- 4 States prepare to pass data privacy regulations
- Phishing scam compromises top VC firm
- Cybersecurity budgets expand to meet a hybrid workforce.
Know a colleague or fellow MSP who should be receiving the Situation Report in their inbox? Just forward this over and subscribe by scrolling to the bottom of www.blokworx.com. This monthly newsletter is designed to arb SMB,s C-suite, and MSPs with top insights and trends shaping the cybersecurity landscape in order to protect your business.
#1: Four states are drafting new data privacy laws
- From Europe’s General Data Protection Regulation (GDPR) to California’s Consumer Privacy Act (CCPA), regulatory compliance is increasingly critical for companies collecting customer data. These laws already make cybersecurity a bottom-line issue for many organizations, and expanded protections will only complicate an already dubious data environment.
- Four states, including Washington, Virginia, Oklahoma, and Minnesota, are crafting new laws that could go into effect in 2021, posing additional legal hurdles for companies that fail to comply.
Insight:
While each law produces a patchwork of data privacy mandates, the collective impact empowers consumers to control their data and charges companies with managing and protecting this highly valuable information. Taken together, it’s clear that regulatory compliance is a central component of their operations moving forward.
#2: Top venture capital firm falls for a phishing scam
- Cybercriminals know that it is significantly easier to trick one employee than it is to infiltrate an entire network. That is why bad actors send millions of phishing scams every day. Each malicious message presents the possibility that they will receive front-door access to customer and company data.
- Sequoia Capital was reminded of this reality when an employee’s email was successfully phished, allowing bad actors to access investors’ personal and financial information.
Insight:
This escalation makes it more difficult for companies to avoid the high cost of a ransomware attack. Unfortunately, the upfront recovery costs are just the beginning. Reputational damage makes it less likely that customers will return to your platform, and a recent study found that a ransomware attack severely damages company culture in often-irreparable ways.
#3: Companies increase cybersecurity budgets in response to remote work.
- The rapid transition to remote work taxed organizations’ cybersecurity capacity. Not only did this transition rapidly expand the threat landscape, but it exhausted their resources, leading many companies to abandon existing cybersecurity efforts in favor of remote-specific initiatives.
- In response, a recent survey of more than 200 organizations found that 91% of respondents expect to increase their cybersecurity budgets in 2021 as companies look to continue advancing long-term security strategies while continuing to adapt to a hybrid work environment.
Insight:
Nearly 75% of business executives view cybersecurity as a top priority, and, despite continued financial uncertainty, it’s clear that they are willing to invest significant sums to avert a data breach or cybersecurity incident.
In Other News…
2/25: SolarWinds expects to spend up to $25 million on security-related expenses after breach.
2/24: Legal advisory company leaked data on 15,000 cases due to cloud security configurations.
2/19: The largest and oldest safety certification company hit by ransomware attack.
2/15: Online workspace system outage connected to phishing complaints from domain registrar.
2/11: Slack on Android passwords reset after company stored passwords in plain text.
2/05: Mortgage loan servicing company experiences multi-state ransomware attack.