The New York Department of Financial Services (NYDFS) issued new guidance this week intended to assist organizations in thwarting ransomware attacks. The guidance clarifies the NYDFS’ expectation that NYDFS-regulated companies should “implement these controls whenever possible” and report any successful deployment of ransomware or unauthorized access to privilege accounts to the NYDFS under its established […]
Cybersecurity
DOJ Seizure of Ransom Payment Signals More Aggressive Stance by U.S. Government
Following the creation of the DOJ’s Ransomware and Digital Extortion Task Force in April 2021 and on the heels of the Biden administration’s characterization of ransomware as a national security threat, on June 7, 2021, the DOJ announced it has seized $2.3 million (63.7 bitcoin) in proceeds from a recent ransom paid to DarkSide in […]
The Supreme Court Narrows The Scope of The Computer Fraud and Abuse Act
Today, the Supreme Court issued a long-awaited decision in Van Buren v. United States interpreting the meaning of “exceeds authorized access” under the Computer Fraud and Abuse Act (“CFAA”). The 6-3 majority, led by Justice Barrett and joined by Justices Breyer, Sotomayor, Kagan, Gorsuch, and Kavanaugh, rejected the Government’s broad definition of this phrase. While […]
New York and Illinois Regulators Recommend Third Party Cybersecurity Review For Specific Vulnerabilities
This month, the Illinois Department of Insurance issued guidance to insurers recommending assessments in response to a Microsoft Exchange vulnerability, detailed in the guidance. In the Bulletin dated May 5, the Department encourages regulated entities to “assess the risk to their systems and consumers and take steps necessary to address vulnerabilities and customer impact.” The […]
Executive Order Details Cybersecurity Changes For Public And Private Sector
In a lengthy Executive Order issued on May 12, 2021 (the “Order”), the Biden Administration has taken steps “to make bold changes and significant investments” in both public and private sector cybersecurity “in order to defend the vital institutions that underpin the American way of life.” The full scope of the Order remains to be […]