In recognizing the growing impact of third-party risks on operational resilience, the Prudential Regulation Authority (PRA) has established new regulatory requirements in the areas of third-party risk management and outsourcing. The details were published in a Supervisory Statement that has been put into effect since March 2022.
The Australian Cyber and Infrastructure Security Centre (CISC) recently announced that the Critical Infrastructure Risk Management Program (CIRMP) obligation had entered into effect. The Minister for Home Affairs, the Hon Clare O’Neil, signed the CIRMP Rules as the final part (Section 61) of the Security of Critical Infrastructure Act 2018 (SOCI Act) on 17 February 2023, effective immediately.
Nearly 93% of healthcare organizations experienced a data breach in the last three years, and most of these events could have been avoided with basic cybersecurity practices. To help healthcare entities mitigate cybersecurity risks and increase their data breach resilience, we’ve created a comprehensive healthcare cybersecurity guide optimized for the biggest security threats in the industry.
On November 30, 2022, ChatGPT quaked the digital world, sending a tremor that even rattled the cybersecurity industry. Instead of responding in panic, a more sensible approach is to begin learning how to leverage the technology to streamline your workflow and optimize your skills. In this post, we explain how ChatGPT can be used to improve your cybersecurity posture and data breach resilience.
In February 2021, UpGuard researchers discovered that 51% of analyzed Fortune 500 companies were leaking information in the metadata of public documents hosted on their websites. This discovery is a window into a broader overlooked cyber threat category, increasing the risk of data breaches in the tech industry - data leaks. Data leaks (often confused with data breaches) help hackers compress the data breach attack pathway, increasing the speed, severity, and frequency of these events.
The upcoming Digital India Act (or Digital India Bill) is expected to be India’s newest legislation and legal framework for regulating the country’s online environment and digital data protection policies. The Digital India Act will fully replace the current Information Technology Act (IT Act) of 2000 by early 2023, which has faced criticisms for its outdated policies and inadequacies in dealing with modern-day technological issues.
The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) of 2022 is a US federal law that requires all critical infrastructure entities to report any cybersecurity incidents or ransomware attacks to the Cybersecurity and Infrastructure Security Agency (CISA) within a specified timeframe.
FERPA (the Family Educational Rights and Privacy Act) is a United States federal law protecting the privacy of student education records, more specifically governing access from public entities, such as employers, public schools, and foreign governments.
The HECVAT (Higher Education Community Vendor Assessment Toolkit) was developed by the Higher Education Information Security Council (HEISC) as an initiative to help higher education institutions better protect their data, prevent the risk of data breaches, and measure the cyber risk of third-party solution providers.
A regulation is a government-enforced set of security guidelines an organization must follow to increase its cybersecurity standards. A cybersecurity framework, on the other hand, is a set of guides helping organizations improve their security posture.
