Tag: cybersecurity

Posted on by Duane Morris

Comment Period Open for Defense Department’s Cybersecurity Maturity Model Certification Program Proposed Rule

On December 26, 2023, the Department of Defense (DoD) published its long-awaited proposed Cybersecurity Maturity Model Certification (CMMC) Program rule, which will impose comprehensive cybersecurity and compliance affirmation requirements on DoD contractors and subcontractors. Given that the eventual final rule could result in CMMC clauses in some DoD contracts as early as the first quarter of fiscal year 2025, interested parties are encouraged to submit comments on the proposed rule by February 26, 2024.

Ready the full Alert on the Duane Morris LLP website.

Posted on by Eric J. Sinrod

Oregon Senator Proposes Robust Federal Privacy Legislation

Frustrated by privacy lapses by US companies, Democrat Senator Ron Wyden of Oregon has introduced proposed federal legislation referred to as the Mind Your Own Business Act (the Act). If enacted, this law could put serious teeth into efforts to protect consumer data.

Serious Penalties for Noncompliance

Indeed, the Act could cause certain executives to find themselves in prison for as many as twenty years if their companies are found to have lied to legal authorities about improper use of consumers’ personal information. On top of that, the Act could lead to such companies incurring special tax penalties corresponding to executives’ salaries.

If this were not enough, the Act would empower the Federal Trade Commission with the ability to fine companies for violating this law up to four percent of corporate annual revenues. For some companies, this could amount to fines in the billions of dollars. Continue reading “Oregon Senator Proposes Robust Federal Privacy Legislation”

Posted on by Eric J. Sinrod

Staying Ahead of Rampant Cyber-Attacks

Since the advent of the most rudimentary technology, criminal activity has followed. And in more recent times, the internet certainly has been no stranger to criminal enterprises. Indeed, governmental entities, companies and individuals are falling victim to all sorts of cyber-crimes on a constant basis. A look at just one criminal target drives home the rampant nature of online attacks.

Brace yourself for this – the City of London Corporation suffered almost one million cyber-attacks monthly for the first quarter of 2019, based on information obtained by Centrify as reported by info security-magazine.com. That indisputably is a phenomenal number of attacks on the local authority which oversees capital housing for a good portion of the financial center in London. Continue reading “Staying Ahead of Rampant Cyber-Attacks”

Posted on by Eric J. Sinrod

FBI Warns of Cybercrimes Targeting Seniors

World Elder Abuse Awareness Day took place last week on June 15. This Awareness Day highlights how older populations are vulnerable to various forms of fraud and seeks to promote education and strategies to prevent the elderly from being victims of deception.

At the federal level here in the United States, the Elder Abuse Prevention and Prosecution Act was enacted in 2017, and the Department of Justice brought forth the Elder Justice Initiative. The purpose of the Initiative is to provide a platform for the DOJ “to combat elder abuse, neglect and financial fraud and scams that target our nation’s seniors,” according to an FBI press release. As a consequence, the FBI “has prioritized [its] efforts to address elder fraud.”

Regional initiatives to protect the elderly have been introduced in the United States as well. For example, the Phoenix Field Office of the FBI is seeking to create greater knowledge about “cyber scams targeting the elderly in Arizona” in recognition of World Elder Abuse Day, as stated in the FBI press release.

Top Crimes Against Seniors

As part of creating greater awareness, the press release points out that residents over the age of 60 make up most of the cybercrime victims in Arizona in 2018 and accounted for the majority of adjusted losses in that year, citing statistics from the FBI Internet Crime Complaint Center. Continue reading “FBI Warns of Cybercrimes Targeting Seniors”

Posted on by Duane Morris

Ransomware: A Growing Threat

Ransomware, a method of electronically attacking corporations and individuals by holding their data hostage, has gained massive popularity amongst hackers in the last several years. Ransomware is the first form of malware to present the threats of both the destruction of important data and the economic harm the loss of that data can create. Ransomware attacks will continue to increase in scope and severity in years to come, necessitating continuous vigilance.

In essence, ransomware acts by taking data that is of value to an entity but not deleting it. The ransomware acts as a figurative glass wall, allowing the owner of the data to physically possess that data but not access it. This is accomplished by implanting a virus on the owner’s hard drive, usually by means of an infected link in an email or other innocuous-looking document. Once the link is clicked, the ransomware works by encrypting the entire storage system. The hackers then threaten to destroy the data unless a ransom is paid.

2017 saw some of the worst ransomware attacks to date, escalating exponentially in size and gravity over previous years. According to a study by the Kaspersky Lab, over 479 million attacks occurred from online sources during the first quarter of 2017, up by over 250 percent from years past. These attacks ranged across countries and industries, and plagued corporations of all sizes.

To read the full text of this article by Duane Morris attorneys Anjali Kulkarni and Joseph M. Burton, please visit The Bar Association of San Francisco website.

Posted on by Eric J. Sinrod

Tech Acumen: Many Companies Falling Behind

Corporate America and companies around the globe are spending vast amounts of money trying to keep up with all sorts of threats in this new digital age. So, how are companies really doing?

Unfortunately, not so well. Indeed, according to PwC’s 2017 Digital IQ Survey, as reported by PR Daily, barely more than half of IT executives from the US and 52 other countries reported that their companies have a “strong digital IQ.” This is down from 67 percent so reporting in 2016, and 66 percent in 2015. Continue reading “Tech Acumen: Many Companies Falling Behind”

Posted on by Duane Morris

FTC, FCC Flex Muscles

Duane Morris partner Joseph Burton was featured in a video on Bank Info Security  on the impact of regulators involved in cybersecurity.

The Federal Trade Commission and the Federal Communications Commission are among U.S. regulators now starting to flex their muscles when it comes to enforcing cybersecurity standards, says Burton. What enforcement trends might we expect to see in 2017?

To view the video, please visit the Bank Info Security website.

Posted on by Sandra A. Jeskie

What the Recent Cyberattack Means and Ways Businesses Can Protect Themselves

The unprecedented cyberattack on October 21, 2016, which crippled many of the Internet’s most widely trafficked sites, should be a wakeup call for businesses about the potential for hackers to weaponize common Internet-enabled devices and cripple businesses.

What Happened?

The cyberattack was caused in part by malware directed to more than 10 million Internet-connected devices, including DVRs, thermostats and closed-circuit video cameras. It caused a distributed denial-of-service attack (i.e., service interruption) that hit in three waves. Dyn, an Internet services company that directs Internet traffic, reported that the attack hit all of its 18 data centers globally. Early reports show that the disruption may be responsible for up to $110 million in lost revenue and sales. Perhaps most troubling is that the group claiming responsibility said the attack is merely a dry run for much larger attacks.

Continue reading “What the Recent Cyberattack Means and Ways Businesses Can Protect Themselves”

Posted on by Sandra A. Jeskie

Is Your Business Prepared for a Ransomware Attack?

Ransomware attacks are on the rise and expected to reach epidemic proportions. The most publicized attack took place this year at the Hollywood Presbyterian Medical Center when it was forced to declare an “internal emergency” after a ransomware attack locked down its systems. Businesses that are viewed as offering a combination of valuable data and weak security may be seen as attractive to attackers. Some attackers have strictly financial motivations while others may simply be in it for “the data.”

According to Cisco’s Midyear Cybersecurity Report, email and malicious advertising are the primary ways ransomware infiltrates a system. Businesses often pay the ransom but even when paid, files may be lost or altered in ways that could be devastating to the business.

Cisco reports that companies entering into M&A deals often do not conduct enough due diligence on the risk posture of the acquired business and realize their shortcomings after the deal is done, when it is too late to remediate problems or when it’s harder to do so because the networks are intertwined.

What can you do? Robust security is clearly the first step to prevent attacks and that begins with the creation of a comprehensive privacy and security roadmap that addresses high risk areas, compliance gaps and specific tactics for incident preparedness. It is important to involve experienced counsel at the outset to not only advise on the array of federal and state privacy and cybersecurity laws and help develop the policy but also to direct any security investigation so that consultants can report potential vulnerabilities to outside counsel to protect potentially negative findings from discovery in future litigation.

On September 7th, the Federal Trade Commission will begin its series of seminars on new and emerging technologies with a workshop on ransomware.

© 2009- Duane Morris LLP. Duane Morris is a registered service mark of Duane Morris LLP.

The opinions expressed on this blog are those of the author and are not to be construed as legal advice.

Proudly powered by WordPress