No Password Required: SVP at SpyCloud Labs, Former Army Investigator, and Current Breakfast Champion
Monumental Win in Data Breach Class Action: A Case Study — The Consumer Finance Podcast
FBI Lockbit Takedown: What Does It Mean for Your Company?
Privacy Officer's Roadmap: Data Breach and Ransomware Defense – Speaking of Litigation Video Podcast
Cybersecurity in Video Games & Esports
2023 DSIR Deeper Dive: Plaintiffs’ Attorneys Are Trying to Assert a New Cause of Action Against Universities Based on an Old Law Regulating Videotape Service Providers
Podcast: A Conversation with Andy Rotherham on Hot Topics in Education for 2023
No Password Required: Threat Intelligence Analyst at Recorded Future, the Ransomware Sommelier, and a Guy With a Mildly Exciting Expense Account
Compliance & Disaster Preparedness
2023 DSIR Report Deeper Dive into the Data
Episode 282 -- CISO and CCOs -- The Evolving Partnership
No Password Required: Threat Researcher at Cisco Talos and a Veteran of the Highest-Profile Cyber Incidents Who Roasts His Own Coffee Beans
Innovation in Compliance - The Role of Backup Systems in Cybersecurity Defense with Curtis Preston
Cyber Threats
No Password Required: The Teenage CEO of Girls Who Hack and Secure Open Vote, Who Is as Comfortable Behind a Mic as She Is Behind a Keyboard.
Hinshaw Insurance Law TV – Cybersecurity Third and Final Part: Ransomware
Can Cyber Investigations Be Canned? - Unauthorized Access Podcast
[Podcast] NSA Cybersecurity Services for Defense Contractors
Understanding the Additional Risks When Making a Ransomware Payment
2022 DSIR Deeper Dive: Ransomware
When the lights stayed on in Kyiv during a wave of missile attacks in early 2024, Ukrainian officials quietly acknowledged a second line of defense that received far less public attention than the nation’s air-defense...more
The messages from government agencies and cybersecurity leaders at the end of June were clear – nation-state-sponsored cybersecurity threats are on the rise. Pro-Iranian “hacktivists” are targeting U.S. infrastructure and...more
The New York State Department of Health has issued an urgent cybersecurity advisory (the Advisory) warning of increased threat levels and a higher likelihood of cybersecurity attacks from Iranian state-backed actors following...more
The SafePay ransomware group has been active since fall 2024 and has increased its activity this spring and summer. According to NCC Group, SafePay hit the most victims of any threat actor in May 2025—it is linked to 248...more
On June 30, 2025, a Joint Advisory was issued by the National Security Agency, the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation and the Department of Defense Cyber Crime Center issued...more
As tensions flare in the Middle East, speculation is growing over the potential impacts of Iranian cyberattacks targeting US based companies and infrastructure. We saw similar reactions in 2020 following the death of the head...more
Cybersecurity firm CSC recently issued its CISO Outlook 2025 Report, which predicts cybersecurity challenges CISOs will face in the next year. The report, from a survey of 300 CISOs and cybersecurity professionals globally,...more
Google sent out a warning that the cybercriminal group Scattered Spider is targeting U.S.-based retailers. Scattered Spider is believed to have been responsible for the recent attack on Marks & Spencer in the U.K. A security...more
Cyber threats aren’t a distant possibility — they’re a daily reality. And according to IBM’s Cost of a Data Breach Report, they’re costing businesses more than ever. The global average data breach cost has surged to $4.88...more
On March 12, 2025, a joint cybersecurity advisory was issued by the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the Multi-State Information Sharing and Analysis Center to advise...more
It is without question that data centers will continue to play a central role in powering the digital economy, housing critical data, and enabling cloud services, AI, IoT, and other emerging technologies. However, as the...more
On March 12, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), issued a...more
On February 19, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), issued...more
On February 4, 2025, Coveware, Inc. released its quarterly ransomware report for the fourth quarter of 2024, and identified that the percentage of victims paying ransoms fell to a historic low of 25%. While the average...more
Cyberattacks are affecting every company and sector. Meanwhile, the regulatory landscape is intensifying as the SEC continues to enforce the cyber-risk management disclosure rules. Every day presents a new compliance and...more
Material updates to the HIPAA Security Rule could be on the way — affecting all HIPAA-regulated entities — for the first time in two decades. The Department of Health and Human Services (HHS) issued a Notice of Proposed...more
Cyber issues are seldom out of the news, from ransomware attacks and espionage to non-malicious outages that cause widespread concern. Organizations need to protect themselves against both current and future risks and...more
Cybersecurity is integral to protecting sensitive information, ensuring regulatory compliance, managing financial risks, maintaining reputation, ensuring business continuity, gaining a competitive advantage, adapting to...more
Publications & Advisories - November 2024 – Kathleen Benway, Jennifer Everett, Alysa Austin, and Kristen Bartolotta published “Federal Trade Commission’s Updated Health Breach Notification Rule Is Now in Effect” in Employee...more
Our Health Care and Privacy, Cyber & Data Strategy Groups cover an upcoming proposed rule from U.S. Health and Human Services (HHS) that would formalize cybersecurity requirements and allow the Office for Civil Rights (OCR)...more
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) imposed a $240,000 civil monetary penalty against Providence Medical Institute in connection with a ransomware attack that revealed...more
A recent joint advisory from the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the Department of Defense Cyber Crime Center (DC3) warns of increased collaboration...more
The Cybersecurity & Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the Department of Defense Cyber Crime Center (DC3) issued a joint alert on August 28, 2024, warning U.S.-based...more
On June 24, the staff of the U.S. Securities and Exchange Commission's (SEC) Division of Corporation Finance (Division of Corporation Finance) released five new Compliance & Disclosure Interpretations (C&DIs) relating to the...more
Since I hang out with a lot of CISOs, and understand their pain points, I urge readers to send a “thank you” and “you are the best” message to their CISO. You can’t imagine the pressure and stress they are under to try to...more