Maintaining robust cybersecurity defenses comes with significant costs, but one area that often exceeds is the ongoing administration of Security Information and Event Management (SIEM) systems. The expenses associated with logging, storing, and managing SIEM data can escalate rapidly, especially when compounded by compliance and regulatory requirements. What are these hidden costs and how can you mitigate them while also ensuring compliance?

On November 14, 2024, Palo Alto Networks disclosed five critical vulnerabilities in its Expedition configuration migration tool, a solution designed to simplify the migration of firewall configurations from third-party vendors to Palo Alto Networks’ PAN-OS infrastructure. These vulnerabilities—tracked as CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, CVE-2024-9466, and CVE-2024-9467—expose users to risks such as unauthorized access, data leakage, and system compromise.

Incident reporting is a crucial component of maintaining cybersecurity and operational resilience across the European Union. As outlined in Article 23 of the NIS2 Directive entities falling under its scope are required to report “significant incidents” to the CSIRT (Computer Security Incident Response Team or the relevant competent authority without undue delay.

Enterprises invest heavily in cybersecurity measures to protect their critical assets and sensitive data. According to the Worldwide Security Spending Guide published by International Data Corporation (IDC), European security spending will grow by 12.3% in 2024, similar trajectory to the US and Asia Pacific. Despite these investments, crippling vulnerabilities continue to wreak havoc, and the costs of cyber attacks continue to soar.

Artificial Intelligence (AI) has come a long way since John McCarthy first coined the term in 1955. Today, as AI technologies become deeply embedded in our daily lives, the potential they hold is immense – but so are the risks to safety, privacy, and fundamental human rights. Recognizing these concerns, the European Union (EU) took a proactive step in 2021 by proposing a regulatory framework aimed at governing AI.

Last week (19-July-2024), a significant IT outage occurred because CrowdStrike distributed a faulty update to its Falcon security software running on millions of computers using the Microsoft Windows operating system. This faulty update caused many of these computers to crash, which interrupted the operations of businesses across the globe.

It’s time to ‘Have Your Say’ on the future of cybersecurity regulations in the European Union. The draft implementing regulation for the NIS2 Directive is now open for public feedback through the ‘Have Your Say’ portal until July 25, 2024. This consultation period allows stakeholders to contribute to refining the regulation, with all feedback shaping the final regulations.

As a crucial member of your law firm’s IT team, you hold the responsibility of safeguarding highly sensitive client information – financial records, personal data, and privileged communications. While you might not be managing cases, you’re protecting the very foundation of client trust. However, this trust faces significant risk. Last year alone, 29% of law firms experienced a security breach, with the average cost per breach soaring to $4.47 million.

Time is of the essence, as the transposition deadline for the NIS2 Directive approaches on October 17, 2024, organizations across the EU must brace for its significant impact. This new Directive, updating and expanding its predecessor (NIS1), will dramatically increase the number of regulated entities. According to Ireland’s National Cyber Security Centre, the number of regulated entities is expected to rise from about 120 under NIS1 to an estimated 3,500 under NIS2.

Earlier this year, a Chinese company named Funnull acquired the polyfillio. Due to this acquisition, this code was used to redirect mobile visitors to scam sites. Over 100,000 websites using the previously popular Polyfill JS open-source project are vulnerable to attacks that redirect traffic to sports betting and pornography sites.