The Industry’s Only SaaS-Delivered Enterprise DLP
Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.
No-Compromise Data Protection is:
- Cross Platform
- Flexible Controls
Ransomware debates, spyware indictments, and CISA confirmations- catch up on all of the week's infosec news with the Friday Five!
1. Would companies even abide by a ransomware payments ban? by Joe Uchill
This story examines whether companies would follow a new federal policy banning ransomware payments. In a new survey, only 40% of firms said they would consider not paying a ransom, despite the idea being a popular solution floated from politicians and others to disincentivize ransomware. The article considers both arguments that paying ransoms incentivizes and strengthens cybercriminals while acknowledging that some businesses pay ransoms as they lack the proper backups to restore their systems quickly and can’t afford a sustained shutdown of their systems. Ultimately, solving the ransomware crisis will require addressing the root causes that allow ransomware to be effective rather than the band-aid of banning payments of ransoms.
2. How Cyber Safe is Your Drinking Water Supply by Brian Krebs
In a look at the security of critical infrastructure, Brian Krebs explores how the majority of drinking water treatment systems in the U.S. haven’t taken basic steps to protect their networks. In a concerning survey result, 67.9% of water systems reported no IT security incidents in the last 12 months, an unlikely scenario that shows that local departments are probably not actively looking for threats. The story also covers some of the higher profile attempted hacks of water infrastructure of late and how the vast majority of water utilities do not need to report to the EPA on their cybersecurity practices because most serve fewer than 3,300 residents. Furthermore, many utilities face a challenge when it comes to hiring qualified professionals in the rural areas where they operate. The challenges highlighted in the story are a reminder of how imperative it is that the U.S. secure its critical infrastructure.
3. Hit by a ransomware attack? Your payment may be deductible by Alan Suderman and Marcy Gordon
This interesting story looks at whether ransom payments are tax deductible. The concern is that if the payments are deductible, it could serve as another incentive for cybercriminals to attack, as tax write-offs could result in more companies being inclined to pay. A deduction for a ransomware attack fits within the historic pattern of companies being able to deduct for crimes like robbery or embezzlement. One caveat is that companies cannot take a deduction if the payment is covered by cyber insurance. Though ransomware is becoming more common, many experts are encouraging the IRS to avoid making the payments deductible as it may normalize ransomware.
4. French Spyware Executives Are Indicted for Aiding Torture by Sidney Fussell
In a potentially significant privacy ruling, French authorities indicted four executives of a surveillance firm for complicity in war crimes and torture. The executives are accused of supplying surveillance tools to Libya and Egypt. The tools were then used by the authoritarian regimes to identify, spy on, and target activists and dissidents. The indictments may be the start of a crackdown on the largely unregulated surveillance industry.
5. Senate fails to confirm new CISA director before two-week break, drawing criticism by Tonya Riley
The Senate has failed to confirm the new director of CISA as it heads into its two-week recess. It’s incredibly important that the position be filled because of the current ransomware crisis and the series of high profile cyberattacks in the past year. CISA’s responsibilities include: defending the nation’s critical infrastructure, election security, and defending civilian agency networks. The vote on the nomination was blocked by Senator Rick Scott of Florida who claimed he will block the vote until Vice President Harris visits the southern border. There was widespread frustration with the politicization of the nomination process for such an important position, and hopefully, the position is filled soon to address the myriad cyber threats facing the United States.