When you think of a whistleblower at any time other than 11:59 on New Year’s Eve, you probably have in mind someone who put themselves in grave career (or physical) jeopardy to expose wrongdoings at the highest corporate or governmental levels. Think Daniel Ellsberg, Frank Serpico, or Karen Silkwood. You probably envision secret meetings in dank corridors between people in trench coats exchanging information that could have far-reaching consequences for capitalism and democracy.
What very likely doesn’t come to mind when you think of a whistleblower is a cybercriminal lurking in his basement in Russia with a Ferrari, Lamborghini, and Monster Truck parked in his garage, but unfortunately this is part of a new reality.
Ransomware purveyors and cybercriminals have no shortage of imagination or ability to innovate when it comes to using cybercrime to make a buck. Now there’s a new scheme they’ve cooked up: Rather than simply causing a data breach and stealing data, they are retaining evidence of the breach (theirs or anyone else’s) and threatening to be a whistleblower who reports the breach to the SEC or other regulators…unless a ransom is paid.
This new line of attack has been made possible via a newly minted SEC regulation that requires listed companies to report material data breaches within 96 hours (i.e. four days) of the breach…or else. If the cybercriminals cause the breach, they then have a clean 96-hour countdown from which they can require the company to pay up. Otherwise, they will release the breached data AND notify the regulators that the breach occurred and that the time limit to notify the SEC has passed—in effect, a double ransom. What a racket!
Of course, some companies have expressed concern about the short four-day reporting window because it takes time to determine if an incident is material and then create and submit any reporting. Until now, many organizations have taken months to report a breach and only did so after they had completed their investigation.
This is precisely why it’s now more important than ever to retain control of your files with RDocs so as to minimize risk of a breach (and the potential for a double ransom). RDocs empowers you to protect, control, track, or kill access to documents in-the-ether, even after sending. RDocs is the only EDRM platform built on 20 years of leadership in email security and compliance.
Know More on Document Control
Or, if you feel you need to have time-stamped proof of delivery of a breach disclosure (or any other time-dependent notice), you can rely on the global standard for legal, verifiable, and time-stamped proof of content e-delivered --- with the famous Registered Email™ service.
If you would like to try RDocs, RPost’s document content controls technology, or RMail email security—or world leading (as IDC named us) RSign eSignatures – or Registered Email proof.
November 12, 2024
November 06, 2024
November 01, 2024
October 29, 2024
October 25, 2024