A bipartisan group of 14 United States senators recently introduced proposed legislation that would require federal contractors and operators of critical infrastructure to disclose any cyber intrusion within 24 hours. A copy of the proposed legislation can be found here.
Currently, there is no federally mandated reporting requirement for cyberattacks on American infrastructure targets. The newly proposed legislation is designed to prevent these attacks from going unreported and uninvestigated.
Phishing attacks are simple, widely used and highly effective — and they can be devastating to the people and organizations they target. In this episode of the Faegre Drinker on Law and Technology Podcast, host Jason G. Weiss sits down with Art Ehuan, vice president of Palo Alto Networks, and Chris Holden, chief information security officer at Crum & Forster, to discuss practices and defense strategies to keep phishing attacks at bay.
The regulation of cybersecurity remains a new and rapidly evolving space — and regulatory activity and priorities can be somewhat opaque to outside observers. In this special episode of the Faegre Drinker on Law and Technology Podcast, host Jason G. Weiss shares a discussion led by Faegre Drinker’s Peter Baldwin, who sat down with Brent Wilner, senior advisor to the Securities and Exchange Commission’s (SEC) Cyber Unit, and Justin Herring, leader of the New York Department of Financial Services’ (NYDFS) Cybersecurity Division. The two guests share their insights on each agency’s priorities in cybersecurity, data protection and enforcement.
The California Office of the Attorney General, under the leadership of new Attorney General Rob Bonta, has taken significant actions in recent weeks indicating that it is ramping up and potentially adding a new area of focus in its enforcement of the California Consumer Privacy Act. Read on for some important considerations for businesses.
Continue reading “A New Sheriff in Town: Enforcement of the CCPA Picks Up Under Bonta”
On July 2, 2021, Kaseya Ltd., a Florida-based firm that provides software tools to thousands of primarily small and mid-sized businesses, became the latest victim of a high-profile ransomware attack. The attack is believed to have affected as many as 1,500 of Kaseya’s customers throughout the world, including at least 200 businesses in the United States. The attackers, who have claimed association with the Russia-linked REvil ransomware gang, have demanded an astronomical $70 million ransom to restore services for affected businesses.
The Kaseya attack was particularly devastating and effective because it was a supply chain attack, meaning it targeted a type of software that many other companies use to manage and distribute software updates. Thus, the attack not only affected Kaseya, but also potentially all of its customers.
Continue reading “Kaseya: The Latest High-Profile Ransomware Attack”
With Colorado Governor Jared Polis expected to sign the Colorado Privacy Act, SB-190 into law in the coming days, Colorado will join California and Virginia as the third state with a comprehensive data privacy law.1 The Colorado Privacy Act (“CPA”)—which passed with bipartisan support in both the Colorado House and Senate—is similar, but not identical, to the California and Virginia data privacy laws. Although its provisions will not take effect until July 1, 2023, the passage of the CPA grows the patchwork of state privacy regimes and may spur further calls for a uniform federal standard, as compliance for businesses becomes increasingly complicated.
