Readings for senior management.
https://sloanreview.mit.edu/article/the-ransomware-dilemma/
The Ransomware Dilemma
The decision on whether to pay up when cybercriminals hold data hostage is shaped by choices leaders made long before an attack.
The ransomware business is booming: In the United States alone, this form of cyberattack increased in frequency by 200% between 2019 and 2021. It’s an urgent threat, but too many leaders are caught flat-footed when it happens to them. Ransomware is malicious software that uses encryption to prevent access to data on the infected machine, effectively paralyzing the computer system. The culprits behind the attack then demand payment in exchange for decrypting the files and restoring access to the infected systems. The tactic dates to the 1980s, but it became a prominent threat to businesses after 2010 with the rise of cryptocurrency, criminals’ preferred mode of payment.
It’s a threat riddled with uncertainties, which makes planning a response difficult. Many organizations just want to find the quickest way out, and that often means paying the ransom, even though the financial burden may be considerable and the outcome far from certain. In a recent study of 300 companies, 64% revealed that they had experienced a ransomware attack within the previous 12 months, and a staggering 83% of those paid the ransom. On average, only 8% of organizations that paid up recovered all of their data, while 63% got about half of it back.
Learn from your vendors. Risk mitigation benefits you both.
What your cyber insurance application form can tell you about ransomware readiness
The annual cyber insurance application form shows what the carriers think you should be doing to best prevent and recover from ransomware attacks. Pay attention.
Nothing new, but a bit more detail.
https://www.theguardian.com/world/2022/may/10/us-immigration-agency-ice-domestic-surveillance-study
US immigration agency operates vast surveillance dragnet, study finds
When cities and states passed ‘sanctuary’ laws to block police from aiding deportations, Ice found new ways to access private intel
US Immigration and Customs Enforcement (Ice) has built a vast digital surveillance system that gives it access to the personal details of almost every person in America, a two-year investigation by Georgetown University law center has found.
Researchers from the Center on Privacy & Technology on Tuesday released one of the most comprehensive reviews of Ice activities, concluding that the federal organisation has strayed well beyond its duties as an immigration body to become what is in effect a domestic surveillance agency.
Operating largely in secret and with minimal public oversight, Ice has amassed a formidable armory of digital capabilities that allows its agents to “pull detailed dossiers on nearly anyone, seemingly at any time”.
The vast mountain of data to which Ice now has access includes:
Driver’s license data for three of every four adults living in the US.
Data drawn from the utility records of 75% of adults, covering more than 218 million unique utility consumers in all 50 states.
Information on the movements of drivers in cities that contain 75% of the US population.
Facial recognition technology drawn from the driver’s license photos of at least a third of all adults.
The Georgetown researchers base their report, American Dragnet: Data-Driven Deportation in the 21st Century, on hundreds of freedom of information requests and a review of more than 100,000 previously unseen Ice spending transactions.
Only 45 more to go!
https://www.huntonprivacyblog.com/2022/05/10/connecticut-enacts-consumer-privacy-law/
Connecticut Enacts Consumer Privacy Law
On May 10, 2022, Connecticut Governor Ned Lamont signed An Act Concerning Personal Data Privacy and Online Monitoring, after the law was previously passed by the Connecticut General Assembly in April. Connecticut is now the fifth state to enact a consumer privacy law.
Sounds like it would be easy to duplicate. I bet it’s not…
How a Machine-Learning Program Finds Litigation Financing Deals
… Legalist’s application crawls government databases, including Pacer, as well as more than 200 databases representing state courts and government contractors.
The program — which Shang’s team calls a “truffle sniffer” — looks for static variables like defendants or lawyers, as well as time series variables, which include the events associated with cases. The technology is looking for key litigation dates, such as “creditor motions” in a bankruptcy.
Then, machine learning comes in. The app classifies the data by the type of case, individual, and event, among other variables, creating a decision tree that ultimately leads to a decision on whether the firm will finance the case.
… There are, of course, still errors. Shang said the litigation fund has about an 80 percent success rate. But her team tries to limit potential losses with its standardized process.
No comments:
Post a Comment