📰 85% of Providers Face Challenges Maintaining Client Compliance | Tuesday Times | June 5, 2024

Joses

What is Tuesday Times?

Tuesday Times is a weekly Tuesday series where we highlight a handful of recent cybersecurity-related news stories. We'll provide brief summaries of these news stories and link the articles directly, should you want to read more!

Feel free to comment on any of the articles highlighted, or share your own in the comments below!

85% of Providers Face Challenges Maintaining Client Compliance | Tuesday Times | June 5, 2024

85% of Managed Service and Security Providers Face “Significant” Challenges Maintaining Security Compliance for Clients, Apptega Survey Finds

• While Tuesday Times posts are supposed to be published on Tuesdays, I'm hoping that the release of Apptega's Inaugural State of Continuous Compliance Report is a warranted and exciting exception.
• Earlier this year, we surveyed practice leaders and senior operators at 115 security providers to "better define, understand, and benchmark compliance challenges, helping clear the hurdles to progress so providers can maximize growth and stand out among stiff competition."
• The State of Continuous Compliance Report has a lot of key takeaways that are worth taking a look at, however, one of my favorite findings that displays the importance of compliance automation platforms is "Half of the surveyed providers are still using spreadsheets to track, measure, and report on cybersecurity compliance for their clients. While 87% are open to delivering their services through a compliance automation platform, less than half are currently doing so. Overall, those using automation report faster risk assessments, higher ARR/MRR growth goals, and greater confidence in meeting those goals."

White House Wants to Harmonize the Breadth of Cybersecurity Regulations

• On June 4, 2024, the White House released a blog post explaining that a request for information (RFI) was released by the Office of the National Cyber Director (ONCD) last August to "formally jumpstart conversations with industry and ask for input to better understand the cybersecurity regulatory landscape." They also included this summary of the responses to the previously mentioned RFI.
• If you're wondering how this affects businesses, this quote from the Cybersecurity Dive article explains it best: "For many companies, the concern is they are spending countless hours and resources responding to duplicative information requests from different agencies, rather than having those agencies share the provided information."
• One of the key findings in the summary further drills down on this pain point by stating, "The lack of harmonization and reciprocity harms cybersecurity outcomes while increasing compliance costs through additional administrative burdens."

Ticketmaster Hit by Data Hack that May Affect 560M Customers

• Unsurprisingly, we have yet another data breach this week, and this time it has affected up to 560 million customers. May hasn't been the best month for Ticketmaster as this news comes just days after the U.S. Justice Department filed a lawsuit against them and Live Nation for running an alleged illegal monopoly.
• On May 20, 2024, Ticketmaster, one of the largest ticket selling companies in the world, was the unfortunate victim of a cyber attack. The Guardian claims that the hacking group called the "Shiny Hunters" are the ones to blame for this attack, and they've asked for a ransom payment of roughly £400,000 to prevent this data from being sold in the dark web.
• The U.S. Securities and Exchange Commission (SEC) confirmed that Live Nation Entertainment, the parent company of Ticketmaster, saw "unauthorized activity within a third-party cloud database environment containing Company data." This data reportedly includes "names, addresses, phone numbers and some payment details." Live Nation has yet to comment on any ransom payment rumors but confirmed the data breach in a federal filing.