Tag: compliance
356 articles
Open Source Community Unprepared for EU's Cyber Resilience Act
The open source community is lagging behind on cybersecurity readiness, with stagnating awareness and a lack of preparedness for the EU's Cyber Resilience Act, which requires minimum security standards for hardware and software products by December 2027. It's time for urgent action to avoid falling short of compliance.
Varonis Integrates Claude Compliance API for Enhanced AI Governance
Varonis has integrated the Claude Compliance API into its Atlas AI Security Platform, empowering enterprises to confidently adopt AI with enhanced governance and oversight. This integration enables security teams to monitor AI usage, detect misuse, and assess risks with unparalleled data context.
AI-Powered Tools Elevate Vulnerability Detection, Pressing Secure-by-Design Mandate
With AI-powered tools, companies can now instantly detect and fix software vulnerabilities, making ignorance a thing of the past when it comes to cybersecurity. As Hans de Vries of ENISA notes, this shift makes a secure-by-design approach not just best practice, but a pressing mandate.
Autonomous AI Exposes Governance Gaps in Enterprise Security
As autonomous AI revolutionizes enterprise security, it's also revealing alarming governance gaps that can leave organizations in highly regulated environments exposed to unprecedented risks. The rapid adoption of autonomous AI is creating a trust gap, where innovation outpaces control, and novel risks to visibility, control, and regulatory compliance are emerging.
FIS and Anthropic Unveil AI to Accelerate Money Laundering Probes
Imagine having an AI-powered ally that supercharges your money laundering investigations, automatically gathering evidence, detecting patterns, and prioritizing case files in minutes - not days. FIS and Anthropic have joined forces to bring you the Financial Crimes AI Agent, revolutionizing banking's most costly compliance challenge.
Digital KYC Push Stalls on Trust and Liability Concerns
KYC is more than just verifying identity - it's a crucial process that requires trust and accuracy to prevent financial crimes. Governments and banks are working together to modernize identity data collection and reuse, with countries like the UAE, Europe, and Singapore launching innovative projects to streamline compliance and strengthen anti-money laundering efforts.
Fintech Firm Exposes Database Credentials in Shared Spreadsheet
A fintech firm's most sensitive secrets were left exposed in a shared spreadsheet, with a password that was embarrassingly simple - literally a combination of the company's name and the year. The shocking discovery was made by Stanislav Kazanov during a routine compliance audit, when he stumbled upon a widely accessible SharePoint folder containing a file ominously titled Prod_DB_Root_Creds_DO_NOT_SHARE.xlsx.
US Companies Face Record $3.45 Billion in Privacy Fines
US companies are facing a record-breaking $3.45 billion in privacy fines, a staggering amount that surpasses the total fines issued over the past five years combined, as regulators shift from education to full-scale enforcement. This surge in fines is driven by stronger state laws, coordinated interstate efforts, and increased scrutiny of AI and automation practices.
HIPAA Fines Hit $1.7 Million for Risk Analysis Failures
The consequences of neglecting HIPAA risk analysis are steep: four entities recently paid a total of $1.7 million in fines for failing to conduct accurate, timely, and thorough assessments, exposing sensitive health information of nearly 427,000 individuals to hacking and ransomware threats.
DORA Mandates Credential Security as Financial Risk Control
What happens when a threat actor waltzes into your network with a legitimate username and password - can your controls stop them? With DORA now in effect, EU financial institutions must prioritize credential security as a critical risk control, shifting from best practice to binding regulation.
Mythos AI Breakthrough Sparks Industry Reassessment
The Mythos AI breakthrough has sent shockwaves through the industry, forcing a crucial question: how can businesses adapt and stay ahead when a single technological leap turns the rulebook upside down? Industry experts gathered to discuss the implications and reassess their strategies in light of this game-changing innovation.
OpenAI Targets Financial Sector with GPT-5.4-Cyber Partnerships
OpenAI is shaking up the financial sector with its GPT-5.4-Cyber partnerships, targeting major banks with a cutting-edge cyber-focused AI offering that raises important questions about regulation and control. By launching a Trusted Access for Cyber program, OpenAI is paving the way for GPT-5.4-Cyber to be adopted in highly regulated environments.
Universities Scramble to Tighten Export Controls Amid Rising Risks
As governments tighten export controls to protect national interests, universities face a pressing dilemma: how to balance the need for global collaboration and discovery with the risk of unchecked research crossing borders. With regulations once reserved for industry now bearing down on academic activity, institutions must urgently revisit their export-control compliance to avoid stifling innovation.
HHS Weighs HIPAA Security Rule Update Amid Compliance Cost Concerns
As the HHS Office for Civil Rights considers updating the HIPAA Security Rule, a pressing question remains: will the cost of compliance outweigh the risk of leaving protected health information vulnerable? The director bluntly puts it, the cost of inaction may outweigh compliance burdens.
Financial Services Grapple with SecOps and GRC Alignment Challenges
In financial services, two crucial functions - SecOps and GRC - are struggling to move in lockstep, despite their shared goals of protecting assets and meeting regulatory expectations. Can they ever align to tackle security and compliance challenges head-on?
Qodo Raises $70M to Mitigate AI Code Risks with Governance Platform
As businesses increasingly turn to AI to generate production code, a pressing question emerges: who will be accountable when machines write the software that runs our critical systems? With AI-generated code comes a new set of risks - bugs, security threats, and noncompliance - that governance gaps must address to ensure speed and scale don't compromise safety and reliability.
Critical Data Security Standards Bolster Cancer Innovation Efforts
As cancer research and treatment innovation accelerate, robust data security standards are crucial to safeguarding sensitive information and fueling life-saving collaborations. By prioritizing data security, we can empower the medical community to harness the full potential of technology and drive progress in the fight against cancer.
cyber risk Must-Have Strategy for Best Business Alignment
Too many security teams track patch counts while executives ask whether revenue and reputation are really protected; aligning risk operations with business priorities turns cyber efforts from checkbox exercises into measurable protection for what matters most. By mapping critical processes, quantifying financial impact, and uniting tech and leadership, organizations can prioritize controls that reduce real risk and keep operations—and customers—running.
insider risk: Essential Defenses Against Costly Breaches
Insider risk is now a frontline threat—77% of organizations have suffered data loss—so prioritize least-privilege access, zero-trust IAM, and integrated DLP/UEBA/SIEM while building a people-first culture that balances privacy with protection. These must-have defenses stop costly breaches before trusted channels become exit ramps.
staff burnout: Risky Crisis, Must-Have Fixes
When the people charged with defending systems are exhausted, response slows and risk balloons — a new Security magazine-backed report finds burnout now tops leaders’ threat lists. Treating burnout as a strategic vulnerability, not an HR problem, means investing in humane workflows, smarter automation, and retention before talent drains create gaps attackers can exploit.
cyber risk management: Must-Have Best Legal Defense
Cyber incidents aren’t just IT headaches — they’re legal minefields that can trigger fines, lawsuits and boardroom liability. Align contracts, AI governance, vendor controls and BYOD policies so technical breaches don’t become costly legal crises.
zero trust Must-Have: Europe’s Best Security Playbook
Across Europe, zero trust has moved from IT theory to a regulatory expectation—policymakers now expect identity-centric controls, measurable resilience and risk reporting, so organizations must re-architect defenses or accept growing exposure. Start pragmatically: protect your highest-value assets with IAM, MFA and segmentation, measure risk reduction, and build privacy-preserving telemetry as you go.
calendar invite Shocking Leak: Risky Trust Damage
A misconfigured Outlook calendar invite from Cifas accidentally exposed dozens of fraud-prevention professionals’ email addresses — a simple slip with potentially serious consequences. It’s a wake-up call that default-private settings, group aliases and basic training aren’t optional if we want to protect the people who protect us.
Data minimisation: Stunning GDPR Win Against Experian
The Dutch data watchdog fined Experian €2.7m for collecting and keeping more personal data than necessary, a sharp reminder that GDPR’s data‑minimisation rules aren’t optional. The ruling signals that data brokers and businesses must justify every data point they hold — or face stricter enforcement that could reshape product design, retention policies and privacy controls.