The Rise of Ransomware
The Media Sonar research team asked 605 security professionals what threats they have seen most frequently in 2021. Almost 70% responded that ransomware was the most frequent, followed by supply chain threats (17%) and threats from the hybrid workforce (9.8%). Of those who selected “Other”, common threats specifically mentioned included phishing, business email compromise (BEC), CEO fraud, account takeover, and social engineering attacks.
While the EU’s GDPR has strict reporting laws when it comes to the personal information held by companies, the rules in the US are far more lax and a bit fuzzy. There is no federal regulation that requires companies to report breaches, outside of rules relative to patient records or other forms of personally identifiable information (PII).
But all that is about to change. Congress is currently considering a bill that would require organizations that make a ransom payment to report that payment to the Director of the Cybersecurity and Infrastructure Security Agency (CISA), a division of the U.S. Department of Homeland Security, within 24-hours of the payment.
The “Cyber Incident Reporting Act of 2021” would apply to critical infrastructure organizations, nonprofits, businesses with more than 50 employees, and all state and local governments. The bill would also require critical infrastructure companies to report any cyber incident within 72 hours.
And that’s not all. The government wants to be able to analyze the methods and tactics of cybercriminals, so companies are required to do more than simply report that a breach occurred or that a ransom was paid. The proposed regulation would require companies to provide detailed information on how the breach happened, what security measures were in place and how the attackers got around them.
The proposed law has important implications. MSPs, in particular, need to start upping their security game when it comes to preventing breaches in the first place, responding quickly to incidents when they do occur, and better protecting each client’s brand.