Each month, RCM&D’s Cyber Practice highlights key issues in the world of cybersecurity. In this month’s edition of Cyber News Bytes, we discuss the recent Colonial Pipeline ransomware attack, new ransomware targets, Virginia’s new Consumer Data Protection Act and more.
Colonial Pipeline Ransomware Attack: The Aftermath
Much has been written about the Colonial Pipeline ransomware attack since our last newsletter. As we begin to digest its impact and systemic effects on the cyber landscape, it’s clear this will be something we will continue to talk about in the months ahead.
The ability of governing bodies to thwart these malicious actors’ attempts at disrupting businesses for their monetary gain will be a big topic of discussion and was covered in Baker Hostetler Data Counsel’s assessment of what’s next following this well-publicized attack. Recent reports via the Associated Press and Krebs on Security outline additional details on the attack’s aftermath and the chain reaction that ensued. As one of the most notable cyber events in recent memory, impacting consumers coast-to-coast, it serves as yet another reminder of just how far-reaching the impacts these situations can have. The continuing aftermath of this attack will be important to monitor in the months ahead as organizations look to protect themselves from falling victim to a similar large-scale attack.
Coveware Q1 2021 Report Reveals New Ransomware Targets
Coveware recently released its 2021 quarterly ransomware report. The report outlined increasing ransom payouts, information on data exfiltration, types of ransomware, attack vectors, target organizations and the cost of attacks.
As indicated in a summary from Ride The Lightning, the Coveware report highlights the professional services industry as the most impacted by ransomware. Law firms have been particularly affected, with the article circling small and medium-sized firms as the most vulnerable organizations for an attack. The report also references some important statistics related to the recent uptick in ransomware attacks.
Virginia Adopts New Consumer Data Protection Act: What Does it Mean?
JD Supra outlined the new Virginia Consumer Data Protection Act (VCDPA), which was recently signed into law and will be effective on January 1, 2023. Similar to the CCPA and GDPR, which we’ve covered in previous blog posts, consumers are given more control over their personal data – how businesses collect it and how they use it. Although many small businesses are exempt from the new law, all businesses should become familiar with its details. Additional states will likely be adopting similar legislation soon. This article provides a breakdown of the obligations under the VCDPA and provides some insight into what could be next for other states.
Incident Response and Forensic Challenges in a World Working Remotely
A recent article from Joseph L. Bruemmer of Baker Hostetler outlines information from their 2021 Data Security Incident Response Report. This report discussed forensics investigation and recovery challenges in a work-from-home environment, which involved key incident response components. The article outlines some crucial steps for any organization to prepare to respond to a cyber incident in a remote work environment.
Questions?
RCM&D is here for you to help protect your cybersecurity. Talk to a trusted advisor today with any questions on these highlighted issues and beyond.