At a glance.
- Pirates and privateers, and how to fight them.
- Rising sentiment in favor of restrictions on paying ransom demanded by online cybercriminals.
- US Federal Trade Commission claims an active role in data security.
Two views on combatting cyber pirates and privateers.
TribLIVE says what’s old is new again in the realm of international conflict, comparing roving cyber marauders like DarkSide, who navigate dark web “backwaters” and the open seas of consumer services “with a wink and a nod from Vladimir Putin,” to the pirates of yore. Just like their early modern counterparts, cyber pirates compact with ruling parties and craft codes of conduct. The “great cyberfaring nation[s]” on the receiving end of their antics could, like those in the 16th century who’d had enough with brigands, issue “letters of marque and reprisal” authorizing private parties to engage on behalf of the state. In 2021, these parties would more closely resemble tech firms than shipowners.
Bloomberg casts DarkSide members as more privateers than pirates, given Russian cyber gangs’ tight ties to the Kremlin. (A privateer, Britannica reminds us, is a “pirate with papers.”) Bloomberg’s solution to President Putin’s ongoing strategy of weaponizing cyber piracy against rival nations is fourfold (and tack four aside, familiar): engage allies, name and sanction the perpetrators, let the NSA and CyberCom loose on hackers’ assets and capabilities, and impose proportionate consequences on states that provide “safe harbor.”
Sentiment grows in favor of restricting ransomware payment.
The Times reports UK National Cyber Security Centre (NCSC) founding executive Ciaran Martin’s comments that handling hackers like terrorists and outlawing ransomware payments would cut the industry off at its knees. “We have allowed this to spiral in an invisible way,” he observed.
FTC blogs that it expects boards to take an active role in data security.
Cooley summarizes five tips from a US Federal Trade Commission (FTC) blog underscoring board members’ responsibility for corporate cybersecurity:
- Prioritize data security.
- Know your firm’s weak spots.
- Understand that compliance doesn’t guarantee security.
- Plan for failure.
- Adapt in response to errors—yours and others’.
The FTC has in the past cracked down on deceptive or inadequate security policies that neglected, for example, network monitoring, penetration testing, documentation, or workforce training.