Chris Babel

Pennsylvania’s Consumer Data Privacy Act is Now Law! As of March 18, 2024, Pennsylvania has officially passed the Consumer Data Privacy Act (House Bill No. 1201, Session of 2023). This landmark legislation enhances consumers' data privacy rights and sets forth clear obligations for data controllers and processors. Key Highlights Consumer Rights: Consumers now have enhanced rights, including the ability to access, correct, and delete their personal data. They can also opt out of data processing for targeted advertising or sales. Business Responsibilities: Data controllers must limit data collection, obtain consent for processing sensitive data, and implement robust data protection measures. Enforcement and Penalties: Strict penalties are in place for non-compliance, emphasizing the importance of businesses aligning with these new standards Is your business fully compliant with these regulations? Privacy24 is here to help! Our seasoned compliance experts specialize in helping businesses navigate complex data privacy laws. Our expert team can ensure that your company not only complies with this new law but also leverages compliance as a competitive advantage. Our Services Include: Comprehensive compliance audits. Tailored policy development and strategic implementation. Training and ongoing support to maintain high compliance standards. Don’t risk penalties or damage to your reputation. Contact us today for a consultation and let Privacy24 help you achieve and maintain compliance with confidence. 🌐 For more information, visit privacy24.io or send us a direct message here on LinkedIn! #DataPrivacy #ConsumerProtection #PennsylvaniaLaw #ComplianceExperts #Privacy24

6

Tired of Cyber Disneyland? Get the facts and find your way around #Cybersecurity #MDR at the N-able Roadshow in #Anaheim today. Hear from vendors, and join us for an incident response tabletop exercise. As pilots are fond of saying, "If it doesn’t feel right, go around. It’s better to explain why you did than have an investigator discover why you didn’t." TTXs are the best way to figure out what's right, before it goes wrong. @N-able roadshows are free--cyber incidents are costly. Register below: https://lnkd.in/g9A8dt8G

19

🚀 Exciting News! 🚀 Vinson Protect is thrilled to announce the integration of the CIS Critical Security Controls v8 framework into our online application! Thanks to everyone (from Seattle to New York) who signed up for a free account on the Vinson Protect site. We started the online application with the K12 SIX Essential Cybersecurity Protections framework as a primer for schools starting their cybersecurity journey. In the first major addition to the online program, we have added the Critical Security Controls v8 framework from the Center for Internet Security. Understanding that not all schools are ready for all 153 controls that make up the full CIS framework, we have added the ability for schools to choose between the various implementation groups (IGs), allowing them to start with IG1 (56 controls) before attempting the more comprehensive IG2 (130 controls) and IG3. If you have 13 minutes, you can check out the video I created showing the process to add this framework to your organization and use it to audit your preparedness. https://lnkd.in/gzUMaBTe This addition follows smaller program enhancements, which include the ability to create, track, and manage responses to security incidents, a task management system, and a multi-user capability for larger schools to share the workload. Please visit our website at the link below to learn more about Vinson Protect and read the full press release. https://lnkd.in/grMNrTwz #Cybersecurity #Education #CISControls #VinsonProtect

26

📣 Announcing the next Episode of the Business of Compliance Podcast!📣 Your experts, Kevin Shinners and Tom McNamara discuss the strategic value of cyber compliance, focusing on the impact of NIS2 and DORA regulations and the significance of ISO 27001 for information security. They highlight the importance of investing in compliance, overcoming budget constraints, and leveraging automation tools for efficient, effective strategies. Please join us to learn how to align security controls with business objectives and recognize the ROI of a strong compliance program. Releasing 1 week from today (26JUL2024)! Atoro A-LIGN #DORA #NIS2 #TheBusinessOfCompliance #ComplianceAlignedtoYou

30

7 Comments

Lots of interesting data points in this report, but the bit on "false election contributions" caught my eye as the political cycle hits hyperdrive here in the US (and other places). But it wasn't what I thought. I'd imagined from the write-up that this was tricking people into actually donating somewhere else or somehow exceeding donation limits, etc. It's much simpler: attackers are pretending to ask for campaign donations and are just stealing the money instead. For attackers, simpler remains better. Full report at https://lnkd.in/gzFUQkBV

2

Truly Disturbing - Theft is now fully legalized: Yesterday in the City of Beverly Hills, CA, a mob of 50 youths descended on a 7-Eleven and robbed it blind (https://lnkd.in/guGPTjEN). This wasn’t just an isolated incident—it’s part of a growing and alarming trend where theft is being promoted as acceptable, or even justified. While Gavin Newsom, California Department of Justice, and the State of California are focusing on posting signs to deter high-end theft at elite retailers like Louis Vuitton and Gucci, the real damage is being inflicted on small and medium-sized businesses (#SMBs). These businesses are the true backbone of our economy and local communities, and they face devastating consequences if this trend is allowed to continue. Protecting high-end brands is important, but the lack of the same level of attention and deterrence for SMBs reveals a troubling double standard. By merely posting signs around the city, the State of California is either encouraging theft or turning a blind eye to shoplifting. Theft doesn't just steal inventory—it destroys livelihoods. Many business owners, already on the brink due to economic pressures, will be forced out of business, leading to a ripple effect that will devastate local economies. This is more than just theft—it’s an attack on the hardworking individuals who sustain our infrastructure. We cannot allow this madness to continue unchecked. It's time for real accountability and protection for all businesses, not just the elite retailers. SMBs are the engines of innovation, job creation, and stability in our society. Let’s not stand by and allow this to become the norm. Our communities depend on us to speak out and take action. U.S. Small Business Administration, where is the justice for business owners? Higher insurance premiums and costly store protection measures ultimately raise the cost of goods for everyone. https://lnkd.in/gCG74s7e

1

Read the customer story to learn how eSentire MDR delivered superior visibility, correlation, and protection from cloud-specific threats, 24/7 detection, and expert support that enabled Venerable to stay ahead of cyber threats. DM us to discuss how eSentire can help your organization achieve comprehensive threat response, visibility improvement and endpoint protection. @eSentire

1

An epidemic of delayed revocations has infected the public CA community. @Tim Callan and @Jason Soroko track delayed revocations since the beginning of 2021, examine the trend line, and discuss root causes. Listen at @Sectigo here: https://lnkd.in/e6mZMV6Q

3

We should expect to see more of this. The upside: It is enforcing accountability. The downside: It gives attackers more incentive, and more leverage. #ciso #cio #ceo #boardroom #boardofdirectors #obligations #regulatoryrisk

22

6 Comments

Is your professional service firm facing outdated hardware and security issues? It’s time to take control with AGJ Systems. Our tailored IT solutions help elevate your firm’s productivity and ensure your systems are secure. Contact AGJ Systems today to boost your network security and IT efficiency:  https://lnkd.in/gNBR4Va #ManagedIT #NetworkSecurity #ProfessionalServices #GulfCoastIT #AGJSystems

2

Please join us as we address some of the more common questions associated with ISO42001 certification and building your AI Management System (AIMS). So many organizations see AI Governance as a pressing concern, but don't know how to begin their governance journey...we'll show you the path and help you every step along the way!

8

#AIGovernance is the hot topic of our age. #data and #AI are powerful combination but it may become liability very quickly. Join us on May 30th in person or virtually. #AIgovernance #datagovernance #privacymatters #NIST #IAPP

5

The wave of consolidation in security (and in this case identity) is showing no signs of slowing down. But waves tend to crash, or at least crest, at some point. FWIW, I don't think this one has at this point but I'm thinking about what will be the signal we've hit peak consolidation. I think one pretty likely signal will be when a public company takes out a private at a valuation level high enough that Wall street really punishes the public with a double digits valuation haircut (at the time I'm writing this the impact on CYBR is a blip...up 1.3% during trading today and down only 0.76% after hours, so not this one). Apart from that, what I think this one has in common with the blockbuster SIEM deals of last week is financial consolidation. According to the article: "...Venafi is expected to add around $150 million in annual recurring revenue ***and will be accretive to CyberArk's margins immediately***" [*** mine] which I read as financial consolidation more so than product expansion / fulfillment of vision. The interesting thing about it is that there's a new cohort of startups doing Non Human Identity. Often that means the status quo is not satisfying the needs of the market and the discovery diligence of founders indicates the incumbents are vulnerable to a new generation of tech. Will be interesting to see how that plays out.

24

6 Comments

We had another great live panel session this week exploring the issue of fraud against employees and customers from cyberttacks. The recording is now available. Thanks to Ross Bentzler and Michala L. for being new panelists, joining Fletus Poston III and me. Here's where you can find the recording: https://lnkd.in/gRmGTZxx #csaf #cybersecurityawarenessforum #fraud #ciso #cybersecurity #scams

8

1 Comment

Third-Party Risk Management (#TPRM) remains a real challenge - as BlueYonder's customers are finding out right now. What should we take away for our own companies and TPRM programs? Lots. Let's cover it on this week's Intentional Brief from Intentional Cybersecurity (with apologies for the audio quality - picked the wrong input source and didn't have time to re-record).

11

A summary of requirements from Reg S-P but also good all around practical guidance of how broker dealers ,or any entity, should be preparing for a cyber event and protecting customer information. Planning is critical to resiliency.

37

Big day for #PQC and the evolution of #cybersecurity! QuSecure is proud of our #leadership role in advancing #crypto agility with our #quantum resilient software solution QuProtect. To assist organizations in getting started, contact QuSecure as we are offering organizations the following four opportunities: 1. For CISOs: A free road mapping session with QuSecure, the award-winning company in crypto agility with more implementations than anyone to date. 2. For Boards and Executive Team Members: A half-day briefing with Accenture and QuSecure. Learn what others are doing and how to apply what they have learned to your organization. 3. For Organizations Ready to Test Crypto Agility: A #free #POC addressing your choice of Crypto Agility across applications, networks, and routers. 4. For Anyone Looking to Learn More: QuSecure is teaming with PayPal for a webinar on “Protecting Blockchain & Crypto Against Quantum & AI” on Wednesday, August 14, at 1 pm PT/4 pm ET.

1

I think the notion that "market forces haven't fixed cyber risk exposure, so here come the regulations" is about right. There's a little more nuance in this report from the industry group who wrote this report ("market forces alone are “insufficient” to incentivize privately owned entities to prioritize cybersecurity at the levels needed to protect national security"). Whether this is foreshadowing for heavier-handed regulation or a last call for industry to get it together on their own volition remains to be seen.

1