New Privacy Laws, Business Email Compromise (BEC) & VPN Attacks and Cyber Insurance: June Cyber News Bytes

Maryland Enacts Comprehensive Consumer Privacy Legislation: What You Need to Know

Maryland joins the growing list of states with a comprehensive consumer privacy law. The Maryland Online Data Privacy Act of 2024 (MODPA) was signed into law on May 9, but organizations still have time to prepare. The law goes into effect on October 1, 2025 but will not be enforced until April 1, 2026. This Baker Donelson article provides insight into whom this law will affect and a description of how MODPA defines personal data. It also outlines the obligations that organizations will have under the new law along with the rights of consumers. As states continue to introduce privacy laws, organizations need to continually review their privacy programs and make any needed changes to ensure compliance.

70% of Businesses Targeted by Business Email Compromise (BEC) Attacks

Arctic Wolf’s 2024 Trends Report highlights the continued prevalence of Business Email Compromise (BEC) scams and Ransomware as they remain the leading types of cyber-attacks posing concern for organizations. These attacks can impact any organization regardless of size, and they continue to increase in frequency. With social engineering attacks on the rise, the survey found that 70% of organizations have fallen victim to attempted BEC attacks. 45% of participants also noted that they had experienced ransomware attacks. While implementation of cybersecurity controls is essential, cyber insurance has proven to be a valuable investment, with 95% of surveyed organizations either having a policy or planning to purchase one. Qualifying for and purchasing a policy can be more challenging for smaller organizations with budget constraints and a lack of resources. As the cyber threat landscape continues to evolve, it is likely that adoption of insurance will increase as well.

Check Point Warns of Attacks on Remote Access VPNs

This article from Help Net Security stresses the importance of using secure authentication methods and offers guidance on improving VPN security and investigating unauthorized access attempts. Check Point has issued a warning about attackers attempting to access users’ VPN devices through password-protected local accounts. This past April, Cisco Talos warned about a global increase in brute-force attacks against VPN services, web application authentication interfaces and SSH services. A few solutions that can prevent VPN attacks include disabling unused local accounts, implementing additional authentication layers and applying a hotfix to prevent password-only logins.

Should Insurance Be Integrated into Cyber Response Plans? Experts Weigh In

In this Business Insurance article, experts recommend integrating insurance into your organization’s cyber incident response plan to maximize coverage and protect sensitive information. Companies should have response plans in place before a cyberattack occurs and review their insurance policies immediately after an incident. Your response plan should establish clear protocols to protect information during a breach so that approved vendors can be quickly accessed, and companies can ensure that communications maintain legal privilege. Building relationships within the organization and with external vendors can also help streamline incident response efforts. Additionally, clear and effective communication across departments is crucial to ensure all costs associated with external vendors and response efforts are covered by your insurance policy.