Community Edition
Total Tests:
This Week:
Today:
Cyber Law Blog
Phobos Ransomware Admin Extradited From South Korea
November 21, 2024
Dark Web Crypto Mixer Founder Sentenced to Over 12 Years for Money Laundering
November 14, 2024
Global Сybercrime Сrackdown Takes Down Over 22K Malicious IPs And Servers
November 7, 2024
REvil Gang Members Sentenced
October 31, 2024
US Cop Indicted Over Buying Stolen Data
October 24, 2024
Stay in Touch

Get exclusive updates and invitations to our events and webinars:


Your data will stay confidential Private and Confidential

ImmuniWebInternational Media Coverage

Ransomware gang grasses up uncooperative victim to US regulator

By Alex Scroxton for ComputerWeekly
Thursday, November 16, 2023

Designed to foster transparency and accountability over cyber attacks, the rule has divided the security community because while many support the idea in principle, the concept of what constitutes a “material” breach is rather vague. Others believe it may hand an advantage to attackers.

Ilia Kolochenko, chief architect at ImmuniWeb and adjunct professor of cyber security and cyber law at Capitol Technology University in Maryland, commented: “Misuse of the new SEC rules to make additional pressure on publicly traded companies was foreseeable. Moreover, ransomware actors will likely start filing complaints with other US and EU regulatory agencies when the victims fail to disclose a breach within the timeframe provided by law.

In emailed comments, Kolochenko told Computer Weekly: “Having said that, not all security incidents are data breaches, and not all data breaches are reportable data breaches. Therefore, regulatory agencies and authorities should carefully scrutinise such reports and probably even establish a new rule to ignore reports uncorroborated with trustworthy evidence, otherwise, exaggerated or even completely false complaints will flood their systems with noise and paralyse their work.

He added: “Victims of data breaches should urgently consider revising their digital forensics and incident response (DFIR) strategies by inviting corporate jurists and external law firms specialised in cyber security to participate in the creation, testing, management and continuous improvement of their DFIR plan.

“Many large organisations still have only technical people managing the entire process, eventually triggering such undesirable events as criminal prosecution of CISOs and a broad spectrum of legal ramifications for the entire organisation. Transparent, well-thought-out and timely response to a data breach can save millions.” Read Full Article


Previous Media Publications:

Infosecurity Magazine: Ransomware Group Reports Victim to SEC

Tech Monitor: BlackCat hacks company, reports victim to SEC

This website uses cookies to provide you with a better surfing experience. To learn more, please visit our Privacy Policy. By continuing to use this website you consent to our use of cookies.

Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a Technical Question?

Our security experts will answer within
one business day. No obligations.

Have a Sales Question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
*
Your data will stay private and confidential