- News & Events
News & Events
In an article posted this past month, we discussed Proposition 24 and the California Privacy Rights Act (CPRA) and how this changed and expanded California’s data privacy legislation. California is merely one of the first states to enact such legislation, however. The legality surrounding the cyber environment is changing nationwide as state governments are developing bills to pass similar rules and regulations. While some of the bills currently in committee may fail, looking at the consistencies between these bills and what is approved can give us a better understanding of where the United States’ cyber environment is headed from a legal standpoint.
Secuvant™ (“Secuvant” or the Company”), a leader in strategic managed security and risk advisory services, today announced its Board of Advisors, which is composed of world-class cybersecurity and technology experts whose role is to help further the Company’s continued success by providing high-level guidance and expertise on Secuvant’s strategy and offerings.
“We are proud and honored to have such a prestigious group of professionals who bring valuable insight into the ever-evolving world of cybersecurity,” said Ryan Layton, Secuvant Founder and CEO. “From health care to transportation to agriculture and construction equipment, their expertise spans a multitude of industries, helping us further expand on our goal of providing widespread peace of mind when it comes to managing cyber risk.”
When it came to cyber risk in 2020, ransomware reigned supreme. Instances of ransomware grew by more than 150% in 2020 alone, and this trend doesn’t look to be going anywhere. There was also a notable increase in the severity of attacks based on a few metrics. For 2020, the average ransom demanded increased by over twofold and amounted to $170,000 on average. Affected organizations also experienced 18 days of downtime on average due to attacks, and before encrypting data for impact, ransomware operators spent on average 13 days in compromised networks.
Proposition 24, enacted through the recent November elections, is set to change and expand California’s data privacy legislation. The details of these changes will be worked out over the coming months; however, the broad and major changes are set in stone. Of these changes, there are five major changes that look to have the largest impact on organizations. These changes include a new enforcement agency, the introduction of new concepts such as “sensitive” personal information, and the empowerment of consumers regarding their data and privacy rights.
When organizations operate with remote workers or expand their cloud systems, discipline is key. Practicing good cyber hygiene is essential regardless; however, under these circumstances, it’s especially imperative due to the increased risks organizations take on when intertwining these efforts.
Smart technology is being incorporated across the entire agricultural process. Heavy machinery, sensors, artificial intelligence, and cloud systems are being widely adopted to operate automatically without the need for human interaction. The growing number of these smart devices, their widespread interconnectivity on your network, and the increasing number of these inputs running autonomously with internet access put these systems at greater risk.
A critically important consideration for small and medium-sized businesses (SMBs) is how to address cyber risks to safeguard customer data and/or critical business operations. A return on investment analysis, alone, can build a strong case for making cyber protection a corporate priority. However, how organizations approach this challenge varies widely. It is imperative that cyber spending be balanced with other business risks to ensure that organizations are effective stewards of corporate resources.
In response to the increased use of offsite and offline backups, cybercriminals adapted and developed a new approach to conducting ransomware attacks during 2020. Known as double extortion, some cybercriminals are first engaging in data exfiltration before encrypting an organization’s systems. To make matters worse, third-party targeting and the increased use of remote work have increased organization’s risk of being affected by double extortion attacks going into 2021.
As the AG & CE industry has added more complicated devices and sensitive data on organizational networks, it has drawn more attention from cybercriminals who want to use these resources to extort, disrupt, and attack your organization. The direct costs of paying ransoms and restoring systems are not the only costs AG & CE organizations face when sustaining ransomware attacks, however, what can be more costly are indirect losses.