November Cyber News Bytes

Was OFAC’s Advisory an October Surprise or More of the Same?The US Treasury Department’s Office of Foreign Asset Control (OFAC) has issued an advisory regarding potential sanctions around a ransom demand payment. This advisory comes as ransomware activity continues to spike in the wake of COVID-19 and as new, sophisticated forms of attacks take shape. A recent report from BakerHostetler’s Data Counsel reviews this new advisory and provides commentary on points of reinforcement the OFAC has made. BakerHostetler believes the advisory is nothing entirely new and serves as a public reminder for companies and the experts that support them to engage the FBI as they manage these situations.

Cyber Risk for Small Businesses – Understanding Your Individual Risk

Cyber risks are found within any organization, regardless of size. While the exposures may be more significant for large organizations, these businesses are often better equipped to manage them due to the resources at their disposal. A piece from Risk & Insurance provides an important reminder that smaller organizations do not fly under the radar when it comes to being targeted for an attack. The article reviews the importance of understanding these organizations’ unique risks and offers solutions to address them.

Fundamental Gap in Data Privacy Enforcement

In recent years, there have been significant changes in data privacy compliance and enforcement. While this is a positive sign, both areas are still in need of further evolvement. While there have been several attempts to enact federal data privacy laws, Congress has been unsuccessful due to several challenging policy issues. As a result, businesses are subject to a myriad of regulations amongst all 50 states and potentially foreign government privacy laws. An article from Volkov Law highlights this patchwork of regulation and enforcement businesses continue to be subjected to as we wait for Congress to resolve policy issues at a federal level.

Spear Phishing Attacks Continue in Education & Healthcare

As many schools and colleges continue to utilize remote learning methods amid COVID-19, email is heavily relied on for staff to provide updates and other essential communication. Much like other vulnerabilities throughout the COVID-19 pandemic, hackers are taking full advantage. Researchers at Barracuda evaluated a significant number of spear-phishing attacks, including over 1,000 incidents at educational institutions from June through September. This research showed that educational institutions are twice as likely to be targeted by business email compromise (BEC) attacks compared to an average organization. The article highlights methods of attack and ways schools can protect themselves.

Another article on this topic from Ensemble highlights these spear-phishing attacks in healthcare settings and provides specific examples. It goes on to blueprint a two-pronged cybersecurity strategy involving both technology safeguards and behavioral changes.


RCM&D is here for you to help protect your cybersecurity. Talk to a trusted advisor today with any questions on these highlighted issues and beyond.