Cyber Attacks Are Rising, New Cyber Security Legislation

Cyber Attacks Rising
Cyber Attacks Rising

The latest statistics from the Federal Bureau of Investigation (FBI) demonstrate that no industry is exempt from cyber attacks which are increasing in frequency and impact. Per the FBI, Business Email Compromise (BEC) attacks surpassed $43 billion globally and are rising.

These losses, which the FBI calls “exposed losses,” include both actual and attempted losses reported between June 2016 and December 2021. The FBI noted an increase of 65 percent during that time and it was most likely spurred by the COVID-19 pandemic which forced many individuals to shift to virtual work from remote environments that are typically less secure than their corporate network.

Ransomware attacks continue to be a significant problem as well. Ransoms are increasing and data is no longer merely encrypted and held for ransom. Recent research has shown that roughly 40 percent of all newly discovered ransomware includes data exfiltration as part of the attack process.

The exfiltrated (stolen) data is “dumped” on “shame” sites where hackers post names of corporate ransomware victims along with samples of stolen information to increase the likelihood the victim will pay a ransom. This is known as “Double Extortion”. In some cases, the hackers will demand ransoms from individuals whose data was among those stolen, which is known as the “Triple Extortion” ransomware threat.

What Is the Strengthening American Cybersecurity Act?

The Strengthening American Cybersecurity Act (S. 3600) was signed into law by President Biden earlier this year to help combat these and other cybersecurity related issues.

Key points of the new law include:

  • It only applies to particular companies that it calls covered entities. The rules for what is considered a covered entity are still being finalized, but, in general, it applies to companies that are part of the U.S. critical infrastructure (finance, transportation, energy and other sectors).
  • Covered entities are required to report cyberattacks to the federal government within 72 hours of the incident’s start — or within 24 hours if a ransom has been paid.
  • Covered entities must also preserve all data related to any cyber incident or ransom payment and provide the Cybersecurity and Infrastructure Security Agency (CISA) with updates on incidents until they are fully resolved.
  • CISA, a division of the Department of Homeland Security (DHS), will be at the helm of the federal government’s response to major cyber incidents within four years.
  • Specific guidelines for which companies are covered entities, what data must be preserved and other details related to this law are still being defined — a process called rulemaking that may take as long as two years.

If your company is likely to be considered a public entity, you should monitor the rulemaking process and take steps now to prepare for the new disclosure obligations and the potential for overlapping obligations.

Whether or not your company is considered a covered entity, you should take the opportunity to revisit your cybersecurity posture including your tools, policies, procedures and programs. Regulations will likely expand to other industries, when the cyber security landscape changes for one industry, it often bleeds into others sooner or later.

Additionally, cyber insurance providers are becoming much more stringent in regards to whom they will insure and what security measures they demand. For those businesses who can get insurance, premiums are rising rapidly, and this is especially true if your cybersecurity posture is weak, which is yet another reason to act now.

You can find some great insight on the current state of the cyber insurance market in this recent article from The Wall Street Journal, “Buying Cyber Insurance Gets Trickier as Attacks Proliferate, Costs Rise.”

Two More Cybersecurity Bills Passed in June

In June 2022, two bipartisan cybersecurity bills were signed into law by President Biden: the Federal Rotational Cyber Workforce Program Act of 2021, and the State and Local Government Cybersecurity Act of 2021.

Together these bills intend to:

  • Improve collaboration between DHS and state, local, tribal and territorial governments.
  • Require the National Cybersecurity and Communications Integration Center (NCCIC) to coordinate with the Multi-State Information Sharing and Analysis Center (MS-ISAC) to aid state, local, tribal and territorial government entities with cybersecurity exercises, training, and education and awareness.
  • Provide a rotating workforce for cyber security efforts across federal agencies.

What It Means for Your Business

While governments try to shore up cybersecurity regulation and provide support and guidance, protecting your business still falls squarely in your court. Our certified experts have been helping businesses understand and defend against the myriad cyber threats being thrown at them since 1992.

Here are some free resources to help your improve your cybersecurity posture:

You can also contact us or book a meeting to discuss your IT and security needs today. We’re here and ready to help.

Posted in
Dave Hatter

Dave Hatter

Dave Hatter (CISSP, CCSP, CCSLP, CISA, CISM, PMP and ITIL) is a cyber security consultant, writer, educator and on-air media contributor. See hundreds of Dave’s expert interviews on cyber security on his YouTube channel, or tune in to 55KRC every Friday morning at 6:30 for his “Tech Friday” segment.

Share this Blog

Enterprise Password Management Promo Wide

Is Your Name or Birthday a Part of Your Password?

If so, you’re a part of the 59 percent of people who don’t follow proper password hygiene. More than 70 percent of passwords are used for more than one system, meaning if cybercriminals crack one, they can access a lot more accounts.

Our free Enterprise Password Management Guide will give you the best password hygiene practices to help you secure your computer and your business.

Download the Guide

Explore the Latest Trends in IT

Fundamentals of Information Technology Management - Intrust

IT 101: What Is Information Technology Management?

When was the last time you stopped to think about how your business relies on technology? Information technology management is...
Avoid Pig-Butchering - Intrust IT

Pig-Butchering Scams: What They Are and How to Stay Safe

At Intrust IT, we understand that it may feel like the specter of cybersecurity is always breathing down your neck....
3 Reasons to Replace Aging Equipment - Intrust IT

Three Compelling Reasons Your Company Should Replace Its Aging Computers Before Year-End

As the end of the year approaches, businesses everywhere are evaluating their budgets and looking for strategic opportunities to invest...
What are managed services - Intrust IT

What Are Managed Services? And What Are the Benefits?

Running a business in today’s tech-driven world means you need reliable IT infrastructure. But let’s be honest, managing IT in-house...
Windows 10 End of Life How This Could Impact Your Business - Intrust IT

Windows 10 End of Life: How It Could Impact Your Business

As Microsoft officially plans to end support for Windows 10 on October 14, 2025, businesses need to begin thinking ahead....
AI implementation Roadmap Intrust IT

Master AI Integration With Our AI Implementation Roadmap Guide

AI is one of the greatest technological breakthroughs of the last few years. It has become our handy assistant, data...