Data Security Year in Review

Nutter McClennen & Fish LLP
Contact

October marks the seventeenth annual National Cybersecurity Awareness month in the United States and provides an opportune moment to take stock of an extraordinary year. The past year has seen a rise in high-profile data incidents, an increase in enforcement actions, and an overall intensification in efforts to confront these threats. This alert highlights three significant developments in 2020:

First, cybercriminals have grown more conspicuous—and more purposeful—in their attacks. In April, hundreds of thousands of Zoom login credentials were found for sale in online criminal marketplaces, causing a rash of “Zoom bombing” that plagued the online video conferencing provider. Zoom responded with a crash investment in security that has substantially reduced the problem. In July, Twitter’s internal administrator tools were compromised, allowing a hacker access to high-profile accounts belonging to the likes of Bill Gates, Joe Biden, and others. In August, Massachusetts-based research firm Moderna, which is leading efforts to develop a COVID-19 vaccine, announced it had been targeted by hackers linked to foreign governments. In September, Universal Health Services, a large national hospital chain, was forced to rely on paper records after its network was breached during a ransomware attack that forced it to take its systems for digital medical records, laboratories, and pharmacies offline in approximately 250 facilities. Cybercrime often made for front-page news in 2020; look for this trend to continue.

Second, enforcement efforts are increasing. In July, the New York Department of Financial Services (NYDFS) filed suit against First American Title Company alleging the company’s lax data security practices led to the exposure of more than 800 million documents containing sensitive information. This suit marks the first cybersecurity enforcement action brought by the regulator under the NYDFS Cybersecurity Regulation. Other state authorities are also getting more active. The California Attorney General has made clear that it will use its new authority under the California Consumer Protection Act (CCPA) to enforce the law’s provision. Here in Massachusetts, Attorney General Maura Healey announced that Assistant Attorney General Sara Cable would oversee the Commonwealth’s efforts to protect consumers from the surge of threats to their privacy and security as Chief of the newly created Data Privacy and Security Division of the Attorney General’s Office. More broadly, federal agencies, including the Securities and Exchange Commission, the Department of Justice, and the Treasury Department have also announced or threatened additional enforcement actions.

Third, companies nationwide are increasing their cybersecurity spending. Despite the hardships wrought by the pandemic, security and risk management spending has marched on nearly unabated and is expected to top $3.4 trillion worldwide in 2020. Realizing that the business case is self-evident for such spending, many see that an ounce of prevention is worth a pound of cure. Yet, for all the macroeconomic focus on cybersecurity, many small and medium sized businesses still haven’t adopted basic defenses or instituted recommended practices. 

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Nutter McClennen & Fish LLP | Attorney Advertising

Written by:

Nutter McClennen & Fish LLP
Contact
more
less

Nutter McClennen & Fish LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.