As the European Cyber Resilience Act (CRA)'s enforcement date approaches (October 2026), cybersecurity requirements on manufacturers, developers, and service providers responsible for software and hardware connected to the internet will need to start thinking - if they haven't already -about what they need to do to comply. It may seem like a long time off, but the earlier you start, the better...

Escalating tensions in the Kashmiri conflict between India and Pakistan illustrate a point the Indian government has been driving home for years; it is time to double-down on securing India's critical financial services.As the cornerstone of the nation's stability, the Banking, Financial Services, and Insurance (BFSI) sector was the focus of India's first Digital Threat Report 2024, and offers a ...

India's Digital Personal Data Protection (DPDP) Act, 2023 is a turning point in how personal data is regulated, managed, and protected across the country. As every industry becomes more digital, this law makes it clear who owns data and who must protect it.The Act introduces a legal imperative and an operational opportunity for SOC managers, CISOs, DPOs, and IT security teams to revisit how data...

Protecting your organization from cyber threats and meeting compliance requirements is simpler than ever with the new Tripwire Enterprise 9.3 release, which includes the following enhancements: IPv6 Support IPv6-Only Support: Now fully compatible with environments that operate exclusively on IPv6. This is helpful to: U.S. Federal agencies that must adhere to OMB Memorandum M-21-07 Organizations...

As digital transformation sweeps across the healthcare sector, there has never been more at stake. Healthcare data is worth a lot on the black market. Unlike financial data, which has a short shelf life (accounts can be frozen, and fraud alerts issued), medical records stay fresh for a long time.They contain a host of personal information, like medical histories, insurance data, and payment...

While NIST frameworks are typically not mandatory for most organizations, they are still being called on to do some heavy lifting to bolster the nation’s cybersecurity defenses.Under the January 2025 Executive Order (EO) on Strengthening and Promoting Innovation in the Nation’s Cybersecurity, the National Institute of Standards and Technology (NIST) was charged, along with several other agencies,...

In January of this year, significant changes to the HIPAA Security Rule were proposed by the Office of Civil Rights for the Department of Health and Human Services (OCR).The proposed update to the HIPAA Security Rule, published on January 6, 2025, introduces a significant new requirement: all covered entities and business associates must conduct penetration testing of their electronic information...

There are ghosts in the machine.Not the poetic kind. I mean literal, running-code-with-root-access kind. The kind that was set up ten years ago by an admin who retired five jobs ago. The kind that still wakes up every night at 3:30 a.m.; processes something no one remembers, and then quietly vanishes into the system logs. Until, of course, something goes wrong—or someone takes advantage of it...

Adhering to the ever-tightening letter of the law is the cost of doing business these days, and for many companies caught in the crosshairs, that cost is getting too high.New research by Bridewell Consulting revealed that 44% of all financial services institutions in the UK listed compliance as the top cybersecurity challenge their organizations currently face. And it may be no surprise as many...

The Health Insurance Portability and Accountability Act (HIPPA) was established to protect patient privacy and secure health information. While it has been around for nearly two decades, it is evolving to keep up with an increasingly digital world and in response to the skyrocketing number of cyber attacks the industry sees every year.On December 27, 2024, the Department of Health and Human...

According to the NIS Directive, Member States should adopt a common set of baseline security requirements to ensure a minimum level of harmonized security measures across the EU and enhance the overall level of security of operators providing essential services (OES) and digital service providers (DSP). The NIS Directive sets three primary objectives:to improve the national information security...

The cyber workforce gap is one of the most pressing and persistent challenges facing the cybersecurity industry. In 2024, ISC2 found that the gap amounted to 4.8 million people globally, up 19% from the previous year. Both public and private sector organizations – including the UK’s NCSC and the SANS Institute – have introduced countless initiatives in an attempt to close the cyber workforce gap,...

According to the 2024 State of Ransomware report by Sophos, there was a 500% increase in ransom bills in the last 12 months. Moreover, an analysis by Comparitech revealed 181 confirmed ransomware incidents targeting healthcare providers in 2024, with 25.6 million records compromised. Meanwhile, there were 42 more confirmed attacks on healthcare organizations not involved in direct care provision....

New cybersecurity legislation is coming thick and fast. And for good reason: cyber threats are becoming more sophisticated, systems are becoming more connected, and geopolitical relationships are becoming more fraught. One of the most recent bipartisan legislations – the US Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025 – is designed to modernize cybersecurity standards in...

Third parties have long been the hidden heroes of the payment card industry, providing specialized, streamlined support to merchants looking to host a website or spin up an app. But that convenience is not without a cost.According to PCI DSS 4.0 compliance standards, although merchants are free to use third parties, the responsibility for any incurred security liability will be all theirs. When a...

The healthcare industry is a prime target for cyberattacks due to the significant value of medical data and the critical nature of patient care. Unlike other sectors, healthcare organizations must balance cybersecurity with the need for immediate access to life-saving information. Ransomware attacks, in particular, have surged, with cybercriminals exploiting outdated systems, unpatched...

It’s been a pretty divisive few months in US politics. The Trump administration has made sweeping changes in almost all areas of policy, ranging from international relations to domestic regulations and everything in between. However, some areas of American politics aren’t so contentious; in fact, a few cybersecurity policies have received bipartisan support. The Cyber Conspiracy Modernization Act,...

As cyber threats evolve, so must the strategies and frameworks that protect the data and systems that are at the heart of national defense, intelligence, and security. At a time when cyber threats are becoming more sophisticated, the need to protect national security systems (NSS) has never been more critical. With this in mind, the Committee on National Security Systems (CNSS) was formed to...

As global privacy requirements evolve, many information security professionals are called upon to enhance or lead information privacy programs. While this transition may seem like a natural progression, I learned five important lessons when I moved from a focus on security and audit to the field of information privacy.What Constitutes PII? Understanding PII is essential to your team's success....

For all the tremendous opportunities that the digitization of business operations has unlocked, there are also complex security and data privacy challenges that organizations have to navigate. In the interests of business privacy and security, legislation exists to hold organizations and policymakers to account. None are perhaps more influential and necessary than the EU’s General Data Protection...