Kaspersky Lab calls for improvements in the law on turnover penalties for leaks 08:00

The adoption of a law on turnover penalties for data leakage in Russia could become an additional factor of pressure on Russian companies in the industrial sector for hackers, as well as a competitive tool for organizations. Vladimir Dashchenko, an expert in the Kaspersky ICS CERT unit at Kaspersky Lab, told socialbites.ca.

The law on turnover penalties for data leaks was submitted to the State Duma at the end of 2023. Companies are subject to fines of 0.1-3% of their annual revenue for repeated data leaks. The scale of sanctions will depend on the number of personal data subjects affected by the incident (from 1 thousand people to 100 thousand people). In this case, the fine cannot exceed 500 million rubles. In January 2024, the law was passed in the first reading.

According to Dashchenko, if the new regulatory norm is finally adopted, some organizations in the industrial sector may suffer. The expert noted that hackers could remain in a hacked company’s network for years and not show any signs of compromise. Turnover penalties legislation could be a chance for bad actors to make their presence known by blackmailing companies with early concessions and extorting money from them in exchange for not leaking data.

“Experience studying complex and specifically targeted attacks on the industry shows that well-trained attackers, including financially motivated groups, can remain in the infrastructure for a long time. Or the company may have been compromised a long time ago and access to the company was resold to another team of attackers on the black market some time after the moment of compromise,” Dashchenko said.

In addition, according to the expert, after the implementation of turnover penalties, hackers may become mercenaries in the hands of organizations. A company that has information about a competitor’s settlement can “turn it over” to the regulator. The regulator will impose a large fine on the competitor and the unscrupulous company will gain an advantage in the market.

After all, hackers could hypothetically use the new law to take down entire business groups. To do this, attackers using previously unknown backdoors in software, for example, can simultaneously publish stolen data from several structurally important companies. As a result, many large industrial enterprises in certain regions may suffer immediate financial and reputational losses.

“I think this initiative [о вводе оборотных штрафов] It requires additional discussion of all possible details and scenarios to avoid irreparable consequences for business in the industrial sector in the future,” Dashchenko said.

Formerly TheMoon botnet infected More than 46 thousand Wi-Fi routers in 88 countries.

What are you thinking?

Source: Gazeta


More from author

The Russian Banking Association evaluated the future of the ruble against the backdrop of sanctions against the Moscow Stock Exchange 15:20

It is difficult to predict what the dollar and euro exchange rates will be after the Moscow Stock Exchange announced the suspension of trading...

The driver of the sewer truck attacked the woman who was taking a video while throwing waste in a prohibited place 15:47

In Barnaul, a woman was attacked by the driver of a sewage truck while dumping waste in a prohibited place. About this on...

Underground reports attack on Nikolaev 15:44

The Russian army launched a single missile attack on Nikolaev. This was reported by RIA News referring to Nikolaev underground coordinator Sergei Lebedev. He...

Tsiskaridze about Volochkova: “We all face failures” 15:50

Ballet dancer Nikolai Tsiskaridze believes that after 50-100 years a film will be shot about the fate of Anastasia Volochkova. The choreographer shared...