What are the laws around ransomware attacks? Are our cyber crime related laws, behind the times? Do we have the state capacity to go after the criminals making these ransom demands?
Sorry, I am unqualified to answer either of these two questions. Here are my guesses at the answers: I don't think there is anything particularly special about ransomware that requires special laws: the existing laws should be enough. The bigger problem is the ability to find the culprits. I believe that so far, none of the countries in the world have put much governmental effort in this. Only now the US has begun to take it seriously and has declared that ransomware will be given the same level of importance as terrorist attacks.
Defense is the only thing companies can do. Governments can go on offense but that wasn't happening so far because it wasn't important enough. That could change now with the Colonial Pipeline hack.
Okay... I will have to read about it. Thank you so much for your guidance :)But, the vaccination analogy still sounds like a defense mechanism... Not sure if that can help prevent cyber-attacks in the long run.
What are the laws around ransomware attacks? Are our cyber crime related laws, behind the times? Do we have the state capacity to go after the criminals making these ransom demands?
Sorry, I am unqualified to answer either of these two questions. Here are my guesses at the answers: I don't think there is anything particularly special about ransomware that requires special laws: the existing laws should be enough. The bigger problem is the ability to find the culprits. I believe that so far, none of the countries in the world have put much governmental effort in this. Only now the US has begun to take it seriously and has declared that ransomware will be given the same level of importance as terrorist attacks.
World over have there been any convictions related to ransomware attacks? Any example?
Here is what Wikipedia has to say on this topic: https://en.wikipedia.org/wiki/Ransomware#Criminal_arrests_and_convictions
"...on what is the cybersecurity equivalent of masking up and social distancing." Is defence the only way to protect one's/companies' data?
Defense is the only thing companies can do. Governments can go on offense but that wasn't happening so far because it wasn't important enough. That could change now with the Colonial Pipeline hack.
Also, security companies provide a service called penetration testing (or pentesting) which can be considered the equivalent of vaccination.
Okay... I will have to read about it. Thank you so much for your guidance :)But, the vaccination analogy still sounds like a defense mechanism... Not sure if that can help prevent cyber-attacks in the long run.
Not just Governments, even private organizations should think of it...