Ransomware is the new black. In fact, it’s the new China. So says our guest for episode 116, Dmitri Alperovitch, the CTO and co-founder of CrowdStrike. Dmitri explains why ransomware is so attractive financially – and therefore likely to get much worse very fast. He and I also explore the implications and attribution of the big bank hacks in Vietnam and Bangladesh.
In the news roundup, Michael Vatis reports on the new federal trade secrets law. In addition, inspired by the Edelson firm’s sealed complaint against a Chicago-based law firm for cybersecurity failings, Steptoe’s chair emeritus, Roger Warin, charts the legal and strategic terrain of suing law firms for bad security. The hazards of class action litigation in this field are illuminated by the district court’s recent ruling on the Zappos breach, which Michael unpacks for us.
Unable as always to resist a sitting duck, I quote the FTC’s condescending Congressional testimony promising to give the FCC the benefit of its 40 years of security expertise. It plans to offer comments on the FCC’s proposed privacy regulations. But the FTC fails to note that in all those 40 years, it has never had occasion to ask anyone for comment on its own privacy or security standards – which are scattered haphazardly across a series of brochures and weblinks and consent decrees. As I point out, that makes it hard not just for companies that want to comply, but also for the FTC, which has no way to amend its outdated security guidance, most notably the bad advice it gave several years ago about requiring employees to change passwords frequently. Maybe it’s time for the FCC to return the favor, and give the FTC the benefit of its own years of experience in actually issuing and taking comment on proposed regulations.
Download the 116th episode (mp3).