IT Security & Privacy

Contributor Insight - On July 26th, the Securities and Exchange Commission (SEC) adopted long-anticipated rules that require public companies to disclose material cybersecurity incidents and their cybersecurity risk management strategy. These rules are designed to provide greater transparency and keep investors and the public informed about a company’s cybersecurity resilience and recovery efforts.

Contributor Press Release - AuditBoard today announced the availability of AuditBoard ITRM, its new IT Risk Management solution. This new offering will enable IT security and risk management professionals to manage their threat landscape, quantify IT-related risks, and improve cyber resilience — helping their organizations keep pace in a world of continuously evolving and expanding business risk.

Amid increasing concerns about the extensive collection of data by vehicles, the California Privacy Protection Agency (CPPA) has initiated a review of the privacy practices of automakers and vehicle technology companies. The CPPA's Enforcement Division is currently conducting inquiries into the data privacy policies of vehicles equipped with various features such as location sharing, web-based entertainment, smartphone integration, and cameras. The agency highlighted the critical nature of these vehicle privacy considerations, as modern vehicles act as connected computers on wheels, capable of collecting a wealth of information that may include consumers' locations, personal preferences, and details about their daily lives.

Press Release - Ostendio, Inc., a leading provider of integrated security, compliance, and risk management solutions, today announced the expansion of its Open API and Pre-configured integration capabilities, called Purposeful Integrations. Purposeful integrations enable clients to automate data collection to meet their security and compliance goals, and take action. Ostendio’s approach to platform integrations will support an organization's broader compliance and risk management activities by enabling integration to all its platform modules.

France's data protection authority, known as CNIL, has expressed concerns over the legality of biometric data collection by Sam Altman's Worldcoin project. The project, which launched recently, requires users to provide iris scans in exchange for a digital ID and, in certain countries, free cryptocurrency. While Worldcoin claims to have registered 2.1 million people in a trial period over the last two years, CNIL has raised doubts about the legality and data storage conditions surrounding this collection.

In recent months, the Akira ransomware group has emerged as a significant cybersecurity threat, causing disruptions and financial losses to a wide range of organizations worldwide. The group's tactics, specifically targeting small- to medium-sized businesses, underscore the need for increased vigilance and proactive measures to defend against such sophisticated attacks.

In a landmark decision, the Securities and Exchange Commission (SEC) has voted 3-2 to adopt new regulations that will require publicly traded companies to notify the government in the event of a cybersecurity incident and disclose details about their cybersecurity risk governance in public filings. The rules, initially proposed in 2022, aim to increase transparency around cybersecurity practices and material incidents in the corporate world.