Wednesday, May 29 2024

The European Council extended a framework that penalizes cyber-attacks against EU or member countries for another year. The framework, part of the EU cyber diplomacy toolbox, aims to strengthen Europe’s resilience against cyber threats.

The measures include travel restrictions and freezing assets of individuals or entities responsible for facilitation of cyberattacks. The sanctions currently apply to Russian, Chinese, and North Korean individuals and entities, although the framework is important for all organizations because parties beyond the cyber attackers can be penalized.

In a recent blog post, Steptoe & Johnson LLP warned companies facing ransomware payment requests to consider the framework. Despite attribution challenges, “payment to listed persons amount to a violation of sanctions regime.” Financial institutions and insurance companies are similarly affected by facilitating payments or providing cyber coverage that includes ransom payments.

Indeed, in the start of what could be a trend, global insurer AXA said earlier this month that it would no longer issue cyber-insurance policies in France that reimburse customers for ransomware payments to criminal groups.

The EU framework is part of a regulatory trend towards increased scrutiny of ransomware payments. The Biden administration’s Executive Order “sets the stage for an uptick in similar actions” in the US, said Alex Sharpe, principal at Sharpe Management Consulting.

While certainly “a step in the right direction,” the Executive Order does not go far enough, according to XPAN Law Partners managing partner Rebecca L. Rakoski. US domestic organizations face a “patchwork of guidelines and standards without clear guidance” from the Federal Government, she stated.

Considering the current lack of clear, substantial legislative and regulatory frameworks, legal ambiguities, and competing interests, the world finds itself at a crossroads. Until fundamental changes are made to legislative and regulatory frameworks, we remain at an “uncomfortable time,” said Sharpe.

Previous

US Infrastructure Plan Includes Billions for Cybersecurity Improvements

Next

Third-Party Cloud Service Misuse Exposes Over 100M Users’ Data

Check Also

Widget

Don’t Miss

Best Cloud Security Posture Management (CSPM) Software

Ellie Buscemi

What is Cloud Security Posture Management and how does it work? Cloud Security Posture Management (CSPM) is a product, service or platform that allows a business to protect their cloud infrastructure through the prevention, detection and response of cyber risks. A CSPM offering uses known and effective frameworks, regulatory standards and company policies to confirm […]

Best Privileged Access Management (PAM) Products

Lara Oporto

What is Privileged Access Management and how does it work? Privileged Access Management (PAM) products stand as a crucial fortress in fortifying your company’s digital landscape. Functioning as a meticulous guardian, PAM offerings orchestrate the establishment of access protocols, meticulously determining who holds privileged access to critical data and the specific circumstances under which such […]

Best Automated Moving Target Defense (AMTD) Offerings

Ellie Buscemi

What is Automated Moving Target Defense and how does it work? Automated Moving Target Defense (AMTD) is a recent innovation in cybersecurity that focuses on flexibility, deception and attack prevention. AMTD has four main components: it provides proactive cyber defense mechanisms, contains automation to change the attack surface, utilizes deception technology and can execute preplanned […]

Third-Party Risk Management Solutions

Lara Oporto

What is Third-Party Risk Management? Third-Party Risk Management (TPRM) software assists organizations in managing risks associated with their relationships with suppliers, vendors and service providers. The products offer a range of features to automate and streamline various aspects of third-party risk management. They typically include tools for risk assessment, due diligence, contract management and ongoing […]

Best Industrial Internet of Things (IIoT) Platforms

Lara Oporto

Industrial Internet of Things (IIoT) offerings are technological solutions empowering businesses to connect, manage and analyze data from a multitude of devices and systems within industrial settings, such as manufacturing, energy, transportation, logistics and healthcare. What are Industrial Internet of Things (IIoT) platforms and how do they work? Industrial Internet of Things (IIoT) platforms are […]

The words Endpoint Detection and Response (EDR) on a green background with lines on the right side of the image

Best Endpoint Detection & Response Platforms

Lara Oporto

Endpoint Detection & Response platforms continuously monitor endpoints for signs of malicious activities, such as unauthorized access or unusual behavior, enabling rapid detection and response to potential cyber threats to safeguard organizational assets. What is Endpoint Detection and Response and how does it work? Endpoint Detection and Response (EDR) is a cornerstone in modern cybersecurity […]