BankInfoSecurity.com reported that “New cyber incident reporting rules are set to come into effect in the U.S. on May 1. Banks in the country will be required to notify regulators within the first 36 hours after an organization suffers a qualifying “computer-security incident.” The April 29, 2022 report entitled “New US Breach Reporting Rules for Banks Take Effect May 1” included these comments from Marcus Fowler (senior vice president of strategy engagements and threats at cybersecurity AI firm Darktrace):
This legislation is crucial because timely notification plays a significant role in restricting an attack’s scale, especially for institutions dependent on threat intelligence for defensive capability,..
Cybercriminals often conduct attacks as part of broader campaigns, including executing supply chain attacks that affect dozens of victims.
Supply chain attacks are often industry-centric because of reliance on the same or similar software or supplier for business operations.
Once a campaign is discovered, attackers often accelerate their offensive operations to scoop up as many victims as possible before defenders can put a patch in place or broadly distribute an indicator of compromise,…
Please stay tuned to see how effective these new Rules are!