3 Laws to Help Combat Cyber Threats


It’s hard to look anywhere these days without reading some bad news about cybersecurity. Whether it’s the recent SamSam ransomware attack that crippled the city of Atlanta, or a massive data breach exposing the personal data of millions across the web, it’s hard to escape the evolving cybersecurity threat.

Ryan Weeks, Chief Information Security Officer, Datto, Inc.
Author: Datto CISO Ryan Weeks

However, educating yourself and clients is one of the best ways to better equip yourself against these threats. To do so, it’s important to understand the current landscape of ransomware and everything you can do to protect yourself and your customers.

Recently, Datto surveyed 2,400 managed service providers across the globe. We compiled this research in our annual State of the Channel Ransomware Report to give a unique visibility into the state of ransomware from the perspective of the IT channel.

One of the more alarming stats in the report was the prevalence of ransomware attacks despite the lack of reports to the authorities. According to our survey, MSPs reported more than five attacks against clients per year. However, the more astounding statistic is that only about 24 percent of those attacks are reported to authorities, meaning the problem is likely even bigger than we know.

Luckily, as the threat continues to grow, many countries and regions are passing laws to require companies to report data breaches to the authorities and their customers. Let’s take a look at a few notable examples:

  • The Notifiable Data Breaches Law: Under the Australian law, officially known as the Privacy Amendment (Notifiable Data Breaches) Act 2017, any government agency, organization or business with an annual turnover of $3 million or more in Australia that is covered by the Australian Privacy Act (1998) is obligated to notify individuals whose personal information is involved in a data breach, as soon as practicable after becoming aware of a breach.
  • The General Data Protection Regulation: Under the European Union’s data privacy law consumers have more control and insight into their personal data and will require companies to ensure they are following safe procedures to collect, process, and store data. The regulation features increased territorial scope, breach notifications, data portability, and more.
  • California Consumer Privacy Act of 2018: In the U.S., California’s act regulates companies that store large amounts of personal information and also requires them to disclose the types of data they collect and allow customers to opt out of having their data sold.

As more regulations like the above are developed, it’s important for MSPs to understand how they affect their businesses and their customers. If you’re interested in learning more about the latest ransomware trends and best practices to keep data secure, check out the full report: Datto’s Global State of the Channel Ransomware Report

Ryan Weeks is chief information security officer at Datto Inc. Read more Datto blogs here.