The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls

Digital Guardian's Blog

DOJ Aims to Keep Companies Accountable with Cyber-Fraud Initiative

by Chris Brook on Monday October 18, 2021

Contact Us
Free Demo

Companies that fail to follow required cybersecurity standards could soon be a target under the DOJ's new Civil Cyber-Fraud Initiative.

The Justice Department is ratcheting up its enforcement capabilities to hold companies that receive federal funds and fall victim to a cyberattack accountable.

Companies that fail to safeguard sensitive information and critical systems through less than robust services or by lie about the mitigations they have in place will be targets under a new project, the Civil Cyber-Fraud Initiative.

The initiative will also take organizations to task that fail to properly report cybersecurity incidents and breaches.

“For too long, companies have chosen silence under the mistaken belief that it is less risky to hide a breach than to bring it forward and to report it,” said Deputy Attorney General Monaco. “Well that changes today. We are announcing today that we will use our civil enforcement tools to pursue companies, those who are government contractors who receive federal funds, when they fail to follow required cybersecurity standards — because we know that puts all of us at risk. This is a tool that we have to ensure that taxpayer dollars are used appropriately and guard the public fisc and public trust.”

Deputy Attorney General Lisa O. Monaco announced the initiative earlier this month, pointing out that the department would be using the False Claims Act, a law that imposes liability on companies who defraud government programs, to go after government contractors and grant recipients that haven’t adopted and maintained cybersecurity best practices.

While the DOJ doesn’t explicitly say what those may be, recommendations recently issued by the Cybersecurity and Infrastructure Security Agency (CISA) for avoiding ransomware attacks are probably a good example of what the department is hoping organizations follow.

Organizations, if they haven't already, may also want to familiarize themselves with letters and advisories issued by the US Department of Treasury's on sanction risks for facilitating ransomware payments and Deputy National Security Advisor Anne Neuberger's to corporate executives on their responsibility to protect against cyber threats.

The initiative is a “direct result” of the DOJ's 120-day comprehensive review into its cybersecurity strategy, ordered by Monaco this past May. It was around that time, following the hacks of Colonial Pipeline and the meat packaging company JBS, that Monaco stressed the importance of having protocols in place to prevent and respond to ransomware attacks. The review was also intended to scope out issues involving the popularity of artificial intelligence and supply chain attacks like the SolarWinds incident from last year.

According to Monaco, the initiative will be led by the Civil Division’s Commercial Litigation Branch, Fraud Section. The Commercial Litigation Branch brings claims on behalf of the U.S. and defends claims against the U.S.; it also has sections in charge of overseeing intellectual property, foreign litigation, and financial litigation

The initiative should help organizations honest when it comes to protecting government information and infrastructure, maintaining modern cybersecurity practices, and ensuring a cadence is met as far as identifying, creating, and publicizing patches.

Tags: Government

Recommended Resources

  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.