The healthcare industry possesses the crown jewels that the bulk of attackers are after: Personally Identifiable Information (PII). Data has become the new currency in the digital underground, consisting primarily of social security numbers, credit card information, health information, and passwords.

As COVID-19 continues to spread worldwide, not only disrupting health and life but also business continuity up and down the supply chain, economic and cyber risk have taken on pandemic proportions, as well. Many enterprises are struggling just to keep essential services functioning as they send employees home to work with new, hastily procured technologies. At the same time, they’re battling a surge in cybercrime by threat actors seeking to take advantage of the chaos.

On May 29, 2019, the governor of Nevada signed into law Senate Bill 220, a new consumer privacy law. The new privacy law amended Nevada’s existing 2017 online privacy law. Effective October 1, 2019, the new privacy gives consumers the right to opt-out of the sale of their personal information.

In today’s constantly evolving cybersecurity threat landscape, you have to do everything possible and then some to protect your critical data assets. Performing a vulnerability assessment and implementing a vulnerability management program can help your organization effectively deal with cybersecurity vulnerabilities. However, it’s important to understand the difference between vulnerability assessment and vulnerability management.

COVID-19 has us reeling from health, social, and economic shocks, but this isn’t our first global crisis. It is, however, the first in which cybercrime plays a starring role. The world has faced several pandemics in the past 100 years—several influenza pandemics including swine flu (H1N1) and Avian, or bird, flu, and HIV/AIDS—as well as economic depression and a number of recessions.

An FCPA compliance program checklist outlines the things an American company needs to check when it wants to do business in a foreign country to ensure it follows the guidelines of the U.S Foreign Corrupt Practices Act (FCPA) of 1977. The FCPA is a federal law that aims to prevent all U.S. companies and their officers, directors, employees, and agents from making corrupt payments to foreign government officials to retain or obtain business.

Cyber attacks, misconfiguration, and data leaks are more common than ever before, as are cybercriminals. Our news cycle is full of first and third-party data breaches that expose the protected health information (PHI) and personally identifiable information (PII) of thousands or even hundreds of millions of people. Not only are data breaches more common, but they're also more costly. The average cost of a data breach is now nearly $4 million globally.

The average cost of a data breach is now nearly $4 million, and the unfortunate truth is third-parties are a significant source of cyber risk. These increasing costs are why cybersecurity vendor risk management (VRM) is a top priority for CISOs, Vice Presidents of Security, and other members of senior management, even at the Board level. In addition to financial costs, regulatory and reputational costs are increasing.

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37 revision 2 is a Risk Management Framework for Information Systems and Organizations: A System Lifecycle Approach for Security and Privacy. NIST SP 800-37 rev 2 was published in December of 2018 and describes the Risk Management Framework (RMF) and guidelines on how to apply RMF to information systems.