fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

The Ransom Disclosure Act would give victims 48 hours to report payments

The Ransom Disclosure Act would give victims 48 hours to report payments

Victims of ransomware attacks in the United States may soon have to report any payments to hackers within 48 hours, according to a new legislation proposal titled the ‘Ransom Disclosure Act’.

The bill was drafted by U.S. Senator Elizabeth Warren and Representative Deborah Ross, and its goal is to strengthen DHS’s (Department of Homeland Security) understanding of how cybercriminal gangs operate.

As the Senator stated, ransomware attacks are on the rise despite the multi-faceted efforts to tackle the problem, so getting to learn more about how money circulates in the underground may help the authorities develop and implement more effective disruption and prevention strategies.

Also Read: 7 Principles of Personal Data Processing

The four main points of the Ransom Disclosure Act are the following:

  • Require ransomware victims (excluding individuals) to disclose information about ransom payments no later than 48 hours after the date of payment, including the amount of ransom demanded and paid, the type of currency used for payment of the ransom, and any known information about the entity demanding the ransom;
  • Require DHS to make public the information disclosed during the previous year, excluding identifying information about the entities that paid ransoms;
  • Require DHS to establish a website through which individuals can voluntarily report payment of ransoms;
  • Direct the Secretary of Homeland Security to conduct a study on commonalities among ransomware attacks and the extent to which cryptocurrency facilitated these attacks and provide recommendations for protecting information systems and strengthening cybersecurity.

The approach of forcing victims to disclose payments to hackers has always been met with controversy, as many believe that it would merely result in making ransomware attack repercussions more severe.

This strategy could lead to occasions where the business disruption would be lengthened and restoration of normal operations would be delayed due to the additional scrutiny.

The case becomes particularly complicated when the ransom payment ends up in the pockets of an entity that is sanctioned in the U.S.

The Treasury Department has recently updated its advisory to American companies, to emphasize that they are prohibited from paying actors in embargoed countries and entities in the SDN List. In many cases, this alone could deadlock a victimized company.

It is expected that a stricter legal context will push firms to adopt more robust security practices, following better backup strategies, and generally upgrading their stance against ransomware actors.

Also Read: The 12 Important Details for Employment Contract Template

However, eliminating the risk completely is practically impossible, so in many cases, the Ransom Disclosure Act will just play the role of an additional burden. If this “weight” will end up having positive effects in the long term, as Senator Warren believes, it remains to be seen.

Of course, for all that to take effect, the bill will first have to pass through a Senate voting, then the House of Representatives, and finally to be signed by U.S. President Joe Biden. 

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us