Despite general awareness regarding phishing (we have written about phishing in a prior post), it still remains one of the most common ways to accomplish cyberattacks. It should be no surprise that cybercriminals are constantly coming up with more elaborate and sophisticated ways to gain access to sensitive systems and data. A recent article lists three measures designed to deter phishing and related attacks, which we have summarized below.
The US Treasury Department has issued a request for public comment on a federal cyberinsurance program that would aim to cover the costs associated with severe cyberattacks. The Federal Insurance Office (FIO) and the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) are currently conducting a joint assessment for Congress. Because cyberattacks are occurring at such frequent rates, rates for cyberinsurance coverage have soared, making it difficult for businesses to afford coverage if it is even available. The proposed federal program would focus on critical infrastructure and be used as a backstop.
In a recent LawFlash, a team of Morgan Lewis lawyers reviewed the US Securities and Exchange Commission’s proposal for a new rule and rule amendments that, if adopted as proposed, would require registered investment advisers to meet certain requirements when outsourcing “Covered Services.” The rule includes heightened requirements for due diligence, monitoring, and reporting, including amendments to Form ADV.
In a webinar that has value for all technology clients, Morgan Lewis partners Kenneth Davis and Ezra Church will review intellectual property (IP) protection and cyber threats for growing businesses.
In March 2022, President Joseph Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022, which tasked the Cybersecurity and Infrastructure Security Agency (CISA) with developing and implementing regulations around cyber incident and ransom payment reporting. Under the act, the CISA is to gather the information it receives from covered entities and analyze it to the extent that such information can be used to help identify ways to avoid similar incidents in the future, or minimize the harmful potential impacts.
On September 15, the EU Commission published a proposal for a Cyber Resilience Act (Proposed CRA), which builds on the 2020 EU Cybersecurity Strategy and the 2020 EU Security Union Strategy, with the aim of ensuring the cybersecurity of products with digital elements and the provision of sufficient information to consumers about the cybersecurity of the products they buy and use.
The Department for Digital, Culture, Media & Sports (DCMS) confirmed on August 30, 2022, that it will push forward with tough new regulations and a code of practice to bolster the security and resilience of the United Kingdom’s electronic communications networks and services against current and future cyberthreats.
Contract Corner
With the COVID-19 pandemic, many industries experienced a major shift in how the personnel of key suppliers worked, with “nonessential” personnel in large part working remotely. When this shift to remote work first happened (rather abruptly for many companies), security was a critical consideration, but one that was handled in many instances outside the supplier contract, with both parties focusing on keeping business operations going with must-have data and security safeguards in place.
As we all try to keep up with the Metaverse and as the healthcare system wilts under a data deluge, the convergence of realities in a shared online space is not merely a chance for practitioners and patients to find each other and interact in new ways, it’s also a rare opportunity to help a new paradigm sprout. The answers to detangling some sticky wickets of Health 2.0, like ensuring efficient, secure communications and exchanges between participants, may share a common thread: clear out (not just debug) the cobwebs and flip the crypt.
The Morgan Lewis Technology Marathon continues with these webinars on cybersecurity and cyberinsurance.