This blog was written and produced by Nick Cozzolino, CISSP, Director of Information Security at The Bonadio Group. FoxPointe Solutions is The Bonadio Group's dedicated cybersecurity division. Looking to get in touch with Nick? Reach out today: Nick Cozzolino ncozzolino@bonadio.com.
“Data is the new oil.” We have heard that frequently over the years. It's usually in the context of being a business driver. That is still true, however, it is also lucrative for those who want to hijack your data via ransomware.
In the early days of ransomware, it would cost a company or individual a few hundred dollars to recover the data on a computer. The average ransom for the first half of 2021 is around $220,000. That is a 43% increase over 2020. The targets of ransomware attacks have shifted as well to large corporations, national infrastructure, government agencies, and health organizations.
Removing the financial incentives from ransomware has become the topic of conversation at all levels of government. FBI Director Chris Wray recently spoke at a U.S. Senate appropriations panel and urged ransomware victims to avoid paying the ransom. He said, “In general, we would discourage paying the ransom because it encourages more of these attacks, and frankly, there is no guarantee whatsoever that you are going to get your data back". Unfortunately, this is easier said than done.
In New York State, the Senate has introduced Bill S6806A, which, if passed, prohibits the payment of ransomware by “government entities, business entities or healthcare entitles or by another entity on their behalf.” Additionally, all government agencies will be required to report any cyber incidents or attacks to the New York State division of Homeland Security and Emergency Services. Business entities that violate the Bill will be subject to a civil penalty of up to ten thousand dollars assessed by the attorney general.
FoxPointe Solutions is Here to Help
Bill S6806A is still in Committee and may look very different if it reaches Governor Cuomo’s desk for signature. Use this link to access the Bill’s text and sign up for status alerts. If any other questions arise about cybersecurity regulation updates, contact us today.
FoxPointe Solutions is solely responsible only for the content of FoxPointe Solutions authored information and is subject to change at any time. Any forward-looking statements are not predictions. FoxPointe Solutions is not responsible for any errors or omissions, or for the results obtained from the use of this information. Questions regarding your legal or compliance position should be addressed through your legal counsel, security advisor and/or your relevant standard authority. Nothing contained herein should be used nor relied upon as advice nor constitute a consultant-client relationship.