more will be affected by the new era of computing power in ways we can’t even yet predict. Quantum computing is a threat to public key infrastructure and security systems that rely on it.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Supreme Court of Pennsylvania Ruling on Common Law Duty to Protect Electronic Employee Data

Hunton Privacy

The case arose from a data breach in which criminals accessed UPMC’s computer systems and stole the personal and financial information of 62,000 current and former UPMC employees. The court held that: (1) an employer has a duty under Pennsylvania common law to use reasonable care to safeguard its employees’ sensitive personal information that it stores on Internet-accessible computer systems; and (2) Pennsylvania’s economic loss doctrine did not bar the plaintiffs’ negligence claim.

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

The Last Watchdog

With the largest concentration of cybersecurity expertise –– the “oil” — in the world, Maryland is fast changing from the Old Line State into “Cybersecurity Valley.” In addition, the state is home to 16 nationally designated cybersecurity Centers of Excellence and a state university and college system that graduates more cyber-degreed engineers than any other state. According to Cybersecurity Ventures, there will be 3.5

Maryland Court Finds Coverage for Lost Data and Slow Computers After Ransomware Attack

Hunton Privacy

State Auto Property and Casualty Insurance Company , finding coverage for a cyber attack under a non-cyber insurance policy after the insured’s server and networked computer system were damaged as a result of a ransomware attack. National Ink’s server and networked computers experienced a ransomware attack, which prevented National Ink from accessing the logos, designs and software that are stored on these servers.

According to the ABA, Lawyers are “Failing at Cybersecurity”: Cybersecurity Trends

eDiscovery Daily

In these days of increased data privacy emphasis with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), how are lawyers doing with regard to cybersecurity within their firms? According to the American Bar Association Legal Technology Resource Center’s ABA TechReport 2019, they are “failing at cybersecurity”. Articles on cloud computing , cybersecurity and websites and marketing were released free online.

The US Capitol Riot is a National Cybersecurity Emergency

Adam Levin

The rioting in the Capitol gives rise to cybersecurity issues as well as some basic concern regarding traditional modes of spying. This would include communications wiring, the planting of video, audio or network hacking devices as well as other electronic surveillance technology.

Friday the 13th is Unlucky for the City of New Orleans. Almost. Maybe.: Cybersecurity Trends

eDiscovery Daily

In Friday’s post about Norton Rose Fulbright’s 2019 Litigation Trends Annual Survey , one of the most notable trends was that 44 percent of corporate respondents identified Cybersecurity/data privacy as the most likely new source of dispute for their business on the horizon, which was more than four times the next likely sources. Cybersecurity is also a big challenge for municipalities as we saw on Friday. Cybersecurity Trends appeared first on CloudNine.

How To Build A Cybersecurity Career | What Really Matters

Cyber Info Veritas

The lack of qualified cybersecurity professionals is one of the main reasons why we are yet unable to get a handle on cybercrimes. By having more cybersecurity professionals, we can enhance security. Compounding this is the fact that most cybersecurity graduates are millennials who want to create something of their own. The survey concluded that 42 is the average age of a cybersecurity professional. CATEGORIES Professional Analysis cybersecurity career

What’s a Lawyer’s Duty When a Data Breach Occurs within the Law Firm: Cybersecurity Best Practices

eDiscovery Daily

Right inside the door, you see a handwritten notice on a big whiteboard which says: All network services are down, DO NOT turn on your computers! Finding this odd, you turn to your firm receptionist who tells you that the firm was hit with a ransomware attack overnight, and that if you turn on your computer all of your files will be immediately encrypted, subject to a bitcoin ransom.”. Electronic Discovery Security

Spotlight Podcast: At 15 Cybersecurity Awareness Month Grows with Cyber Risk

The Security Ledger

In this Spotlight Podcast, sponsored by RSA: October is Cybersecurity Awareness Month. But what does that mean in an era when concerns about cybersecurity permeate every facet of our personal and professional lives? Russ Schrader of the National Cybersecurity Alliance (NCSA) and Angel Grant of RSA join us to discuss the history of Cybersecurity. » Related Stories Spotlight Podcast: 15 Years Later Is Cybersecurity Awareness Month Working?

On Blockchain Voting

Schneier on Security

While current election systems are far from perfect, Internet- and blockchain-based voting would greatly increase the risk of undetectable, nation-scale election failures.Online voting may seem appealing: voting from a computer or smart phone may seem convenient and accessible.

An Early Recap of Privacy in 2020: A US Perspective

Data Matters

*This article was adapted from “Global Overview,” appearing in The Privacy, Data Protection and Cybersecurity Law Review (7th Ed. The CJEU did not so much as ask whether any EU member state has an oversight body to examine and judge the privacy or civil rights implications of electronic surveillance the way PCLOB and Foreign Intelligence Surveillance Court do — with full national security clearance to access the deepest secrets of signals intelligence.

Is Blockchain as Secure as People Think? Maybe Not: Cybersecurity Best Practices

eDiscovery Daily

One advantage that a lot of people have been saying about blockchain is the idea that it’s essentially “unhackable” from a cybersecurity standpoint. An attacker had somehow gained control of more than half of the network’s computing power and was using it to rewrite the transaction history. Maybe Not: Cybersecurity Best Practices appeared first on CloudNine. Blockchain Electronic Discovery Security

First Ever Multi-State Data Breach Lawsuit Targets Healthcare Provider: Cybersecurity Trends

eDiscovery Daily

The lawsuit alleges that Fort Wayne-based Medical Informatics Engineering and its subsidiary NoMoreClipboard “failed to take adequate and reasonable measures to ensure their computer systems were protected,” resulting in a 2015 breach that gave hackers access to the personal healthcare information of 3.9 The post First Ever Multi-State Data Breach Lawsuit Targets Healthcare Provider: Cybersecurity Trends appeared first on CloudNine. Electronic Discovery Privacy Security

Hong Kong Regulator Imposes New Conditions to Regulate Outsourcing Arrangements for Cloud Storage

Data Matters

The Securities and Futures Commission of Hong Kong (SFC) issued new guidance to regulate the use of external electronic data storage providers (EDSPs 1 ) by licensed firms that intend to keep (or have previously kept) records or documents required to be maintained pursuant to the statutory recordkeeping rules and anti-money-laundering regime (Regulatory Records) in an online environment. 2 Circular to Licensed Corporations – Use of external electronic data storage (October 31, 2019).

FERC Proposes to Adopt Reliability Standards Designed to Mitigate Cybersecurity Risk

Hunton Privacy

On January 18, 2018, the Federal Energy Regulatory Commission (“FERC”) issued a Notice of Proposed Rulemaking (“NOPR”) that proposes the adoption of new mandatory Reliability Standards designed to mitigate cybersecurity risk in the supply chain for electric grid-related cyber systems. 829 , which ordered the development of standards to address supply chain risk management for industrial control system hardware, software and computing and networking services.

Midterm Election Security: Why Patching Is a Critical Issue

Data Breach Today

Many of the computer devices to be used for electronic voting in November's midterm elections have unpatched older operating systems that make them vulnerable, says Darien Kindlund, a data scientist at the cybersecurity firm Insight Engines, which advises governments and others

Uber’s Response to Data Breach? Pay the Hackers to Keep Quiet About It: Cybersecurity Trends

eDiscovery Daily

According to Bloomberg, the breach occurred when two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. Pay the Hackers to Keep Quiet About It: Cybersecurity Trends appeared first on CloudNine. Electronic Discovery Privacy Security

Fund Managers Targeted in Sophisticated Cyberattacks

Data Matters

investment management firms examined did not conduct periodic risk assessments of critical systems to identify cybersecurity threats, vulnerabilities and their potential business consequences. For remote access to emails, trading systems and other electronic data containing confidential information, the authentication mechanism should utilize at least two of the following factors: what a person knows (e.g.,

Fund Managers Targeted in Sophisticated Cyberattacks

Data Matters

investment management firms examined did not conduct periodic risk assessments of critical systems to identify cybersecurity threats, vulnerabilities and their potential business consequences. For remote access to emails, trading systems and other electronic data containing confidential information, the authentication mechanism should utilize at least two of the following factors: what a person knows (e.g.,

Fired IT Guy Deleted 23 of His Ex-Employer’s AWS Servers: Cybersecurity Trends

eDiscovery Daily

When it comes to data breaches and other cybersecurity threats, many people discuss the threats from outside hackers. Needham pleaded not guilty to two charges of the Computer Misuse Act – one count of unauthorized access to computer material and one count of unauthorized modification of computer material – but was convicted in January 2019. The post Fired IT Guy Deleted 23 of His Ex-Employer’s AWS Servers: Cybersecurity Trends appeared first on CloudNine.

University, Professional Certification or Direct Experience?

Security Affairs

Would it be better a university course , a professional certification or an experience in a cybersecurity firm? Today I’d like to share a simple and personal thought about teaching models on cybersecurity. Quite often students ask me how to improve their technical skills and the most common question is: “would it be better an university course a professional certification or getting directly on the field working in a Cybersecurity company ?”. How to improve technical skills?

White House Proposes Cybersecurity Legislation

Hunton Privacy

As we reported last week , on May 12, 2011, the Obama administration announced a comprehensive cybersecurity legislative proposal in a letter to Congress. The proposal, which is the culmination of two years of work by an interagency team made up of representatives from multiple departments and agencies, aims to improve the nation’s cybersecurity and protect critical infrastructure. Cybersecurity Information Security Online Privacy Security Breach U.S.

Leaked Memo Warns of Poor Cybersecurity in White House

Adam Levin

A leaked memo from the Office of the Chief Information Security Officer (OCISO) delivered alarming news about the state of cybersecurity at the White House. Acquired and published online by Axios, the memo was included in a resignation letter from Branch Chief of White House Computer Network Defense Dimitrios Vastakis. Other former cybersecurity officials for the White House have expressed similar concerns and misgivings with the current administration’s cyber policies.

Amicus Brief on CFAA

Adam Shostack

The EFF has filed an amicus brief on the Computer Fraud and Abuse Act: Washington, D.C.—The The Electronic Frontier Foundation (EFF) and leading cybersecurity experts today urged the Supreme Court to rein in the scope of the Computer Fraud and Abuse Act (CFAA)—and protect the security research we all rely on to keep us safe—by holding that accessing computers in ways that violate terms of service (TOS) does not violate the law.

OCR and Health Care Industry Cybersecurity Task Force Publish Cybersecurity Materials

Hunton Privacy

Department of Health and Human Services’ Office for Civil Rights (“OCR”) and the Health Care Industry Cybersecurity Task Force (the “Task Force”) have published important materials addressing cybersecurity in the health care industry. The Task Force’s report notes that “health care cybersecurity is a key public health concern that needs immediate and aggressive attention” and identifies six key imperatives for the health care industry. The U.S.

Why Are Businesses Opting for Edge, AI, and IoT – and Are They Wise to Do So?

ARMA International

Edge computing is increasingly associated with at least two “trending” terms in the IT and information arenas: Internet of Things (IoT) and artificial intelligence (AI). Broadly speaking, the term refers to computing that’s done at or near the source of the data. These great distances can result in delays in computing, which can impact an organization’s capacity to optimally analyze and leverage its data.

FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals

Krebs on Security

Nevertheless, cybersecurity incident response firm Mandiant today released a list of domains and Internet addresses used by Ryuk in previous attacks throughout 2020 and up to the present day. based Sky Lakes Medical Center’s computer systems. Lawrence Health System led to computer infections at Caton-Potsdam, Messena and Gouverneur hospitals. On Monday, Oct.

Does Your Business Depend on Stronger Election Security?

Adam Levin

Add state-wide reports of technical glitches and errors with the least cyber-secure variety of voting machine (direct recording electronic voting machines have no paper trail) and Kemp’s own unsubstantiated accusations of Democratic hacking of the voter database, and it’s likely that a sizable portion of the population will view either outcome as being illegitimate. We all have a lot of catching up to do when it comes to cybersecurity.

FERC Approves NERC’s Supply Chain Risk Management Reliability Standards and Directs NERC to Expand Their Scope

Data Matters

A string of Governmental announcements have increasingly sounded the alarm about the growing cybersecurity threat facing the energy sector. Against this backdrop, it is unsurprising that energy regulators have increasingly focused their attention on cybersecurity issues. Cybersecurity Enforcement Information Security National Security Policy

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Data Matters

On December 3, 2018, twelve attorneys general (“AGs”) jointly filed a data breach lawsuit against Medical Informatics Engineering and its subsidiary, NoMoreClipboard LLC (collectively “the Company”), an electronic health records company, in federal district court in Indiana. According to the complaint, over a period of 19 days, hackers were able to infiltrate the Company’s computer systems. Cybersecurity Data Breaches Data Security Enforcement Health Privacy HIPAA

My Love for What I Do: eDiscovery Love Story

eDiscovery Daily

I once wrote an article about CAR systems back in the mid-80s – Computer Assisted (microfilm) Retrieval (good luck finding that article today) – and it seemed like the wave of the future back then. Now, because of the blog, I am forced to keep up with trends and that has paid considerable dividends in keeping me informed regarding trends in eDiscovery, cybersecurity and data privacy. Electronic Discovery Industry TrendsIt’s Valentine’s Day!

STEPS FORWARD: Math geniuses strive to make a pivotal advance — by obfuscating software code

The Last Watchdog

Related: How Multi Party Computation is disrupting encrypti on An accomplished violinist, Einstein, no doubt, appreciated the symmetry of his metaphor. Our top math geniuses point to iO as a cornerstone needed to unleash the full potential of artificially intelligent (AI) programs running across highly complex and dynamic cloud platforms, soon to be powered by quantum computers. Allen School of Computer Science & Engineering — puts us one step closer to a working iO prototype.

Today is the Day to “Master” Your Knowledge of eDiscovery in Washington DC for 2018: eDiscovery Trends

eDiscovery Daily

This year’s Washington DC event includes nearly two days of educational sessions covers topics ranging from privacy to cybersecurity to social media to cloud computing. I will be moderating a panel of eDiscovery experts that includes Mike Quartararo , Founder and Managing director of eDPM Advisory Services and author of the 2016 book Project Management in Electronic Discovery; Robert D. Electronic Discovery Industry Trends Information GovernanceIt’s here!

Amid Growing Threats, White House Dismantles Top Cybersecurity Post

Data Matters

On May 15, 2018, various media outlets reported that the Trump administration decided to eliminate the position of White House Cybersecurity Coordinator. Warner (D-VA) who called the move “mindboggling” and cybersecurity expert Bruce Schneier, who called it “a spectacularly bad idea.”. The position was established nine years ago to provide presidential engagement and Executive Branch coordination on cybersecurity. Cybersecurity National Security Policy

TA505 Cybercrime targets system integrator companies

Security Affairs

I am a computer security scientist with an intensive hacking background. I do have a MD in computer engineering and a PhD on computer security from University of Bologna. During my PhD program I worked for US Government (@ National Institute of Standards and Technology, Security Division) where I did intensive researches in Malware evasion techniques and penetration testing of electronic voting systems.

“Master” Your Knowledge of eDiscovery With This Conference in Washington DC Again This Year: eDiscovery Trends

eDiscovery Daily

This year’s Washington DC event includes nearly two days of educational sessions covers topics ranging from privacy to cybersecurity to social media to cloud computing. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data. It’s October!

Off the Record: Ransomware Threats and RM Modernization, Apple Promotes Access and Washington Denies Access

The Texas Record

The city of Atlanta was recently hit with a hacking attack that took control of much of the city’s computer network and this type of event is not a one off. Cybersecurity experts say it’s “a reason to worry,” especially for bigger cities, such as Austin, Texas. Links Access Cartoon electronic records ERMS Health Information Humor Off the Record Open Records Public Records RIM Month

STEPS FORWARD: How the Middle East led the U.S. to adopt smarter mobile security rules

The Last Watchdog

When it comes to securing mobile computing devices, the big challenge businesses have long grappled with is how to protect company assets while at the same time respecting an individual’s privacy. In May 2017, the Saudi Arabian Monetary Authority (SAMA) implemented its Cyber Security Framework mandating prescriptive measures, including a requirement to containerize data in all computing formats.

MDM 130