Data Breach Notification
The number of data breaches are going up AND they are increasing in severity. COVID only compounded the issue, paving the way for cyber criminals to target new victims in the healthcare industry, financial sector, remote workers as well as the unemployed.
Did You Know:
So why talk about data breaches now?
Congress will be focusing on proposing and passing a National Data Breach Notification Law. To promote a more secure national cyber ecosystem, the Cyberspace Solarium Commission is recommending standardized data breach notification requirements in the United States that preempts the 54 existing state, district, and territorial data breach notification laws. Currently, a patchwork of varying protections litter the landscape. A national level framework would normalize customer expectations and provide regulatory certainty to businesses.
Congressman Jim Langevin is the chair of the newly formed Cyber, Innovative Technologies and Information Systems (CITI), a subcommittee under the Armed Services Committee. He is also the co-chair of the Congressional Cybersecurity Caucus and a member of the Cyberspace Solarium Commission—this legislation is on his radar.
During the course of our investigative work, Fortalice has observed an increasing and alarming trend: personal email compromise is leading to business email compromise. Threat actors will leverage weaknesses regarding executives’ or board members’ personal cybersecurity hygiene to gain access to their business accounts. Extortion also remains a top cybersecurity threat, with organized criminals overseas routinely targeting corporations and the people who support them.
Silicon Valley Bank (SVB) was shuttered early this month and had its deposits seized in the largest U.S. bank failure since the 2008 financial crisis. Although it may seem like SVB’s collapse will only impact its direct customers and depositors, it is far more complicated. Like vultures to roadkill, cyber scammers often wait to exploit and target victims after tragedy strikes, or bad news arises. A perfect storm of stress, uncertainty, and urgency for customers and vendors alike during this time can impair someone’s judgement when they click links and open emails they otherwise would ignore or delete. Fortalice has outlined a few different ways cybercriminals social engineer their victims during times of extreme distress and insecurity.