The European Union (EU) General Data Protection Regulation (GDPR) turns five this year. While the law spawned many imitators, most notably the California Consumer Privacy Act (CCPA), the GDPR remains the world’s most comprehensive, far-reaching data privacy law to date. It gave European citizens a wide swath of new data privacy rights, while placing significant new data governance responsibilities on organizations.

In today's hyper-connected world, most of us now take care of our daily tasks with the help of digital tools, which includes online banking. Whether we're reviewing our account balances, transferring money, applying for payment cards, or simply paying our bills, banking has become more digital, and requires financial firms to adapt to this new world of transacting business. This adaptation has seen EU-based financial firms adopting and relying more heavily on cloud services.

Security Information and Event Management (SIEM) systems are essential for protecting IBM AS400 systems in the financial industry. These systems are designed to collect, analyze and correlate log data from various sources, including servers, network devices, and applications, to identify security threats and compliance violations.

The California Privacy Rights Act (CPRA) is a privacy law that was passed in California in 2020. It strengthens the security standards of the California Consumer Privacy Act (CCPA), making California's consumer privacy laws more aligned with the General Data Protection Regulation (GDPR). The CCPA gives California residents the right to know what personal data is being collected by companies and whether it will be sold or disclosed to other parties.

The financial services industry has been a threat actor target since before digital transformation was even a term. Further, the financial services organizations find themselves continuously under scrutiny. As members of a highly regulated industry, these companies need to comply with various laws to ensure that they effectively protect sensitive data.

Regulatory demands now make an SBOM an essential in any organization. The Biden Administration released a memo in September 2022 that directs federal agencies to adopt guidelines from the National Institute of Standards and Technology (NIST) for securing software used by the federal government and attest to its security.

‍ Without a doubt, data privacy will be a much bigger focus for small- and medium-sized businesses in 2023, as the U.S. states of California, Colorado, Connecticut, Utah, and Virginia all enact stricter privacy legislation. Similarly, the Canadian province of Quebec is also in the process of updating its data privacy laws.

Governments, businesses, and society depend on reliable, functioning information and communication technology. However, increased severity of ransomware attacks and vulnerabilities in computer chips undermine these infrastructures. Further, as people adopt Internet of Things (IoT) devices, their inherent lack of security and ability to be aggregated into large, malicious bot networks increases these risks.

Almost every day we hear of another data breach. There has been no shortage of headline-hitting breaches here in Australia, such as Medibank and Optus. The old-school method of ransomware encrypting any data it has access to and requesting a ransom for the decryption key to restore data has evolved. It is now a more insidious and far-reaching problem involving bad actors exfiltrating data and requesting a ransom to keep from exposing that data publicly.