In July of 2023, the U.S. Securities and Exchange Commission, commonly known as the SEC, adopted new rules necessitating the disclosure of material cybersecurity incidents and related risk management, strategy, and governance. One of the most notable requirements of the new regulations is that companies must report a cybersecurity incident within four business days after…
Read More
October is Cybersecurity Awareness Month, an opportunity for organizations to spend a little extra effort educating their non-security staff on security best practices. This training generally focuses on basics such as enabling MFA, strengthening passwords, and teaching the warning signs of phishing. While these actions can improve your security posture when successfully adopted, training is…
Read More
If there’s one thing that never changes in cybersecurity, it’s this: threat actors will always look for the path of least resistance to gain access to a victim’s network. While companies that collect and maintain personally identifiable information (PII) or protected health information (PHI) are often the preferred targets of threat actors, attackers will target…
Read More
Keeping your data safe and protected often seems like an uphill battle. Consistently presenting a hardened attack surface to a would-be attacker and doing so across all the various attack vectors possible is a difficult problem to solve. The attacker only has to be right once, while you and your broader security team have to…
Read More
Our holiday guidance blog series for retail and hospitality continues. For more blogs in this series, visit https://rhisac.org/blog/ Being this time of the year, our sector needs to be vigilant. There’s a chill in the air, decorations hung in every window, children’s eyes sparkle with wonder and expectation… and hackers lurk around every corner. The holiday…
Read More
