Cyber Attacks Are Rising, New Cyber Security Legislation

Cyber Attacks Rising
Cyber Attacks Rising

The latest statistics from the Federal Bureau of Investigation (FBI) demonstrate that no industry is exempt from cyber attacks which are increasing in frequency and impact. Per the FBI, Business Email Compromise (BEC) attacks surpassed $43 billion globally and are rising.

These losses, which the FBI calls “exposed losses,” include both actual and attempted losses reported between June 2016 and December 2021. The FBI noted an increase of 65 percent during that time and it was most likely spurred by the COVID-19 pandemic which forced many individuals to shift to virtual work from remote environments that are typically less secure than their corporate network.

Ransomware attacks continue to be a significant problem as well. Ransoms are increasing and data is no longer merely encrypted and held for ransom. Recent research has shown that roughly 40 percent of all newly discovered ransomware includes data exfiltration as part of the attack process.

The exfiltrated (stolen) data is “dumped” on “shame” sites where hackers post names of corporate ransomware victims along with samples of stolen information to increase the likelihood the victim will pay a ransom. This is known as “Double Extortion”. In some cases, the hackers will demand ransoms from individuals whose data was among those stolen, which is known as the “Triple Extortion” ransomware threat.

What Is the Strengthening American Cybersecurity Act?

The Strengthening American Cybersecurity Act (S. 3600) was signed into law by President Biden earlier this year to help combat these and other cybersecurity related issues.

Key points of the new law include:

  • It only applies to particular companies that it calls covered entities. The rules for what is considered a covered entity are still being finalized, but, in general, it applies to companies that are part of the U.S. critical infrastructure (finance, transportation, energy and other sectors).
  • Covered entities are required to report cyberattacks to the federal government within 72 hours of the incident’s start — or within 24 hours if a ransom has been paid.
  • Covered entities must also preserve all data related to any cyber incident or ransom payment and provide the Cybersecurity and Infrastructure Security Agency (CISA) with updates on incidents until they are fully resolved.
  • CISA, a division of the Department of Homeland Security (DHS), will be at the helm of the federal government’s response to major cyber incidents within four years.
  • Specific guidelines for which companies are covered entities, what data must be preserved and other details related to this law are still being defined — a process called rulemaking that may take as long as two years.

If your company is likely to be considered a public entity, you should monitor the rulemaking process and take steps now to prepare for the new disclosure obligations and the potential for overlapping obligations.

Whether or not your company is considered a covered entity, you should take the opportunity to revisit your cybersecurity posture including your tools, policies, procedures and programs. Regulations will likely expand to other industries, when the cyber security landscape changes for one industry, it often bleeds into others sooner or later.

Additionally, cyber insurance providers are becoming much more stringent in regards to whom they will insure and what security measures they demand. For those businesses who can get insurance, premiums are rising rapidly, and this is especially true if your cybersecurity posture is weak, which is yet another reason to act now.

You can find some great insight on the current state of the cyber insurance market in this recent article from The Wall Street Journal, “Buying Cyber Insurance Gets Trickier as Attacks Proliferate, Costs Rise.”

Two More Cybersecurity Bills Passed in June

In June 2022, two bipartisan cybersecurity bills were signed into law by President Biden: the Federal Rotational Cyber Workforce Program Act of 2021, and the State and Local Government Cybersecurity Act of 2021.

Together these bills intend to:

  • Improve collaboration between DHS and state, local, tribal and territorial governments.
  • Require the National Cybersecurity and Communications Integration Center (NCCIC) to coordinate with the Multi-State Information Sharing and Analysis Center (MS-ISAC) to aid state, local, tribal and territorial government entities with cybersecurity exercises, training, and education and awareness.
  • Provide a rotating workforce for cyber security efforts across federal agencies.

What It Means for Your Business

While governments try to shore up cybersecurity regulation and provide support and guidance, protecting your business still falls squarely in your court. Our certified experts have been helping businesses understand and defend against the myriad cyber threats being thrown at them since 1992.

Here are some free resources to help your improve your cybersecurity posture:

You can also contact us or book a meeting to discuss your IT and security needs today. We’re here and ready to help.

Posted in
Dave Hatter

Dave Hatter

Dave Hatter (CISSP, CCSP, CCSLP, CISA, CISM, PMP and ITIL) is a cyber security consultant, writer, educator and on-air media contributor. See hundreds of Dave’s expert interviews on cyber security on his YouTube channel, or tune in to 55KRC every Friday morning at 6:30 for his “Tech Friday” segment.

Share this Blog

Enterprise Password Management Promo Wide

Is Your Name or Birthday a Part of Your Password?

If so, you’re a part of the 59 percent of people who don’t follow proper password hygiene. More than 70 percent of passwords are used for more than one system, meaning if cybercriminals crack one, they can access a lot more accounts.

Our free Enterprise Password Management Guide will give you the best password hygiene practices to help you secure your computer and your business.

Download the Guide

Explore the Latest Trends in IT

Cybersecurity for Small Businesses Threat Management Strategies - Intrust IT

Cybersecurity for Small Businesses: Threat Management Strategies

The threat of cybercrime looms larger than ever before. With each passing year, we witness a staggering rise in cyberattacks,...
The Crucial Role of Data Backup in Business Continuity and Disaster Recovery - Intrust IT

The Crucial Role of Data Backup in Business Continuity and Disaster Recovery

Data is the lifeblood of any modern business operation. All organizations rely heavily on digital information, from customer and financial...
What is Two Factor Authentication, and Why Does it Matter - Intrust IT

What Is Two Factor Authentication, and Why Does It Matter?

You’ve likely seen security updates on your phone or computer asking you to set up 2FA or MFA to increase...
Should Information Technology Companies Allow Workers 9 Days AFK - Intrust IT

Should Information Technology Companies Allow Workers 9 Days AFK?

At Intrust IT, we know how powerful stepping away from work can be for our employees’ well-being. We became employee-owned...
The Advantages of Opting for a Managed SOC - Intrust IT

Benefits of Continuous Cybersecurity Monitoring with a Managed Security Operations Center (SOC)

Introduction: The Importance of Robust Cybersecurity in Today's Digital Age As a leading managed service provider, we’ve seen cyber threats...
Local Government Security Breaches Are City Managers Prepared - Intrust IT

Local Government Security Breaches: Are City Officials Prepared?

Virtually every day there’s a new headline about novel cyber threats, government security breaches and municipal government cyber attacks that...