Cyber Security Services
Trusted by 10% of the top 100 Forbes Global 2000 companies. At Managed Security Services we tailor our programs for each customer.
02/10/2026
Today's Cyber Briefing : Quick + To the Point
California is signaling the end of "surveillance pricing."
Attorney General Rob Bonta has launched an investigative sweep targeting businesses using personal data for individualized pricing. It's not just about data collection anymore: it’s about opaque algorithms determining costs. Under CCPA, transparency is mandatory.
Why it matters:
Using behavioral data, location, or demographics to manipulate pricing without disclosure violates privacy rights. Automated dynamic pricing is now a high-priority target for regulatory scrutiny.
What orgs should do now:
- Audit pricing algorithms to ensure they don't pull protected data.
- Update CCPA notices with specific "surveillance pricing" disclosures.
- Test opt-out mechanisms to ensure they stop price adjustments.
- Document the logic behind automated pricing to prepare for inquiries.
Takeaway:
Transparency is the only shield against the AG's new focus. If you can't explain your pricing logic, you can't defend it.
02/08/2026
Your vendor’s security is now your security. There is no separation anymore.
The biggest threat to your enterprise isn’t even on your network. Supply chain opacity is the silent killer of modern security programs: allowing threat actors to bypass hardened perimeters by targeting the "soft" side: trusted third-party vendors with deep access but shallow controls.
Why it matters:
Attackers are shifting away from the front door. They’re looking for the smallest, least-secured link in your vendor list to gain a foothold. Once they’re in, they move laterally until they hit the prize. If you don’t have visibility into your partners' risk posture, you’re flying blind.
What orgs should do now:
- Inventory every third-party connection and API immediately.
- Enforce MFA and strict least-privilege access for all vendor accounts.
- Stop treating compliance as a one-time event: continuously monitor partner risk.
- Audit high-privilege connections for unusual behavior.
Takeaway:
You can outsource the service, but you can never outsource the risk. Patch fast. Reduce exposure. Assume compromise.
At CSS, we utilize BlackKite, an industry leading vendor risk monitoring platform. While we are vendor neutral, we’ve found a few that work, and this is one your team should consider! Please reach out to us to see the benefit.
Click here to claim your Sponsored Listing.
Category
Contact the business
Telephone
Address
752 N. State Street #172
Westerville, OH
43082