Following a series of high-profile digital intelligence campaigns and disruptive ransomware attacks, any company that is critical to U.S. national interests (finance, transportation, and energy sectors) must report when they are hacked or pay ransomware. Reporting these incidents will provide the federal government with more visibility into hackers who target private companies. Any substantial cyber incident will need to report to the government within three days and any ransomware payment to be reported within 24 hours. This reporting requirement legislation has been approved by the House and Senate on March 10th, 2022, and will be signed into law by President Joe Biden.
A ransomware attack is an act in which criminals hack targets and hold their data hostage through encryption until ransoms have been paid. According to reports last year, hackers disrupted the world’s largest meat-packing company and the largest U.S. pipeline, putting lives and livelihoods at risk.
As the war in Ukraine continues, government officials are concerned about the threat of Russian cyber and ransomware attacks against the U.S. Many ransomware operators reside and work in Russia. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency is designated by the legislation as the main agency to receive any notification of hacks and ransomware payments.
As an employer, it’s vital you communicate these concerns with your staff to best safeguard your organization against any attacks. We recommend utilizing a cybersecurity refresher course within your learning management system as a quick and efficient way to convey this information.
Contact us today for any questions or concerns you may have.