Category: Privacy



Emerging Cyber-Security Threats for 2020: The Rise of Disruptionware and High-Impact Ransomware Attacks

Share

Disruptionware is defined by the Institute for Critical Infrastructure Technology (ICIT) as a new and “emerging category of malware designed to suspend operations within a victim organization through the compromise of the availability, integrity and confidentiality of the systems, networks and data belonging to the target.”  New forms of disruptionware can be a more crippling form of cyber-attack than other more “garden-variety” malware and ransomware attacks. This is the case since, as the ICIT notes, disruptionware not only attempts to encrypt and deny users access to their data, but works as a “layered attack” designed to “disrupt operations and production in manufacturing or industrial environments (as well as infrastructure) in order to achieve some other strategic goal.”

Continue reading

How We Spent Our Summer Vacation or Summary of CCPA Amendments

Share

The long anticipated amendments to the CCPA were passed by the California Legislature in early September and now await Governor Newsom’s signature.  Some of the changes were “clean up” amendments to update cross references, standardize language, and generally address issues of drafting.  What follows is a summary of the most significant and substantive amendments:

Continue reading

Newly-Discovered Vulnerability Highlights the Security Concerns Surrounding Bluetooth Technology

Share

A recent report by researchers at the Helmholz Center for Information Security (CISPA), Singapore University of Technology and Design, and the University of Oxford has revealed that Bluetooth technology is vulnerable to a new type of hacking which allows for an attacker to carry out data theft on a Bluetooth-enabled device without the user’s knowledge or permission so long as the cyber-criminal is within Bluetooth range of the targeted device.

Continue reading

Data Privacy Exposure Hits the Public Sector: Lessons from the OPM Data Breach Class Action, Whistleblower Actions, and the GAO Cybersecurity Report

Share

Data privacy litigation and enforcement actions continue to roil the private sector, most recently with the FTC’s announcement of a $425 million settlement with Equifax in the wake of the Equifax data breach. Less discussed is the fact that data privacy and security remains a real threat in the public sector. As we recently reported, the 2019 Verizon Data Breach Investigations Report found that 16% of confirmed data breaches were in the public sector. Three recent developments highlight the breadth and scope of the threat, reflecting that federal agencies and government contractors remain vulnerable to cyberattacks and may be subject to liability for cybersecurity failures.

Continue reading

California’s BOT Disclosure Law, SB 1001, Now In Effect

Share

The B.O.T. (“Bolstering Online Transparency”) Act, enacted last year pursuant to SB 1001, has gone into effect in California. As of July 1, it is unlawful for a person or entity to use a bot to communicate or interact online with a person in California in order to incentivize a sale or transaction of goods or services or to influence a vote in an election without disclosing that the communication is via a bot. The law defines a “bot” as “an automated online account where all or substantially all of the actions or posts of that account are not the result of a person.” The required disclosure must be clear, conspicuous, and reasonably designed to inform persons with whom the bot communicates or interacts that it is a bot.

The law is the first of its kind enacted by a state legislature and applies only to communications with persons in California. In addition, it applies only to public-facing Internet Web sites, applications, or social networks that have at least 10 million monthly U.S. visitors or users. While the law contains no private right of action and expressly “does not impose a duty on service providers of online platforms,” failure to abide by the disclosure requirement, as enforced by the Attorney General, may constitute a violation of California’s unfair competition laws and result in fines and equitable remedies.

As Cyberattacks Rise, U.S. Business Readiness Falls

Share

Two recent reports reflect that cyberattacks and resulting data breaches continue to threaten U.S. companies and public entities. The Hiscox Cyber Readiness Report (April 23, 2019), compiled from a survey of more than 1,000 U.S. cybersecurity professionals at private companies and public-sector entities with 50 to 1,000+ employees, found that 53% of firms reported at least one cyberattack – up from 38% in 2018. Interestingly, only 11% of U.S. firms qualified as experts based on their cybersecurity preparedness and responses – down from 26% in last year’s survey; 16% of firms ranked as intermediate, and the remaining 73% ranked as novice. These statistics reflect a continuing need for public- and private-sector emphasis on cybersecurity preparedness and incident response.

Continue reading

« Older posts

©2020 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Privacy Policy