Rug Pulls, Regulation and Ransomware

‘Tis the season for….

Earlier this year, I spoke to a lot of privacy and security professionals. Life was not so good and they were looking for work. Fast forward to today and you will be hard pressed to find a good consultant. Why? I have a few ideas:

First, if the Biden administration has anything to say about it, the regulations are coming. 2021 was a big year for privacy regulations and it isn’t slowing down. We had the amendment in California, the new laws in Virginia and Colorado and 21 other states with laws that are close to passing, like Utah. Three new laws may not seem like that big of a deal in a country of 50 states, but it is when you are the sole privacy person trying to help a business get ready. Don’t get me started on the international laws (cough, cough, China, India). These laws all go into effect in 2023, so you have literally twelve months to comply and, for the big companies, well, twelve months is not enough time, so they are hiring like crazy. With an overall shortage of talent in privacy, it means there is no one left for small and medium businesses, which is unfortunate because small and medium businesses are under intense scrutiny.

Second, blockchain, crypto and NFTs have created new privacy and security issues. Do you know what a “rug pull” is? Well, the term describes the feeling, but think of it as a scam where the team behind the smart contract or NFT are anonymous and pull out the liquidity once they have enough to grab and run. Even though the blockchain is built on the concept of security, there are plenty of places for flaws to creep in, especially in the development of the code itself. This fact has placed huge pressure on the security labor market, particularly developers who code blockchain technology with the added skill of secure coding. Trust me, bugs are quite common. As a lawyer, it took me years to learn to check and re-check my work for those small, easy to miss mistakes. Attention to detail was a common piece of feedback in my annual reviews. Bugs in coding are the same thing.

Third, and my final point for this short post, is all the ransomware in 2021. Have you ever been the victim of a breach? Oh, who am I kidding, of course you have. You’ve gotten that email or letter that says, “sorry, your information was disclosed and so we are now offering you a year of credit monitoring.” Mostly likely, you discarded the letter and then 6 months later wondered why your credit card number seemed to be getting stolen every month. Breaches were so common pre-2021 that most people began to ignore them. It turns out, so did the hackers, because they found a much more lucrative endeavor. Ransomware is a one-to-many attack and seemingly not that difficult to pull off. What do I mean by one-to-many? It means the attackers could exploit a vulnerability in one business that affected all of that business’s customers. And it is a waterfall effect on insurance claims, which is the goal of the attackers. For example, the Kaseya ransomware event

affected all of their customers, called MSPs. If you have tried to get cyber insurance recently, then you know that the industry is hurting, badly. Talk about using a security flaw as a way to mint money off of the insurance carriers (that’s me being sarcastic).

So, what does this mean for you? I’m sorry to the bearer of bad news, but the sky is falling. In 2022, you will spend much more of your time on privacy and security, and you may not be able to hire anyone to help.

End of the Year Privacy and Security Happenings:

With the end of the year fast approaching, I thought I would provide you some great end of the year events and deals:

This Wednesday, December 8th, at 1PM EST, I will be sitting on a panel to talk about upcoming trends in cybersecurity. This is a virtual event. Okay, so I may have spoiled a lot of it in this short post, but I may have also held something back. That link is our registration.

On Thursday, December 9th, at 3PM EST, I am hosting a panel of virtual CISOs to discuss the popularity of SOC2 compliance software. If you don’t know what I am referring to, then this probably isn’t for you. If you do know what a SOC2 is and you have seen the advertisements that you can get it in two weeks, then note the fine print on those ads (hint: you aren’t getting the actual audit in that time frame). There is so much to unpack here and we hope you will join us. If you can’t, Rob Black from FractionalCISO permitted us to share his white paper on the same topic.

Are you thinking about the Metaverse as much as I am? How about web3? The other day, I thought, is anyone else interested in privacy and security in the Metaverse? So I sent one of those annoying Linkedin polls. Turns out, the answer is yes! So I am putting together a webinar on the topic. I haven’t scheduled it yet, but likely to be on December 23.

Last, but certainly not least, you may be wondering, hey, where is my ClearOPS end of year sale? Upon doing my research on rug pulls for the upcoming webinar, what surprised me was that you can probably spot the criminal before you buy the NFT using our transparency reports. Since we research websites and generate automatic reports on them, you can possibly spot fraud. For example, how long did they register the domain for? So, this got me thinking. Share this post with someone who subscribes, and the next time you are looking to buy a NFT, I will send you a free transparency report on the seller and I will even tell you what I think about it. To get your report, please fill out the information required in this Airtable form.

You’re the best!

Caroline

I am a lawyer, which makes me an advocate. Now, I am an advocate for individual privacy rights. In today’s business culture, the burden of any data breach is borne by the individual, even though the fault is not theirs to bear. I aim to change that by improving the system from within.

ClearOPS is my company. ClearOPS is a privacy tech company. Want to hear a recent podcast where we talk about privacy tech? Listen here. These posts are just my opinion. Nothing contained herein is legal advice or constitutes legal representation in any way. I do my research but it doesn’t mean I’m perfect.