ARLINGTON, Va.–Will recent, high-profile ransomware attacks on companies in the U.S. help break a logjam in Congress on data and infrastructure security legislation?
The ransomware attacks have also spurred new statements and initiatives from the White House and the Justice Department.
The credit union trade groups have joined in recent years repeatedly advocating for tougher data security standards for businesses and merchants, especially in the wake of numerous data breaches that exposed consumers’ personal payments data, leading to expensive card reissuances and, in some cases, litigation.
But the business community and especially the powerful retailers’ lobby has pushed back on any tightened standards for retailers, creating a stalemate.
In the last month, however, there have been sensational attacks on companies that included the hack of Colonial Pipeline—leading to panic over gas shortages—and on JBS, the largest meat-processing company in the U.S.–that were widely reported. Could those attacks shift the momentum in Congress on data security legislation?
Attention Nice, But…
Carrie Hunt, EVP and general counsel with NAFCU, said she is always hopeful, but she isn’t buying, much less chilling, the champagne at this point.
“Any attention is certainly possible, but there are lots of different issues Congress is dealing with. This is just one,” said Hunt. “Clearly, the signal is infrastructure and taxes are going to take priority.”
As for ongoing attacks on credit unions themselves, Hunt said CUs have told NAFCU it isn’t just malware they are seeing. “There has been an uptick in just the amount of fraud in general that credit unions face every single day. When I first learned about it, it shocked me, but not just in credit unions but at financial institutions in general.”
White House Statement
Meanwhile, the White House issued a memo reading, "The number and size of ransomware incidents have increased significantly, and strengthening our nation's resilience from cyberattacks - both private and public-sector - is a top priority" for President Joe Biden. The memo was sent to U.S. corporate executives and business leaders, urging them to ensure they're following a detailed list of cybersecurity best practices.
Last week, the Justice Department also issued new guidance for prosecutors, to ensure that all cases they're tracking - domestically and abroad - get coordinated with the government's recently launched Ransomware and Digital Extortion Task Force. Based in Washington, the task force counts the FBI, National Security Division, computer crime, anti-money laundering and other parts of the DOJ as participants.