Higher education institutions are a growing target for cybercriminals due to the high volume of sensitive information and data they collect and use. From enrollment to matriculation, colleges and universities utilize student data for everything from financial aid packages to determining eligibility for coursework. According to a report by Check Point Research, the education sector (specifically higher education) has experienced significantly more cyber attacks than any other industry in recent years.

The EU Cyber Diplomacy Toolbox is a framework developed by the European Union to enhance its ability to prevent, deter, and respond to malicious cyber activities that may threaten its external security. The European Commission adopted the Toolbox in 2017 as part of the EU's broader strategy to promote a global, open, stable, and secure cyberspace.

The Utah State government passed the Utah Consumer Privacy Act (UCPA) in March 2022, scheduling the law to go into effect on December 31, 2023. Utah is the fourth state in the United States to pass a state privacy law. Compared to preceding US privacy laws, such as the California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VCDPA), and Colorado Privacy Act (CPA), the UCPA has a narrower scope, making the law more friendly to businesses and data controllers.

There’s one major between organizations that fall victim to a data breach and those that don’t - attack surface awareness. Even between those who have implemented an attack surface management solution and those who haven’t, the more successful the cybersecurity programs more likely to defend against a greater scope of cyber threats are those with greater attack surface visibility.

In January 2023, the European Commission (EC) released an updated version of the European Union (EU) Network and Information Security Directive (NIS2) to strengthen cybersecurity risk management across Europe’s essential services. NIS2 updates the original NIS directive and focuses more on regulations for cloud infrastructure, internet exchanges, domain service providers, and digital service providers.

The Critical Entities Resilience (CER) Directive is a new initiative in the EU that aims to ensure that critical entities providing essential services are effectively managing their network and information security. The CER Directive is part of the EU’s latest effort to build stronger cyber resilience across Europe, alongside NIS2 and the EU Cyber Resilience Act.

The Connecticut State Government signed the Connecticut Data Privacy Act (CTDPA) into law on May 10, 2022, and the law became effective on July 1, 2023. The CTDPA joins the ranks of other US state privacy laws, like the California Consumer Privacy Act (CCPA) and the Colorado Privacy Act, providing Connecticut consumers with robust data privacy rights and protections.

The Oregon State Government passed Senate Bill 619, also known as the Oregon Consumer Privacy Act (OCPA), in July 2023. The OCPA will become effective on July 1, 2024, the same day the Texas Data Privacy and Security Act will also impose obligations on data controllers and processors. Oregon’s privacy legislation follows the structure of several other US data privacy laws, including the Colorado Privacy Act, the Virginia Consumer Data Protection Act, and the Montana Consumer Privacy Act.

The EU Digital Single Market Strategy (DSM Strategy) is a comprehensive initiative launched by the European Union to enhance Europe’s digital economy and maximise its growth potential across member states. The strategy includes evolving policies and specific initiatives aimed at the digitalisation of the European Union and adapting it to the rapidly changing digital ecosystem.

Vendor risk assessments are critical for any organization that relies on third-party vendors. Third-party risk can negatively affect an organization’s security, compliance, and performance, resulting in devasting security breaches or disruptions in its supply chain that halt business operations. Organizations use vendor risk assessments to evaluate and manage third-party vendor risks associated with outsourcing business operations or procuring goods from external suppliers.