If your company creates health-related apps, the Federal Trade Commission (FTC) has set out some key considerations:
On March 24, 2022, the Department of Justice unsealed two indictments charging four Russian government employees in two hacking campaigns that targeted critical infrastructure in the energy sector. We cover these indictments in depth here. Concurrently, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Energy (DOE) jointly published a Cybersecurity Advisory (CSA) relating to the hacks.… More
The United States Department of Justice unsealed two indictments in March involving four Russian government employees who have been charged in connection with two separate hacking conspiracies targeting the global energy sector. These campaigns took place between 2012 and 2018 and affected thousands of computers, hundreds of organizations, and approximately 135 countries.
These indictments were unsealed just days after President Joe Biden publicly warned US business executives that Russia is exploring using cyberattacks as part of its offensive strategy during its continued attacks on Ukraine. … More
The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom have released a joint Cybersecurity Advisory (CSA) to warn organizations that Russia’s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity from Russian state-sponsored cyber actors or Russian-aligned cybercrime groups.
Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure,… More
Eds. Note: This post was originally published on the MassTLC Blog.
Get ready: there’s a good chance that comprehensive data privacy legislation is coming to the Commonwealth. If your business is not already compliant with the European Union’s or UK’s General Data Protection Regulation (GDPR), or the California Consumer Privacy Act (CCPA), then you might have some work to do.
Proposals for general data protection legislation are not new to Massachusetts;… More
Blog contributor Leah Rizkallah recently wrote an article for CPO Magazine, available here, about how cybersecurity is a critical risk-area for companies across industries and boards of directors must be vigilant in overseeing their companies’ cybersecurity efforts. More
The Cybersecurity & Infrastructure Security Agency (“CISA”) has just released CISA Insights: Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure, which provides proactive steps organizations can take to assess and mitigate risks from information manipulation. Malicious actors (i.e., Russia) may use tactics—such as misinformation, disinformation, and malinformation—to shape public opinion, undermine trust, and amplify division, which can lead to impacts to critical functions and services across multiple sectors. … More
Since Massachusetts becoming a trailblazer among states with the passage of privacy legislation in 2007 and subsequent regulations, Massachusetts’ own privacy laws have been passed by those of other states, most notably California. The proposed Massachusetts Information Privacy and Security Act (“MIPSA”) would bring Massachusetts back to the forefront of state regulation of privacy and data security.
The 65 page long bill would,… More
Earlier this week, the U.S. Department of Homeland Security (DHS) announced the establishment of the Cyber Safety Review Board (CSRB), as directed in President Biden’s Executive Order 14028 on Improving the Nation’s Cybersecurity. The CSRB is a public-private initiative that will bring together government and industry leaders to elevate U.S. cybersecurity.
The CSRB will review and assess significant cybersecurity events, so that government,… More
Continued Threats of Ransomware Attacks
As we reported in our 2021 Year in Preview series, we began 2021 anticipating that ransomware would be a serious threat to critical energy infrastructure. These concerns were realized in May 2021 when the Colonial Pipeline Company’s (“Colonial”) entire 5,500-mile pipeline system carrying liquid fuels was shut down due to a ransomware attack by DarkSide, a hacking group that allegedly has loose ties to the Russian government.… More