CSO reports: Zero-day exploits, supply chain attacks fuel 72% increase over previous record for incidents of compromise. Another increase is expected for 2024. A new record for data breaches reported to the Identity Theft Resource Center (ITRC) was set in 2023, spurred by zero-day and supply chain attacks, according to the organization’s annual data breach report released Thursday. The report…
Category: Commentaries and Analyses
Interview with the Knight Group, the heir of Cyclops
Marco A. De Felice, aka amvinfe, writes: It happens very often nowadays to witness the sudden disappearance of ransomware groups that have been active for only a few months. In the last three years, we have counted at least twenty of them that have “vanished from the radar” of journalists and researchers. Some of these…
Current Issues In Data Breach Class Action Settlements
Mark A. Olthoff, Shundra Crumpton Manning of Polsinelli PC summarize some issues raised by recent class action decisions: Very few civil cases ever reach a jury. Nearly every lawsuit is at some point resolved by the court on motion or through settlement. Class action cases are no different, including those filed after data breach incidents….
K-12 Cybersecurity Spending, Insurance on the Rise
Government Technology reports: While school districts have a heightened awareness of cyber attacks and are increasingly improving their defense systems, most indicate that they still need dedicated personnel to better protect their data in addition to stronger collaboration from staff, according to an annual survey by the school software company Clever. Clever’s 27-page report, released this…
University of Twente Maps Decision-Making Process for Ransomware Victims
The UT investigated the decision-making process of victims who had to pay ransoms during ransomware attacks. UT researcher Tom Meurs and his colleagues analyzed 481 ransomware attacks, data from the Dutch police and a Dutch incident response party. Organizations with recoverable backups in particular were often better able to avoid paying ransoms. Data exfiltration led…
Dutch SA Sanctions Credit Card Company for Failure to Perform Data Protection Impact Assessment
Kristof Van Quathem of Covington and Burling writes: In December 2023, the Dutch SA fined a credit card company €150,000 for failure to perform a proper data protection impact assessment (“DPIA”) in accordance with Art. 35 GDPR for its “identification and verification process”. First, the Dutch SA decided that the company was required to perform a DPIA…