At a glance.
- New York County governments respond to increased cyberinsurance costs.
- Tensions between US, Russia, and China could lead to cyberaggression.
- Australia considers tighter data regulations as cyberattacks increase.
New York County governments respond to increased cyberinsurance costs.
With cyber insurance companies hiking up claim costs, we’ve discussed how the US government is seeking ways to relieve the burden on companies seeking coverage. The Rome Sentinel offers a local perspective on the devastating costs of breaches and cyber insurance from county governments in the US state of New York. In Clinton County, officials paid approximately $48,000 for cyber coverage this year, and the estimated premium for the upcoming year is expected to increase 50%, coming in at $72,000. “We’ve been seeing the cost of cyber insurance increase for years now, but this year it went to a whole new level,” said Michael Zurlo, president of the New York State Association of Counties and the Clinton County administrator. And it costs a pretty penny to prevent or mitigate attacks. The Board of Representatives in Otsego County, where agencies were recently targeted by cyberattacks, spent $1.8 million for a comprehensive update of its computer systems, and a breach in Suffolk County led to millions of dollars in unanticipated costs to local government vendors. In a recent report, the New York State Association of Counties explained, “Insurance experts deem municipalities as a high cybersecurity risk right now, which is why it’s important for municipal leaders to begin strengthening their cybersecurity efforts.”
Tensions between US, Russia, and China could lead to cyberaggression.
The Register reports that cyber-diplomats from twelve countries gathered this week at the Singapore International Cyber Week 2022 to discuss global internet security. China's coordinator for cyber affairs, Wang Lei, noted that conflict in cyberspace often reflects conflict in the real world. "If you read the statement by US Homeland Security this week, you will find it interesting and it shows how conflict has real world impact on cyberspace," he stated.
Indeed, experts say tensions between the US, China, and Russia are at their peak, and that America should be prepared for an increase in retaliatory cyberattacks. Dmitri Alperovitch, geopolitics expert and co-founder and former CTO of CrowdStrike, told the Washington Post, "What I do think we're about to enter is probably one of the most dangerous times that we've had in the history of the cyber domain, when it comes to our infrastructure here in the West — both because of what Russia may be doing against us, as well as China.”
The Nord Stream was recently hit with explosions that disrupted the transport of fuel into Ukraine, and while Russia blamed the US, America, Ukraine, and Poland are confident Russian President Vladmir Putin is behind the blasts. “It shows that as he's escalating his rhetoric, including the use of nuclear threats, as he's mobilizing the Russian public, he may be willing to target the West, and cyber probably is going to be his first weapon of choice,” Alperovich explained. Meanwhile, the Protocol notes, tightened export controls banning the sale of semiconductors and chip-making equipment to China, some of the most stringent restrictions the US has ever enacted, are likely to elicit a cyber response from Chinese President Xi Jinping. Alperovitch predicts that China will take action “both against American companies in China as well as potentially through cyber operations to try to compensate for the loss of access to technology with IP theft. I don't think it's going to be enough, but they're going to keep trying.” Representative Jim Langevin of Rhode Island agrees. “They're stealing to the tune of probably trillions of dollars, and that leads to loss of productivity. It costs American jobs, and China has been, unfortunately, relatively unrestrained, and I think that's an area we need to work harder to push back on China and their malicious cyber activity,” Langevin stated.
Australia considers tighter data regulations as cyberattacks increase.
Australia has seen a surge in cyberattacks in recent weeks, starting with the massive customer data breach at telecom giant Optus, and health insurance provider Medibank Private Ltd. is the latest target. The largest health insurer in the country, Medibank provides coverage for one of every six Australians, Reuters reports. The company disclosed a week ago that a threat actor had stolen 200 gigabyes of data, and an unidentified person says he’s in possession of the data of one hundred customers. The Australian Federal Police have launched investigation to determine the full scope of the breach. "What we have here is ... healthcare information and that just on its own being made public can cause immense harm to Australians and that's why we are so engaged with this," said Cybersecurity Minister Clare O'Neill. Experts say it’s unclear whether the incident is linked to the Optus breach, but the government is reviewing its cybersecurity laws in order to better protect Australian data. Lawmakers have already amended data sharing laws so targets can communicate more freely with financial institutions, and many are calling for changes that tighter restrictions on what personal data organizations can store and for how long. CRN argues that incident disclosure laws must also be strengthened in order to make sure the public is made aware of breaches in a timely manner. Since 2018, Australia has had a “Notifiable Data Breaches” scheme that requires all organizations to notify impacted individuals as well as the Office of the Australian Information Commissioner if a breach is likely to result in serious harm. However, notification is not required if the organization takes remedial action to prevent harm, and public disclosuer is never required.