Cyber Alert: New Era in Privacy Liability to Begin. California’s Data Privacy Law Could Be Game-Changer

As the nation’s most far-reaching data privacy law, California Consumer Privacy Act (CCPA), is set to begin Jan. 1, 2020, businesses and their insurers are preparing for a new era in cyber liability.

Anxiety is on the rise and a sense of urgency has set in for Robert L. Wallan’s clients. Wallan, a partner in Pillsbury Winthrop Shaw Pittman LLP in Los Angeles, Calif., handles class actions, insurance recovery and business-related litigation.

Cities Turn to Hackers to Protect Their Tech

In early May, the city of Baltimore was struck by a ransomware attack that completely crippled the city’s computer networks and online services. Five weeks after the attack, the city was only able to restore one third of employees’ emails and the city’s billing system for water services was still offline. By July, email access for employees was finally restored, according to the Baltimore Sun, but the city’s email archive was still not accessible. Experts estimate that the Baltimore ransomware attack will cost the city approximately $18 million to restore all systems, yet the perpetrators of the attack demanded just $80,000 in cryptocurrency.

While Baltimore continues to make headlines, smaller cities and government agencies are also generating news about ransomware attacks. Three additional cities in Florida have been attacked and two of them — Lake City and Riviera Beach — agreed to pay the ransom, ranging from U.S. $500,000 to $600,000.

Detecting Deepfakes by Looking Closely Reveals a Way to Protect Against Them

Deepfake videos are hard for untrained eyes to detect because they can be quite realistic. Whether used as personal weapons of revenge, to manipulate financial markets or to destabilize international relations, videos depicting people doing and saying things they never did or said are a fundamental threat to the longstanding idea that “seeing is believing.” Not anymore.

Most deepfakes are made by showing a computer algorithm many images of a person, and then having it use what it saw to generate new face images. At the same time, their voice is synthesized, so it both looks and sounds like the person has said something new.

Cyber Insurers Need Loss Data to Properly Underwrite Risks

While there are “huge opportunities” on the horizon for the cyber insurance industry, cyber insurance underwriters still face the challenge of not having enough historical data to work with.

“It’s really scary to underwrite something when you just don’t know what the potential losses could be,” said Brian Meredith, managing director at UBS Group AG, during a panel discussion on trends in the property/casualty insurance sector at S&P’s 2019 Global Insurance Conference in New York. “There’s lots of opportunity here, but we need a lot more data to expand it.”

The Baltimore Cyberattack Highlights Hackers' New Tactics

Cyberattacks on local governments are on the rise -- and they’re becoming more sophisticated. The latest case in Baltimore, where the city is still struggling to restore critical networks more than three weeks after being hacked, could be a harbinger of things to come.

Already this year, at least 24 municipalities have reported ransomware attacks, including Amarillo, Texas; Augusta, Maine; Imperial County, Calif.; Garfield County, Utah; Greenville, N.C.; and Albany, N.Y. That’s on pace to surpass last year’s total of 53, according to data collected by the tech company Recorded Future.

Title Insurer First American Says App Defect May Have Exposed Customer Data

U.S. real estate title insurance company First American Financial Corp. said on Friday it had learned of a design defect in one of its production applications that had made possible unauthorized access to customer data.

The statement was sent in response to a report by security news website Krebs on Security, which said First American’s website had exposed about 885 million files dating back to 2003.

Electricity Grid Cybersecurity Will Be Expensive — Who Will Pay, and How Much?

Recently, a neighbor asked one of us whether Russia, China, North Korea and Iran really are capable of hacking into the computers that control the U.S. electricity grid. The answer, based on available evidence, is “Yes.” The follow-up question was, “How expensive will it be to prevent, and who will end up paying for it?”

The answers are: Likely tens of billions of dollars, and probably us, the electricity customers. This is a major — and, in our view, vital — investment in community and national security. But as scholars of grid cybersecurity, we understand it’s not very clear what consumers will be getting for their money, nor whether utility companies themselves should bear some share of the cost.

Climate Change and Cyber Attacks Named as Biggest Global Security Threats

Climate change is seen by more countries as a top international threat, but many also name ISIS and cyberattacks as their top security concern, according to a new survey by the Pew Research Center conducted among 27,612 respondents in 26 countries from May 14 to Aug. 12, 2018.

The Intergovernmental Panel on Climate Change released a report last year expressing serious concerns about the possible impacts of climate change, both in the near and distant future. Broadly speaking, people around the world agree that climate change poses a severe risk to their countries. Since 2013, worries about the climate threat have increased significantly. The biggest increases have been in France (up 29 percentage points) and Mexico (up 28 points), but there have been double-digit rises in the U.S., U.K., Germany, Spain, Kenya, Canada, South Africa and Poland as well.

When it comes to cybersecurity, states are the weak link

Every year, we receive the same news: Cyber threats against the United States are on the rise. This year, though, we have some good news: Federal government officials are finally taking these threats seriously. These officials are committed to developing a cyber strategy and working hard to shore up the nation’s virtual defenses. Congress is exploring ways to reorganize its own technology research capabilities. The military is figuring out how to put Silicon Valley to use.

Governments at the state level, however, are lagging.

Cybersecurity suffers from the weak-link problem: Weaknesses in one area can put entire systems at risk. With cyberattacks affecting state and local governments every day, the United States cannot afford to let state-level cybersecurity go unaddressed.

The Legal Implications of Digital Privacy

A June 2018 decision rendered by the Supreme Court of the United States established an interesting principle on digital privacy in a case related to a criminal proceeding.

The decision stated that the government must obtain a warrant in order to collect historical cell site location information (CSLI) of customers held by the cellphone companies. The case’s decision is based on whether police must require a warrant in order to access information from users generated by cellphones of a suspect in a criminal investigation. This decision implies that in the future, law enforcement authorities will not have an “unrestricted access to a wireless carrier’s database of physical location information” (From the majority by Justice John Roberts).


Subscribe to RSS - Cyber Security