3 Interesting Articles

SEC approves new cyber reporting regulations for public companies
SC Magazine: The U.S. Securities and Exchange Commission (SEC) has approved regulations requiring publicly traded companies to report significant cybersecurity incidents within four days and disclose their cybersecurity risk governance annually. There are provisions for delaying notifications under specific circumstances, such as national security risks. While the rules are expected to increase transparency, concerns have been raised about potential challenges for smaller companies and the risk of revealing security practices to malicious actors. Smaller companies will not be required to comply with these rules until June 2024.

Pressured by Biden, A.I. Companies Agree to Guardrails on New Tools
NYTimes ($): Seven leading AI companies in the US, including Amazon, Google, Meta, Microsoft, and OpenAI, have voluntarily committed to new safety, security, and trust standards for the development of AI, as announced by the White House. These safeguards include security testing of products, research on bias and privacy issues, sharing risk information with governments, and identifying AI-generated content. However, these commitments are voluntary and are not enforced by government regulators. This agreement comes as governments globally are struggling to develop legal and regulatory frameworks for AI amidst rapid technological advancements. Meanwhile, an executive order is expected to impose restrictions on the export of large language models and advanced semiconductors to control technology proliferation to competitors like China.

MOVEit Hack Could Earn Cybercriminals $100M as Number of Confirmed Victims Grows
Security Week: The Cl0p ransomware gang could earn up to $100 million from the MOVEit hack, despite a general decrease in the percentage of victims paying ransoms. The hack affected potentially over 1,000 companies, yet a small percentage of these companies ended up paying the ransom. However, those who paid did so at a much higher amount than previous ransomware campaigns. In response to this, Cl0p has been employing new tactics, including setting up websites displaying some of the stolen data to pressure victims into payment. Emsisoft, an anti-malware firm, reports almost 400 victims of the hack, potentially impacting over 20 million individuals based on initial disclosures.

2 Stats You Should Know

By 2025, the global datasphere will grow to 163 zettabytes and almost 90% of all data will require some level of security, but less than half will be secured. (source)

The average cost per data breach for business in 2023 jumped to $4.45 million, a 15% increase over three years. (source)

1 More Thing

Are you or your team members attending #BlackHat2023? TalPoint will be at the event and we’d love to reconnect or meet you for the first time. To connect, simply schedule time here. We look forward to seeing you.