Cybersecurity and Data Privacy in the USA: April 8 - 14, 2024

Welcome to the latest edition of Security Spotlight from IT Governance USA. Last week, we reported 3,457,331 known records breached in 75 newly disclosed incidents. With AT&T confirming more than 50 million customers affected by the March data breach. We provide a helpful guide on how to transition to ISO 27001:2022, where we discuss the key changes to ISO 27001 and the new controls in Annex A. From here, we look at the latest industry news including the headlining story where the FBI says Chinese hackers are preparing to attack US infrastructure.

Cybersecurity and Data Privacy in the USA: April 8 - 14, 2024

3,457,331 known records breached in 75 newly disclosed incidents!

Welcome to this week’s round-up of the biggest and most interesting news stories in the USA. Publicly disclosed data breaches and cyber attacks: in the spotlight

• AT&T confirms more than 50 million customers affected by March data breach
• Giant Tiger confirms data breach via third party

Continue?reading??

A Guide to Transitioning to ISO 27001:2022

ISO/IEC 27001 and ISO/IEC 27002 were both updated in 2022. Their previous editions were published in 2013.

In the intervening nine years, the world of cybersecurity changed dramatically. Mobile device usage exploded, especially in terms of BYOD [bring your own device], as did remote working.

Both fuel arguably one of the biggest changes – and challenges – in cybersecurity: Cloud uptake. In this blog:

• Key changes to ISO 27001
• The new controls in Annex A
• What links ISO 27001’s Annex A and ISO 27002
• The attributes in ISO 27002:2022
• How to start transitioning
• Key transition dates

Read?more??

Data Breaches and Cyber Attacks in 2024 in the USA

875,603,102 known records breached so far in 1,819 publicly disclosed incidents Welcome to a new page, giving you an overview of the year’s biggest security incidents in the USA, the sectors most frequently breached in 2024, month-on-month trends in the USA, links to our monthly reports, and much more.

Read now??

FBI says Chinese hackers preparing to attack US infrastructure

Nashville, Tennessee, April 18 (Reuters) - Chinese government-linked hackers have burrowed into U.S. critical infrastructure and are waiting "for just the right moment to deal a devastating blow," FBI Director Christopher Wray said on Thursday.

An ongoing Chinese hacking campaign known as Volt Typhoon has successfully gained access to numerous American companies in telecommunications, energy, water and other critical sectors, with 23 pipeline operators targeted, Wray said in a speech at Vanderbilt University

.Continue?reading??

Roku hit with second major breach of 2024, this time affecting 576,000 users

Roku says it found another cyberattack on Friday that affected 576,000 users. This is the second breach to affect the company since March.

Roku says the attackers used the login information of account holders, a technique called credential stuffing, to gain access to the streaming service and the payment methods of some users. Continue?reading??

CyberComply

Reduce dependence on individuals: Put your trust in CyberComply

• CyberComply does all the heavy lifting – wizards, databases, and prompts guide you all the way – get started without any expert knowledge
• Meet your compliance objectives fast with fully integrated modules that help you address compliance requirements
• Centralize your compliance activities to improve control and compliance with regulations and frameworks
• Draw powerful reports to demonstrate measures taken and controls implemented

Find out more