Saturday, April 20 2024

The European Council extended a framework that penalizes cyber-attacks against EU or member countries for another year. The framework, part of the EU cyber diplomacy toolbox, aims to strengthen Europe’s resilience against cyber threats.

The measures include travel restrictions and freezing assets of individuals or entities responsible for facilitation of cyberattacks. The sanctions currently apply to Russian, Chinese, and North Korean individuals and entities, although the framework is important for all organizations because parties beyond the cyber attackers can be penalized.

In a recent blog post, Steptoe & Johnson LLP warned companies facing ransomware payment requests to consider the framework. Despite attribution challenges, “payment to listed persons amount to a violation of sanctions regime.” Financial institutions and insurance companies are similarly affected by facilitating payments or providing cyber coverage that includes ransom payments.

Indeed, in the start of what could be a trend, global insurer AXA said earlier this month that it would no longer issue cyber-insurance policies in France that reimburse customers for ransomware payments to criminal groups.

The EU framework is part of a regulatory trend towards increased scrutiny of ransomware payments. The Biden administration’s Executive Order “sets the stage for an uptick in similar actions” in the US, said Alex Sharpe, principal at Sharpe Management Consulting.

While certainly “a step in the right direction,” the Executive Order does not go far enough, according to XPAN Law Partners managing partner Rebecca L. Rakoski. US domestic organizations face a “patchwork of guidelines and standards without clear guidance” from the Federal Government, she stated.

Considering the current lack of clear, substantial legislative and regulatory frameworks, legal ambiguities, and competing interests, the world finds itself at a crossroads. Until fundamental changes are made to legislative and regulatory frameworks, we remain at an “uncomfortable time,” said Sharpe.

Previous

US Infrastructure Plan Includes Billions for Cybersecurity Improvements

Next

Third-Party Cloud Service Misuse Exposes Over 100M Users’ Data

Check Also

Widget

Don’t Miss

The words Endpoint Detection and Response (EDR) on a green background with lines on the right side of the image

Best Endpoint Detection & Response Platforms

Lara Oporto

Endpoint Detection & Response platforms continuously monitor endpoints for signs of malicious activities, such as unauthorized access or unusual behavior, enabling rapid detection and response to potential cyber threats to safeguard organizational assets. What is Endpoint Detection and Response and how does it work? Endpoint Detection and Response (EDR) is a cornerstone in modern cybersecurity […]

AT&T AlienVault Products Review: OSSIM vs USM

Ellie Buscemi

AlienVault is now the technological basis for AT&T AlienLabs and provides multiple products for different companies’ cybersecurity needs. What AT&T AlienVault Products are Available? In December 2021, CISOstack reported that AT&T intended to acquire AlienVault to expand its cybersecurity offerings to more businesses. Two years later, AlienVault-based offerings make up a large portion of AT&T’s […]

Photo by Simon Kadula on Unsplash.

Navigating Manufacturing IIoT Cybersecurity Challenges

John Powers

Guarding the Gears: Government policy and industry collaboration to mitigate cyberthreats to manufacturers. The smart factory is on the rise. Production lines equipped with advanced sensors can monitor equipment health in real-time and predict potential issues before they disrupt operations. Temperature and humidity sensors can ensure the optimal environment for delicate manufacturing processes. RFID-enabled asset […]

Best Microsegmentation Software

Ellie Buscemi

Microsegmentation allows a company to divide digital assets into smaller, more secure groups, which makes it harder for cybercriminals to take over a company’s data center. What is Microsegmentation? Microsegmentation refers to cyber professionals building layers of cybersecurity protection between groups of digital assets or individual cyber assets. Adding these layers inside instead of only […]

Best Breach and Attack Simulation Platforms

Ellie Buscemi

Breach and attack simulation (BAS) platforms allow companies to see weaknesses in their cyber infrastructures before a malicious hacker can exploit them. What Is BAS – Breach and Attack Simulation? Breach and attack simulation (BAS) is an approach to cybersecurity that uses advanced tools to imitate the attacks used by cybercriminals on companies’ digital infrastructure. […]

Ofer Ben-Noon and Ohad Bobrov

Palo Alto Networks to Acquire Talon

Ellie Buscemi

On Monday, Palo Alto Networks agreed to acquire Israeli startup Talon Cyber Security, an enterprise browser platform. The deal values Talon at between $600 to $700 million, according to The Information. Palo Alto will integrate Talon’s enterprise browser solution into its Prisma SASE product. The acquisition comes among a wave of acquisitions and releases involving […]