The EU has issued its first ever cyber-sanctions regarding cyber attacks, imposing them against alleged Russian military agents, Chinese cyber spies, and organizations including a North Korean firm, per reporting in the AP. The sanctions quote “are a travel ban and asset freeze to natural persons and an asset freeze to entities or bodies. It is also prohibited to directly or indirectly make funds available to listed individuals and entities or bodies.”
Meanwhile, a Canadian services provider, Pivot Technology solutions, revealed vandals stole Personal information of US employees and consultants, including names, addresses, dates of birth, gender, disability status, payroll data, banking details, social security numbers, and insurance coverage.
And Twitter has further updated on its social engineering failure, identifying it was a targeted phone-based social engineering attack to gain access to the internal network and support tools.
Why do we care?
It’s a huge change to move to add cyber-sanctions to the arsenal. The EU is ratcheting up the response, and this is indiciative. The moves at the nation-state level give clear indication of what will be coming – these are serious crimes, and will be dealt with as such.
Which is why I include the other two stories – the provider had to do a disclosure, which revealed the broad nature of the theft. The missing component is the consquences. On the private industry side, these are both serious disruptions and massive risks for society… and right now, the consquences are not proportional.
I don’t expect that to remain this way, and thus we care because we should be planning for that.