February 21, 2024 at 03:30AM The European Union introduced the original Network and Information Security (NIS) Directive in 2016 in response to growing cybersecurity threats. The upcoming NIS2 directive, effective in October 2024, expands security requirements for over 160,000 companies, with non-compliance fines reaching €10 million. Organizations are urged to prepare for increased obligations and … Read more
February 7, 2024 at 03:18PM Danish data protection authority orders 53 municipalities to stop sending student data to Google without a legal basis. They must document data processing, ensure Google complies with regulations, and limit data use to authorized purposes. The authority allows use of Google Workspace for educational services but restricts other purposes. Municipalities … Read more
January 31, 2024 at 07:42AM Summary: Publicly traded organizations must comply with the SEC incident disclosure regulations by reporting cyber incidents deemed “material” within four business days. The new rules stress the importance of well-practiced IR programs and comprehensive cyber IR plans. However, traditional IR simulations can be challenging and costly, prompting the need for … Read more
January 25, 2024 at 06:10PM Panorays’ 2024 CISO Survey of 200 CISOs reveals that 94% are concerned about third-party cybersecurity threats, with 65% anticipating an increase in third-party cyber risk budget. Only 3% have already implemented a third-party cyber risk management solution, and 33% plan to do so in 2024. CISOs prioritize AI-driven solutions and … Read more
January 17, 2024 at 07:36AM Savvy, a SaaS security platform provider, has introduced Identity-First Security to address risks stemming from identity access management permissions, user behavior, and business context. The offering aims to combat SaaS application-related security risks by providing comprehensive visibility and automated security guardrails to guide users in real time. For more details, … Read more
January 11, 2024 at 10:36AM Kenya’s Office of the Data Protection Commissioner released new guidance notes for data protection in education, communications, and digital credit sectors, as well as a general guide for processing health data. The Data Protection Act, enacted in 2019, has led to significant enforcement, with fines issued for violations. Awareness efforts … Read more
January 2, 2024 at 10:57AM In 2024, companies will face significant challenges in data security, protection, and compliance. Governments are tightening regulations and enforcing data protection laws, impacting companies globally. The rush to regulate AI and the complexities of data localization pose additional challenges. Businesses need to adapt to evolving regulations and technological landscapes to … Read more
December 20, 2023 at 05:32AM Greater Manchester Police (GMP) faces an enforcement notice from Britain’s data watchdog for a substantial backlog of over 850 Freedom of Information (FOI) Act requests, some dating back years. The Information Commissioner’s Office (ICO) demands urgent action to clear the backlog and improve response times to maintain public trust and … Read more
December 18, 2023 at 10:39AM SaaS has become crucial for corporate IT, with service businesses almost entirely reliant on it. However, this shift has attracted threat actors. Trends for 2024 include democratization of SaaS, the importance of ITDR, cross-border compliance, misconfiguration risk, third-party app reliance, and remote device security. SSPM tools like Adaptive Shield are … Read more
November 30, 2023 at 07:18AM Wing Security now offers free basic third-party risk assessments for SaaS, highlighting the connection between SaaS and third-party risk management (TPRM). The article underscores the importance of rigorous TPRM processes to handle risks from SaaS supply chains, offering 5 TPRM tips for SaaS security, including identification, due diligence, ongoing monitoring, … Read more