Security News

The Irish Data Protection Commission on Tuesday slapped Facebook and WhatsApp owner Meta Platforms a fine of €17 million for a series of security lapses that occurred in violation of the European Union's GDPR laws in the region. "The DPC found that Meta Platforms failed to have in place appropriate technical and organizational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users' data, in the context of the twelve personal data breaches," the watchdog said in a press release.

The US Securities and Exchange Commission has proposed rule amendments to require publicly traded companies to report data breaches and other cybersecurity incidents within four days after they're discovered. According to newly proposed amendments to current rules, listed companies would have to provide information in periodic report filings on policies, implemented procedures, and the measures taken to identify and manage cybersecurity risks on Form 8-K. The amended rules would also instruct companies to provide updates regarding previously reported security breaches.

The study explores the extent to which organizations plan to prioritize endpoint security and management practices in order to combat the growing cyber threats facing the modern hybrid workforce. The report reveals that, despite the flood of devastating breaches and software vulnerabilities in 2021, few organizations are focused on enhancing their security posture and operational resilience.

Spirion released a guide which provides a detailed look at sensitive data breaches in 2021 derived from analysis conducted against the Identity Theft Resource Center database of publicly reported data breaches in the United States. 2021 was the most prolific year on record for data breaches, surpassing 2017's all-time high.

Imperva fellow explains why data privacy is about much more the breaches and just knowing where your data is. I could be a network firewall and say, "By protecting your network, I'm protecting your data. Therefore, I do data security." The same thing would be true of encryption or, even more specific, technologies like tokenization or pseudo-anonymization or all of these things to hide your data in certain ways, all of these are data security and trying to protect data.

ESG as a box-ticking exercise 40% of risk professionals view their organization's current ESG strategy as a box-ticking exercise, rather than driving real impact. Risk at the board level Risks that are currently top of mind at board meetings are regulatory changes and compliance, human capital, including talent management, retention and recruitment and lack of diversity within the board or management team.

Interest in specific topics within cybersecurity grew significantly. Between last year's high-profile incidents involving ransomware, supply chain attacks, the exploitation of critical systems vulnerabilities and the new focus on cryptocurrency theft, it's likely that interest in cybersecurity topics will continue to climb in 2022 and beyond.

Ransomware was the most common attack method behind third-party breaches in 2021, initiating more than one out of four incidents analyzed. Despite immense cybersecurity improvements following the onset of the COVID-19 pandemic, the healthcare industry was the most common victim of attacks caused by third parties, accounting for 33% of incidents last year.

The US Federal Communications Commission is considering imposing stricter rules requiring telecommunications carriers to report data breaches to customers and law enforcement more quickly. Chairwoman Jessica Rosenworcel drafted a document outlining the new proposal to strengthen the FCC's powers for disclosing data breaches and leaks to customers and federal agencies of "Customer proprietary network information." The updated rules, published this week, would keep the FCC in line with other federal and state data breach laws, she said.

A tally of public data breach reports so far shows that tens of millions of healthcare records have been exposed to unauthorized parties. Most of the largest data breaches result from ransomware attacks and the first ten of them account for more than half of all the healthcare records exposed in 2021.