Articles Posted in Cybersecurity
The Many-Headed Threat of Ransomware
It may seem that the very term “ransomware” wasted little time going from “newish-sounding threat” to expected, constant presence in the news and IT meetings alike. But, of course, it’s ultimately just a modern word for one of the oldest crimes out there—holding someone or something hostage until someone else pays for its release. Nonetheless, as the targets and means of these attacks have evolved, keeping track of it all has become a bit more complicated than a name on a ransom note. The ransomware landscape is constantly shifting as actors change their targets, find new points of attack and think of fresh ways to leverage encrypted data. Hundreds of variants of ransomware have been documented over the past few years, but here’s a cross-section of types posing a threat right now.
News of Note for the Internet-Minded (2/1/22) – AI Colleagues, AR Experiences and Ransomware Dangers
Can AI build AI, what does an augmented reality theater production look like, what is the “quantum apocalypse,” and more…
The EU’s “Third Way” to AI Regulation
Insurance Options for NFT Owners
Here at Internet & Social Media Law, we examine new developments and challenges that impact the digital and social media landscape. Over on our Policyholder Pulse insurance law blog, we provide insight on non-fungible tokens (“NFTs”) and the importance of knowing the available insurance options when dealing with them. As NFTs become more common, whether it’s sports tickets and memorabilia or art work, it’s imperative to know how to protect these digital assets. We discuss further in “Covering the Highlight Reel: The Need for Insurance Options to Protect NFT Owners.”
Ransomware, Data Breaches and the Tension Between Disclosure and Damage Control
Brian Finch recently returned to Joel Simon‘s Industry Insights podcast to discuss the uptick in cyberattacks, data breaches perpetuating insider trading and strategies companies can employ to guard against these problems.
Joel Simon: It’s hard to believe it’s been more than 10 months since you joined us for a discussion of social engineering, fund diversion scams and a then recent escalation of state-sponsored cyberattacks. A lot has changed since then, but not surprisingly cyberattacks have increased and some of their aftereffects have had far-ranging implications. What are you seeing as the biggest threats today?
Three Cybersecurity Measures a Business Should Take Amidst a Pandemic
An exponential increase in telework prompted by the COVID-19 pandemic has led to a parallel increase in cyberattacks, requiring companies to actively monitor cyber risks. On Pillsbury’s Industry Insights podcast series, colleague Brian Finch, a partner in the Government Law & Strategies group and co-leader of the COVID-19 taskforce, discussed two types of threats that have skyrocketed in the current crisis. The following describes three key takeaways on the increased risk for cybersecurity and measures businesses should take to mitigate threats in the case of a cyberattack.
Does the CFAA Apply to Website Scraping? The Ninth Circuit Says “Not So Fast”
Companies use a variety of causes of actions to protect their websites from competitors or others wanting to “scrape” data from their site using automated tools. Over the years, legal doctrines such as copyright infringement, misappropriation, unjust enrichment, breach of contract, and trespass to chattels have all been asserted, though many of them have limited applicability or are otherwise imperfect options for site owners. One of the most commonly used tools to protect against scraping has been a federal statute: the Computer Fraud and Abuse Act (CFAA). The CFAA is a cybersecurity law passed in 1986 as an amendment to the Comprehensive Crime Control Act of 1894. Originally drafted to address more traditional computer “hacking,” the CFAA prohibits intentional access to a computer without authorization, or in excess of authorization. Due to both the criminal and civil liability that it imposes, the CFAA has been an effective tool to discourage scraping, with website operators arguing that by simply stating on the site that automated scraping is prohibited, any such activity is unauthorized and gives rise to CFAA liability. An ongoing case between data analytics company hiQ Labs Inc. and LinkedIn questions the extent to which companies may invoke the CFAA as it pertains to scraping of this type of data.
CCPA, GDPR and the Future of Cross-Device Tracking
Efforts to regulate cross-device tracking have increased since we last addressed the topic in 2017, following the release of the FTC’s Staff Report. Significant developments include the implementation and enforcement of the EU’s General Data Protection Regulations (GDPR), and the fast-approaching implementation deadline for the California Consumer Privacy Act (CCPA). These regulations, while not targeting cross-device tracking specifically, seek to limit the way in which consumer data is tracked and sold.
Trade Secrets and Theft by Steganography: When a Picture Contains a Thousand Words
In November 2018, the U.S. Department of Justice rolled out the China Initiative. This new policy includes plans to “identify priority Chinese trade theft cases, ensure we have enough resources dedicated to them, and … bring them to an appropriate conclusion quickly and effectively.” The new Attorney General, who has a master’s degree in Chinese Studies, supports the Initiative and intends to continue to advance it.