Blog Archive - Planet 9 Inc.

Top 5 Cybersecurity Trends and Statistics of 2023

More data breaches, higher fines, the proliferation of ransomware, and the growth of AI tools. Planet 9 prepared some of the most impressive cybersecurity trends and statistics of 2023.

The New Executive Order Addresses AI Security

Biden issued an Executive Order to set standards for AI security. Learn how businesses may be affected

Breach Notification Reguirements Under GLBA Safeguards Rule

FTC requires businesses to report data incidents affecting more than 500 individuals. Learn more about this GLBA Safeguards Rule update.

When is PCI DSS 4.0 Required?

The transition period from PCI DSS 3.2.1 to 4.0 is ending soon. Learn when is PCI DSS 4.0 compliance required and how to go through the transition smoothly

HIPAA Technical Safeguards to Protect ePHI

HIPAA technical safeguards mainly address technical controls that organizations should implement to protect ePHI. Let’s look into those HIPAA requirements and how to address them

HIPAA Physical Safeguards to Protect ePHI

HIPAA physical safeguards are physical measures, policies, and procedures to protect a covered entity’s electronic information systems, related buildings, and equipment.

Administrative Safeguards to Protect ePHI

The HIPAA Security Rule requires the implementation of administrative, physical, and technical safeguards for ePHI protection. Learn what administrative safeguards should be in place to protect ePHI.

Cybersecurity Awareness Month 2023: Secure Our World

Cybersecurity Awareness Month 2023 focuses on cybersecurity tips and best practices for all individuals. Learn four simple ways to protect yourself, your family, and your business from online threats.

AI, Incident Response, and Training Help Reduce Data Breach Cost

2023 set a high record with the global average data breach cost reaching $4.45 million. Learn more about the main trends related to data breach cost

Draft CCPA Regulations Address AI, Risk Assessments, and Audits

The California Privacy Protection Agency unveiled Draft CCPA Regulations addressing AI, Risk Assessment and Audits. Learn what is new and what is likely to have the most impact on businesses.

How to Hire the Right CISO

A good CISO is definitely an experienced professional who meets your organization’s needs. Learn more about how to hire the right CISO

Ransomware Protection: How the Current State of Ransomware Shapes Your Strategy

Ransomware protection is one of the key security concerns. Learn the the current state of ransomware to stay ahead of this threat

What are the Main Cloud Security Challenges?

Cloud adoption entails multiple cloud security challenges. Unravel the complexities of safeguarding data, privacy, and compliance in cloud environments

Is Google Analytics HIPAA Compliant?

Google Analytics is a powerful data tracking tool, but it is not HIPAA compliant out of the box. Planet 9 explains how to make your Google Analytics HIPAA compliant.

EU-U.S. Data Privacy Framework Simplifies Data Import for U.S. Companies

The U.S. companies no longer need to implement additional safeguards when importing data from Europe. Learn more about the Data Privacy Framework and what it means for your business.

Secure Software Development Attestation

Secure software development attestation is a must for businesses supplying software to federal agencies. Continue reading to learn more.

Key Highlights of the NIST SSDF: Secure Software Development Framework

NIST SSDF represents secure software development practices and helps developers reduce vulnerabilities. Learn more about the NIST SSDF key security practices.

2023 DBIR Overview

For over 15 years DBIR helps to stay ahead of emerging cyber threats. Learn the 2023 DBIR key takeaways and leverage the findings to strengthen your cybersecurity posture.

NIST 800-171 Revision 3: Updated Requirements for CUI Protection

NIST 800-171 Revision 3 is released. Learn about the most significant changes introduced through the NIST updates.

Largest GDPR Fines to Date

GDPR fines make non-compliance a costly mistake. Learn the GDPR’s logic for imposing the fines and take note of the largest GDPR fines to date

CCPA Compliance: What are Business Obligations?

CCPA compliance is a must-have for many businesses operating in California. Learn about the main obligations under CCPA and how to apply them in practice.

AI in Cybersecurity: Risks and Vulnerabilities

AI Cybersecurity is a double-edged sword. While while AI reinforces our cyber defense, it still has vulnerabilities and may be offensive. Learn about AI-related security issues.

SOC 2 Readiness Assessment Guide

SOC 2 audit is a great way to demonstrate your data security commitment. Learn how SOC 2 readiness assessment can raise your chances for a successful audit.

2023 RSAC: Key Takeaways

#cybersecurity❙
#RSAC

The main theme of 2023 RSAC is “Stronger Together.” It involves creating a cohesive front that leverages diverse knowledge to combat cyber threats.

How Much Does a vCISO Cost?

By hiring a vCISO, businesses expect to cover all their information security and compliance needs. Learn how much a vCISO costs depending on your business needs.

What Does it Mean to be a HIPAA-Compliant Entity?

Whether you’re a covered entity or business associate, HIPAA compliance is a must. See the checklist to ensure you’re a HIPAA-compliant entity

Congress Hit with a Healthcare Data Breach

The Social Security numbers and personal information of thousands of people, including lawmakers, were compromised in a healthcare data breach

Cybersecurity Risks amid SVB Collapse

SVB collapse rocked the financial industry, yet cybersecurity is also challenged. Learn about the main cybersecurity risks amid SVB collapse.

2023 National Cybersecurity Strategy Review

The 2023 National Cybersecurity Strategy targets critical infrastructure owners. Learn about the Strategy’s key points and implications

PCI DSS 4.0 Updates. All you Need to Know

The PCI DSS released new version 4.0 at the end of March 2022. Find out what’s the most important in the PCI DSS 4.0 Updates

CISA Advices on K–12 Cybersecurity

Technologies make schools more efficient while putting them at cybersecurity risk. See what CISA recommends on K-12 cybersecurity

What Should Businesses do with ISO 27001 Updates?

ISO 27001:2013 was updated to ISO 27001:2022 at the end of October. Let’s figure out what your business should do with ISO 27001 updates

Your Part of Shared Responsibility in SaaS Cloud

Cloud security isn’t a one-way game. Both businesses and providers are responsible. Ensure you fulfill your part of the shared responsibility in SaaS cloud.

Cybersecurity in 2023: What to Expect?

The 2023 cybersecurity landscape promises to be dynamic. Take a look at our shortlist of core events that’ll affect cybersecurity in 2023

2022 Cybersecurity Year in Review

The Russian invasion of Ukraine drew the trajectory of 2022 cybersecurity. Learn how the war affected the cyber environment over the passing year

GLBA Compliance Updates: Deadline Extended

#cybersecurity❙
#glba

The GLBA compliance deadline has been extended to June 9, 2023. Learn about the reasons of this extension and figure out how the GLBA compliance works

CISO Services: Benefits, Trends, and Functions

#cybersecurity❙
#vciso

CISOs act as shields protecting your company’s property, data, and assets. Learn how to choose the best CISO services for your business.

Identify your PCI compliance level

#cybersecurity❙
#PCI DSS

Are you a merchant, a service provider or both? Learn how to identify your PCI compliance level.

Using Data Analytics may not be HIPAA Compliant

#cybersecurity❙
#hipaa

Advocate Aurora exposed 3M PHI due to using data tracking technologies. Ensure compliance when processing and storing PHI and think twice before using data analytics

RoC, AoC, and Other Elements of PCI DSS Compliance

#audit❙
#cybersecurity

Take a look at the main parts of PCI DSS compliance and learn why your organization’s merchant level matters

Protect Yourself Against Social Engineering Attacks

Most modern human-centric data breaches involve social engineering. Learn how to protect against this kind of attack, and don’t let cybercriminals deceive you

Social Engineering as the Art of Deceiving

Hackers use different social engineering techniques to trick users into sending money or disclosing sensitive data. Learn how to spot social engineering threats

“See Yourself in Cyber”: Human Factor in Cybersecurity

The 2022 Cybersecurity Awareness Month focuses on “people part” of cybersecurity. Learn about the human factor and how hackers use their creativity to exploit human-related vulnerabilities

Developing Information Security Policy

Information security policy plays a vital role in protecting data confidentiality, integrity, and availability. Learn how to develop your policy.

GLBA Updates Reminder

#cybersecurity❙
#glba

The GLBA updates become effective in December. Make sure you’ve revised your policies and procedures to comply with new requirements.

CCPA Showed its Teeth. $1.2 Million Fine for Selling Callifornians’ Data

#ccpa❙
#privacy

A beauty retailer pays $1.2 million fine for CCPA violation. It’s all about using third-party analytics on its website. Learn more with us.

CISA and FBI Warn on Zeppelin Ransomware

Federal agencies warn on tactics, techniques, and procedures used by Zeppelin ransomware actors

Congress Released ADPPA – Draft Federal Privacy Law

#ADPPA❙
#privacy

ADPPA would enact a unified federal privacy law governing the use of citizens’ personal information. Learn what it means for your business

CIRCIA: Critical Infrastructure Now to Report Cyber Incidents and Ransom Payments

CIRCIA requires critical infrastructure organizations to report substantial cyber incidents and ransom payments. Read more about the new law

DoD Memorandum Reminds Contractors to Protect CUI

Significant material and reputational risks threaten contractors that have not implemented NIST SP 800-171, as the DoD memorandum states.

Supply Chain Attacks in Healthcare. The Case of Shields, Eye Care Leaders, and MCG Health

Data breach reports prove the evolving trend of supply chain attacks in healthcare. Determine who is more responsible for third-party data incidents

HIPAA Compliance for Start-Ups: Debunked Misconceptions

#healthcare❙
#hipaa

Small businesses are often led by misconceptions when it comes to HIPAA. Our free e-book can help with proper HIPAA compliance for start-ups.

2022 RSAС: Key Takeaways

#cybersecurity❙
#RSAC

Every year the RSAC keynote speakers bring their unique insights on the future of cybersecurity. Learn what’s new in 2022 RSAC

Reinforcing the Weakest Security Link with Access Controls

Weak human firewalls force businesses to adopt advanced access controls. Read our blog to get familiar with access controls that mitigate some of the risks associated with human factors.

Building a Successful Zero Trust Strategy

#cybersecurity

The complexity of the modern cybersecurity landscape is calling for new defense approaches. Learn about zero trust, its main principles, and its mechanisms

Recent Healthcare Data Breaches. The Importance of Sharing Experience

Healthcare data breaches may give valuable lessons on how to address cyberthreats, yet their details are rarely made public. Learn why sharing the incident experience is crucial for healthcare

UCPA: the Most Business-Friendly Privacy Law

#ccpa❙
#privacy

The Utah Consumer Privacy Act (UCPA) is considered the most business-friendly state privacy law yet. Learn about the main facets of the law to be ready to comply in the future

Exploring New Attack Approaches. The Case of Microsoft and Okta

Microsoft and Okta suffered data breaches after a cybercrime group declared them as targets. Learn how the unique attack approach contributed to compromising the tech giants.

Applying PIPEDA for U.S.-Based Organizations

PIPEDA is the Canadian privacy law for private-sector businesses. Learn how it affects U.S.-Based companies doing business with Canada.

The State of Ransomware in 2022

#cybercrime❙
#ransomware

Ransomware shows no signs of slowing down while its business model has changed. Read more about the state of ransomware in 2022.

Security Awareness Training. Important Things to Know

#security awareness

Digital dependency prompts businesses to strengthen their technological defenses. Learn how security awareness training helps reduce cybersecurity risks.

Cyber Threats to National Security

#national security

National security is no longer military defense only but also cyber protection. Learn about the common cyber threats to national security.

Mobile Device Security

Learn about best practices that will enhance mobile device security and enable businesses to provide their employees with secure access to corporate resources

How the Good Data Breach Response Looks Like?

A data breach may be detrimental to businesses, but much depends on your reaction. Learn to make a quick and decisive data breach response.

All You Need to Know About GLBA Compliance in Higher Education

#education❙
#glba

Cyberattacks plague colleges and universities. Learn why GLBA compliance in higher education institutions is important.

Supply Chain Attacks and Cybersecurity

Supply chain attacks are on the rise. Learn how to align security efforts within your supply chain to reach a more desirable level of cyber protection.

Reviewing the 2021 Healthcare Data Breaches

The year 2021 appeared challenging, given the number and severity of healthcare data breaches. Review some of the most severe incidents and get key takeaways of the past year.

2022 Cybersecurity Trends

#cybercrime

Cybercriminals are getting more motivated, organized, and sophisticated in executing attacks. Read our blog to learn about 2022 cybersecurity trends.

SOC 2 + HIPAA: Combining Two Audits

HIPAA is one of the most frequently demanded subject matters for SOC 2 audits. Learn more about the main peculiarities of the SOC 2 + HIPAA.

SOC 2: Specific Criteria for Controls Evaluation

#audit❙
#soc2

The Security category is imperative for all SOC 2 engagements; but what if your commitments to customers and services demand including other criteria?

SOC 2: Common Criteria for Controls Evaluation

#audit❙
#soc2

Every SOC 2 audit encompasses from one to five categories while Security is a must-have. Learn more about how the Security-related controls are evaluated.

Fall 2021: Summary of Healthcare Data Breaches

Fall 2021 showed a slight increase in reported healthcare data breaches. Acquire the main tendencies, channels, and locations of cyberthreats.

PIA vs. DPIA: the Purpose and Requirements

#gdpr❙
#privacy

Organizations that fall under the EU’s GDPR may be required to perform DPIA. Learn more about the requirement and how it differs from the PIA.

vCISO: a Solution for Small Businesses

#ciso❙
#vciso

Small organizations often lack a dedicated leader to manage their security and compliance needs. Learn how vCISO can help.

FedRAMP: Core Things to Know About the Program

FedRAMP Authorization is the main prerequisite to offering cloud services to the U.S. government. Learn more about the authorization requirements.

Cyber Incident Reporting on Critical Infrastructure

#cybercrime

Following SolarWinds & Colonial Hacks, security officials Introduced draft legislation on cyber incident reporting. Learn how it may affect your organization

#BeCyberSmart: Common Tips to Fight Against Phishing

#cybercrime

One of the primary 2021 Cybersecurity Awareness Month’s focuses is resisting the phishing threat. Read how to fight against phishing and #BeCyberSmart!

Getting Ready for SOC 2 Audit: Where to Start?

#audit❙
#soc2

SOC 2 is becoming a synonym for a reliable service provider. Learn how to prepare your organization for the SOC 2 audit and get a favorable audit opinion.

CCPA vs. CPRA: Upcoming Changes to the Law

Discover what updates CPRA will bring to CCPA’s data privacy requirements and realize their implications for your organization.

Ensuring Business Continuity at the Time of Disasters

#business continuity

Disasters may be detrimental to organizations that don’t have an emergency plan. Planet 9 advises on how to ensure business continuity during a disaster.

Data Security in Context of CCPA Compliance

#ccpa❙
#privacy

CCPA grants Californian consumers privacy rights while imposing obligations on businesses. Learn how to meet these obligations and achieve CCPA compliance.

Core Aspects of California Consumer Privacy Act (CCPA)

#ccpa❙
#privacy

A detailed overview of the California Consumer Privacy Act (CCPA) and its requirements for data privacy. Learn how to work with consumers’ data in California.

Unscrambling Confusion Around CUI Protection Requirements

#cmmc❙
#nist

CUI protection requirements evolve around a stable regulatory basis. Get a sense of the standards, requirements, and regulations around it.

Digitalization in Healthcare: Opportunities and Challenges

#healthcare

Digitalization has breathed new life into qualitative healthcare service delivery, yet the reverse side exists. Explore both the opportunities and challenges with Planet 9.

Roadmap for Ransomware Protection

#cybercrime❙
#ransomware

General guidelines that would help your organization to prepare, prevent, and protect from potential ransomware incidents.

A Guide to Conducting NIST SP 800-171 Self-Assessments

All DoD contractors that work with CUI must perform a self-assessment for compliance with NIST SP 800-171. Learn what the assessment process entails.

NIST SP 800-171 Compliance Guide

Non-federal contractors that handle CUI are bound to comply with NIST SP 800-171, as the Interim Rule requires. Learn more about why NIST SP 800-171 compliance matters.

Ransomware Hits Critical Infrastructure: a Case of Colonial

A simple explanation of why the ransomware attack on the Colonial Pipeline Company is such a big deal for the U.S. critical infrastructure

CMMC Compliance: a Guide for DoD Contractors

#cmmc❙
#nist

The Cybersecurity Maturity Model Certification is on the rise. Learn more about the CMMC compliance requirements for DoD contractors.

HIPAA Compliance Evaluation for Responding to Security-Related Changes

#healthcare❙
#hipaa

HIPAA compliance requires a continuous and thorough evaluation of organizations’ capability to comply with the requirements and address changes. Learn how HIPAA Vitals may help.

Risk Assessment Under HIPAA Security Rule

A step-by-step risk assessment process for HIPAA Security Rule Compliance. Stay protected against risks and hazards to ePHI security.

HIPAA Security Rule: Implementing Safeguards to Protect ePHI

#healthcare❙
#hipaa

The HIPAA Security Rule requires administrative, physical, and technical safeguards for ePHI protection. Inquire about their implementation specifications.

Maintaining Data Security in the Cloud

Maintaining data security in the cloud is becoming more challenging. Discover how organizations’ best practices and security tools may help.

Shared Responsibility Model: Addressing Key Challenges to Cloud Security

#cloud security

The ongoing trend for cloud adoption exposes businesses to multiple cloud security challenges. Learn how the shared responsibility model can help.

HIPAA Compliance: Learning from Others’ Mistakes

#healthcare❙
#hipaa

Review general information about HIPAA Compliance and see consequences of non-compliance.

Stay Safe from Cybercrime amid COVID-19 Vaccination and Tax Time

#cybercrime

Forewarned is forearmed: learn about the common phishing schemes during the vaccination and tax time

HITRUST Certification in Healthcare

Discover how HITRUST certification aligns different compliance requirements and what the certification process entails

How to Conduct a Risk Assessment?

#risk assessment

Learn about the main steps necessary to conduct a risk assessment for protecting your data and staying compliant

Answering Key Questions About Security Risk Assessments

#risk assessment

Learn about the risk assessment and decide which methodology is the most suitable for you

General Insights into ISO 27001

#iso27001

Learn about the ISO 27001:2013 international certifiable standard and its significance for ISMS reliability

What is a SOC2 Audit and What are Its Benefits?

#audit❙
#soc2

Learn about compliance challenges that induce companies to undergo SOC 2 audits and what SOC 2 is about.

What is GDPR Compliance and Why is it so Important?

#gdpr❙
#privacy

The most important things you need to know to stay compliant with the General Data Protection Regulation and why it is so significant for individuals and businesses.

More About PCI DSS Compliance

#pci

According to MasterCard’s “The Global Journey From Cash to Cashless” article, the percentage of large cashless payments in the US is 80%. Learn about PCI-DSS compliance requirements.