Cyber Defense eMagazine August 2019
Cyber Defense eMagazine August Edition for 2019 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cybersecurity expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group
Cyber Defense eMagazine August Edition for 2019 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cybersecurity expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Federal and state governments are responding to the increase in cyber attacks through new legislation.<br />
At the federal level, the House Financial Services Committee introduced a bill, “The Consumer Data<br />
Security and Notification Act,” to amend the Gramm-Leach-Bliley Act to include a national breach<br />
notification law for the financial industry which would supersede state laws. The states are also rapidly<br />
introducing cyber security legislation. In <strong>2019</strong>, 45 states and Puerto Rico introduced over 260 different<br />
bills or resolutions to address cyber security and specifically matters relating to the security of connected<br />
devices, election security, industry data security and the establishment of cyber security task forces. New<br />
York State, for example, issued its New York State <strong>Cyber</strong>security Mandate, which was the nation’s first<br />
cyber security regulation. It requires regulated financial institutions to establish and maintain cyber<br />
security programs to include penetrate testing, vulnerability scanning, and education for all employees,<br />
design to protect consumers and the industry. In that regulation was a strong emphasis on establishing<br />
a compliance culture at the top levels of these institutions. Europe too has acted to help institutionalize a<br />
culture of cyber security with its “General Data Protection Regulation (GDPR) designed to strengthen<br />
and unify data protection for individuals in the European Union (EU) and address the export of personal<br />
data outside of the EU.<br />
Consumers too are taking their cyber security more seriously than ever, fighting back with increased<br />
litigation. Over recent years, we’ve seen a federal judge in California rule that a consolidated class-action<br />
lawsuit filed by those affect by three Yahoo data breaches can proceed; Nationwide Insurance was<br />
ordered to pay a $5.5 million settlement, Cottage Health System ordered to pay a $2 million settlement,<br />
and Home Depot agreed to settlements totaling $44.5 million stemming from class-action lawsuits related<br />
to data breaches affecting 50 million customers. For the 143 million Americans affected by the Equifax<br />
data breach, there is a $70 billion class-action lawsuit underway. These lawsuits and the countless others<br />
in courts nationwide should give businesses pause to recognize their due diligence, fiduciary and data<br />
protection responsibilities which require they implement and uphold best cyber security practices.<br />
“Best Practices for Optimum <strong>Cyber</strong> Security”<br />
The Information Systems Audit and Control Association’s (ISACA) “<strong>2019</strong> State of <strong>Cyber</strong>security” research<br />
reported that:<br />
• 69% of companies stated that their cyber security teams are understaffed,<br />
• 58% of companies said they have unfilled cyber security positions, and<br />
• Many companies have difficulty retaining cyber security professionals even when they offer<br />
training and certification programs.<br />
155