Cybersecurity Insights: Black Friday? How about Preventing Hack Friday

CYBERSECURITY INSIGHTS NEWSLETTER

As organizations look back on a year of rapid evolution in cybersecurity, from the growing threat of AI attacks to shifting compliance standards around “reasonable security”, now is the time to assess your security posture, build resilience, and prepare for the year ahead. HALOCK’s cybersecurity resources and expertise can support your organization in protecting data, meeting compliance requirements, and demonstrating due care through next year and beyond.

Black Friday? How about Preventing Hack Friday.

A Compromised Chatbot Integration Leads to Widespread Data Theft

School System Shuts Down Shortly After Opening due to Ransomware Attack

Misconfiguration of an AI Chatbot Exposes Data of 64 million Applicants

Cybersecurity Deadlines

Cybersecurity Maturity Model Certification (CMMC) 2.0 for the U.S. Department of Defense (DoD) contracts

DEADLINE: Nov 10, 2025
APPLIES TO: The “48 CFR Acquisition Rule” becomes effective so new DoD solicitations start including CMMC requirements (handling FCI/CUI).

U.S. Securities and Exchange Commission (SEC) amended Regulation S P

DEADLINE: Dec 3, 2025
APPLIES TO: Large Firms. Requirements for registered investment advisers (RIAs) to adopt, implement, and maintain written policies and procedures to establish an incident response program with respect to unauthorized access to or use of customer information.

DEADLINE June 3, 2026
APPLIES TO: Small Firms. U.S. Securities and Exchange Commission (SEC) amended Regulation S P

Cybersecurity and Infrastructure Security Agency (CISA) cyber-incident reporting rule under Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA)

DEADLINE: May 2026
APPLIES TO: Final rule requiring critical infrastructure owners/operators to report “covered cyber-incidents” and ransom payments within specified timeframes.

Revised California Consumer Privacy Act (CCPA) regulations (by the California Privacy Protection Agency)

DEADLINE: Jan 1, 2026
APPLIES: New requirements around cookie banners, opt-out signals (e.g., Global Privacy Control), privacy policy disclosures, and other consumer-data practices become effective.

Be our Guest at FutureCon. Earn up to 10 CPE.

FutureCon Chicago 2026: In-Person or Virtual

Incident Response Readiness & Checklist

Holiday Cyber Incident Response Readiness and Checklist

New Solutions

HALOCK has launched External Attack Surface Management (EASM) assessments and services. The service is designed to provide actionable intelligence on exploitable vulnerabilities for all your externally facing assets on a continuous basis. No security tool whitelisting or scope reduction required. HALOCK provides baseline, periodic, and continuous options.

EASM

Learn more about Continuous Threat Exposure Management (CTEM).

Cybersecurity Awareness Posters

Download Elf

Download Cyber Story

Eat, Drink, and Be Wary of Holiday Hacks and Scams – MORE poster designs

*Sources:

Lexology “Deadline to Comply with the SEC’s Regulation S-P Amendments”
Federal Register “Defense Federal Acquisition Regulation Supplement”
RegInfo.gov “View Rule” entry (RIN 1670-AA04) for CIRCIA reporting requirements.
CCPA Statute/Regulations PDF indicating Title and Scope with effective date Jan 1 2026.