North Carolina Prohibits Paying Ransoms
North Carolina recently made headlines when it became the first state to not only prohibit its agencies and local governments from paying ransomware demands after falling victim to a ransomware attack, but also prohibit these entities from communicating with the threat actor. An article from BakerHostetler explains that, in theory, this approach will hopefully deter threat groups from targeting these entities and curb the rising loss activity this sector has experienced in recent years; however, this is still an unlikely solution. It’s also important to note that communicating with the threat actor with the support of expert negotiators often buys victims additional time they so desperately need to investigate and activate their incident response plans. It will be important to follow this legislation and monitor if other states will follow suit.
Malware Found in Popular Amazon Product
A KrebOnSecurity report summarized by IT Brew exemplifies the systemic exposure so many within the Cybersecurity space are concerned about. The report highlights weaknesses existing within defense and military smart ID systems, created by compromised access card readers. Experts quoted within the report go on to discuss how these weaknesses are exploited by bad actors to work their way through a targeted industry vertical, such as the Department of Defense (DoD).
How to Comply With CIRCIA
CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act of 2022) is a new federal law enacted this year. It applies to a subset of critical infrastructure agencies, including health care organizations, financial institutions, critical manufacturing, nuclear power plants, water, electrical and telecommunications. The law requires reporting of a cyber-incident to the federal government within 72 hours and then reporting within 24 hours in the event a ransom payment is made. The article includes some recommendations on steps companies that fall under the act can take now to help them comply with the law.
Six Common Mistakes to Avoid for Maximizing Your Cyber Insurance Claims
With cyber insurance still a new and evolving product, insurance companies are constantly rewriting their policies in response to ever-changing risk to minimize their potential exposure. Policyholders that are aware of the most common issues that insurance companies look for will increase their ability to effectively navigate around these changes. A recent Risk and Insurance article examines six typical policyholder mistakes that insurance companies have used as a basis to reduce coverage, with completing the application being among the first on the list.
RCM&D Partner BitSight Sits Down with Business Insurance
Aaron Aanenson, Senior Director and Cyber Insurance Thought Leader at BitSight (an RCM&D partner organization), recently discussed changes in the cyber market and what underwriters look for in a new interview with Business Insurance. Check out the interview for a helpful overview of how BitSight is helping organization’s navigate and prepare for the current disruptive cyber landscape.
Questions?
RCM&D is here for you to help protect your cybersecurity. Talk to a trusted advisor today with any questions on these highlighted issues and beyond.
To subscribe to the RCM&D Cyber News Bytes Newsletter, click here.