The ALPHV/BlackCat ransomware operation has filed a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack.
Dr. Ilia Kolochenko, Chief Architect at ImmuniWeb and Adjunct Professor of Cybersecurity & Cyber Law at Capitol Technology University, has commented:
Q3 2023 hedge fund letters, conferences and more
“Misuse of the new SEC rules to put additional pressure on publicly traded companies was foreseeable, moreover, ransomware actors will likely start filing complaints with other US and EU regulatory agencies when the victims fail to disclose a breach within the timeframe provided by law.
Having said that, not all security incidents are data breaches, and not all data breaches are reportable data breaches. Therefore, regulatory agencies and authorities should carefully scrutinize such reports and probably even establish a new rule to ignore reports uncorroborated with trustworthy evidence, otherwise, exaggerated or even completely false complaints will flood their systems with noise and paralyze their work.
Victims of data breaches should urgently consider revising their digital forensics and incident response (DFIR) strategies by inviting corporate jurists and external law firms specialized in cybersecurity to participate in the creation, testing, management and continuous improvement of their DFIR plan. Many large organizations still have only technical people managing the entire process, eventually triggering such undesirable events as criminal prosecution of CISOs and a broad spectrum of legal ramifications for the entire organization. Transparent, well-thought-out and timely response to a data breach can save millions.”
More on this story here.
About Dr. Ilia Kolochenko
Dr. Ilia Kolochenko is a Swiss cybersecurity expert and entrepreneur. Having over 15 years of practice in cybersecurity and cybercrime investigations, he is currently Chief Architect & CEO at ImmuniWeb, a global application security company serving over 1,000 enterprise clients from more than 50 countries.
