Cybersecurity
Cybersecurity is the practice of protecting data, software programs, systems, and networks from digital attacks. The purpose of cybersecurity is to defend those digital assets throughout the lifecycle of a threat and/or attack. Our cybersecurity blog posts and news articles are written for compliance officers, auditors, and legal professionals. They include expert insights, opinions, training opportunities, events, whitepapers, podcasts, and webinars.
So long as cryptocurrency remains largely unregulated in the U.S. and most of the rest of the world (and even once regulations proliferate), the industry must remain aggressive in planning for attacks. FTI Consulting’s Todd Renner, Adriana Prado and Preston...
Read more
An attitude of “productivity at all costs” gave employees a heightened level of control over their app choices in the early weeks and months of Covid-19. Now they don’t want to give that up. Matt Chiodi, technical adviser and chief...
Read more
“Alexa, how many execs and board members of U.S. companies have unsecured home networks and open ports on public IP addresses?” The answer is: way too many. Experts warn that the modern attack surface has expanded, and board members’ homes...
Read more
OneTrust has confirmed it’s laid off 950 employees, or about 25 percent of its workforce, as part of a reorganization despite record quarters and increasing customer demand. Some analysts predict rough times ahead for startups in the security space. One...
Read more
Understandably, most businesses prioritize compliance when it comes to security risks. But as KnowBe4 CEO Stu Sjouwerman explains, a compliance mindset can create a false sense of security in the world of cyber threats. Compliance is an ongoing business concern,...
Read more
Proposed rules relating to incident reporting aim to improve cybersecurity in public companies, but FTI Consulting’s Jordan Rae Kelly suggests the SEC's well-intentioned requirements could have unintended consequences. The SEC recently voted in favor of a proposal that would require...
Read more
Unauthorized use of unsecured business applications presents growing danger. So-called shadow IT presents GRC teams with the need to prevent end users from taking actions that while seemingly expedient, completely undermine otherwise robust cybersecurity and data protection measures. Let’s say...
Read more
As part of its ongoing commitment to cyber threat research, Kroll’s threat intelligence team looked at hundreds of real-life cyber incidents to determine how intrusions occur. Alan Brill, senior managing director of cyber risk at Kroll, explains what they’re seeing...
Read more
With increased scrutiny from a litany of regulators, cryptocurrency exchanges and financial institutions are now required to monitor, flag and report suspected ransomware payments. Doing so calls for a range of technological capabilities and a sophisticated approach to identifying suspicious...
Read more
Compliance teams could see an uptick in cybersecurity whistleblower complaints as regulators expand protections and incentives for those reporting data breaches, vulnerabilities or other cyber-related misconduct. But cybersecurity incident reports require special handling. Here’s how to prepare for the unique...
Read more
In 2016, hackers associated with the North Korean government almost made off with $1 billion from the Bank of Bangladesh. Cyber criminals were paying attention. In this excerpt from cybersecurity expert Jon DiMaggio’s upcoming book, the author runs down how...
Read more
Data anonymization techniques that maintain a 1:1 relationship between personal info and the people to whom they relate are appropriate in certain use cases. But depending on these techniques in live production environments leaves companies—along with their users and/or employees—vulnerable...
Read more
