Friday, January 28 2022

The European Council extended a framework that penalizes cyber-attacks against EU or member countries for another year. The framework, part of the EU cyber diplomacy toolbox, aims to strengthen Europe’s resilience against cyber threats.

The measures include travel restrictions and freezing assets of individuals or entities responsible for facilitation of cyberattacks. The sanctions currently apply to Russian, Chinese, and North Korean individuals and entities, although the framework is important for all organizations because parties beyond the cyber attackers can be penalized.

In a recent blog post, Steptoe & Johnson LLP warned companies facing ransomware payment requests to consider the framework. Despite attribution challenges, “payment to listed persons amount to a violation of sanctions regime.” Financial institutions and insurance companies are similarly affected by facilitating payments or providing cyber coverage that includes ransom payments.

Indeed, in the start of what could be a trend, global insurer AXA said earlier this month that it would no longer issue cyber-insurance policies in France that reimburse customers for ransomware payments to criminal groups.

The EU framework is part of a regulatory trend towards increased scrutiny of ransomware payments. The Biden administration’s Executive Order “sets the stage for an uptick in similar actions” in the US, said Alex Sharpe, principal at Sharpe Management Consulting.

While certainly “a step in the right direction,” the Executive Order does not go far enough, according to XPAN Law Partners managing partner Rebecca L. Rakoski. US domestic organizations face a “patchwork of guidelines and standards without clear guidance” from the Federal Government, she stated.

Considering the current lack of clear, substantial legislative and regulatory frameworks, legal ambiguities, and competing interests, the world finds itself at a crossroads. Until fundamental changes are made to legislative and regulatory frameworks, we remain at an “uncomfortable time,” said Sharpe.

Previous

US Infrastructure Plan Includes Billions for Cybersecurity Improvements

Next

Third-Party Cloud Service Misuse Exposes Over 100M Users’ Data

Check Also

Widget

Don’t Miss

Cyber Deals: 1Password, Virtru, SoSafe, Anitian

Julia Bischoff

Cybersecurity venture funding and mergers: The most sizable venture rounds involved password management and compliance solutions. Managed detection and response (MDR) and identity and access management (IAM) tools remain strong targets for strategic buyers. Funding Security awareness platform SoSafe raised $73 million in its Series B funding round led by expansion-stage investor Highland Europe. This […]

Cyber Executive Moves: Citi, DNC, Blackhawk

Julia Bischoff

Truist Financial chief information security officer Howard Whyte

Cyber Deals: Xage, Human Security, GitGuardian, Simplify, Wipro

Julia Bischoff

Cybersecurity merger and acquisition deals, funding announcements, and public offerings: This week’s most sizable venture funding rounds involved cloud infrastructure security and biometric verification companies. As the sector continues to attract strong interest from strategic buyers, notable recent mergers involved security automation and response (SOAR) and cybersecurity risk consulting. Funding Critical infrastructure security provider Xage […]

Heather Dyer, acting vice president and chief information security officer, US Postal Service

Cyber Executive Moves: AmEx, Cybereason, HackerOne

SecureDisruptions

By Julia Bischoff and Corey Campbell Cybereason names CSO, SafeBreach hires CISO, AND WELLS FARGO CIO JOINS AMEX. American Express hired Ravi Radhakrishnan as chief information officer. Radhakrishnan was previously chief information officer and head of technology for Wells Fargo’s commercial banking and corporate and investment banking businesses. Bug bounty platform HackerOne hired Chris Evans […]

Crypto Harmonization—or Regulatory Turf Wars?

SecureDisruptions

By Stanley I. Foodman Don’t expect aligned, coherent rules anytime soon Multiple enforcement agencies within the US government agree that the $2.5 trillion crypto industry needs regulation. And heads of the largest crypto companies have told Congress that they agree. But therein lies the rub: competing government initiatives have yet to arrive at consensus on […]

Cyber Deals: PlainID, Noname Security, UncommonX, Entegra

Van Michael

Noname Security achieves unicorn status. Dueling API security firms close respective Series C rounds. PlainID raises $75 million in Series C funding.