The job of a CISO is one of constant change and unexpected challenges. One of the most energetic environments to govern is that of a university. Universities function not only as academic institutions, but also as research hubs, hosting both curious students, as well as notable scholars. This is an audience not known for slow-motion progress. They need results, and they expect them quickly. At a large university, the responsibility of a CISO is dizzying.

The widespread adaptability and integration of tools and the professionals who can effectively use them to comply with the law will significantly impact the careers of both lawyers and other legal personnel. One of the fastest-growing areas in the legal profession in the United States is Privacy Law. Privacy certifications endorse attorneys as credentialed privacy lawyers. Privacy certifications can boost income streams and growth potential while increasing job stability and sustainability.

Black Basta is a relatively new family of ransomware, first discovered in April 2022. Although only active for the past couple of months, the Black Basta ransomware is thought to have already hit almost 50 organisations – first exfiltrating data from targeted companies, and then encrypting files on the firm’s computer systems. Victims have reportedly been hit in countries around the world including the United States, UK, India, Canada, Australia, New Zealand, and UAE.

Just when you thought that we couldn’t be any more integrated with (and dependent on) technology, the Covid pandemic swooped in to prove otherwise. The rise in the use of applications and devices to perform even basic functions pushed companies and end-users to keep pace. Of course, one group of people always seem to be ready: cybercriminals. Cyber attacks are steeply increasing, and attackers are cunning, always finding new ways to get what they want.

As we continue our review of the 12 Requirements of PCI DSS version 4.0, one has to stop and consider, is it possible to have a favorite section of a standard? After all, most guidance documents, as well as regulations are seen as tedious distractions from the importance of getting the job done. However, depending on a person’s position and function in an organization, it is possible to “geek out” on some of the information in these official papers.

Cloud computing is an effective solution for large and small companies across every industry. There has been rapid adoption due in large part to its accessibility, flexibility, and reliability. The cloud environment brings a significant amount of benefits, but at the same time, it can expose businesses to various alarming cybersecurity risks. A study conducted by Thales and 451 Research revealed that 40% of respondents have experienced a data breach within their cloud environments.

Ransomware has matured significantly over the previous decade or so. Initially thought to be a relatively basic virus that could be contained on a floppy disk, it can now damage global business infrastructures, stop healthcare systems dead in their tracks, mess with fuel supply networks, and disrupt transportation infrastructure. Its simplicity is what makes it so appealing to criminals. The attacks don’t have to be very sophisticated to cause significant harm and extort ransom payments.

Earlier this year, an industry report stated that 79% of businesses remain concerned about the security risks of an increasingly remote workforce. Cyberattacks are on the rise since the COVID-19 pandemic, in part because many organizations fail to put in place adequate cybersecurity measures and procedures. In addition, there is a worldwide shortage of cybersecurity professionals in every industry.

The UK’s National Health Service (NHS) has warned the public about a spate of fake messages, sent out as SMS text messages, fraudulently telling recipients that they have been exposed to the Omicron variant of COVID-19. In a tweet, the NHS said that it had seen reports of text messages that claimed to come from the NHS, telling recipients that they had been in close contact with someone who had a confirmed COVID-19 infection, and that they should order a testing kit.

In Part 1 of this series, we reviewed the first four sections of the new PCI standards. As we continue our examination of PCI DSS version 4.0, we will consider what organizations will need to do in order to successfully transition and satisfy this update.