aceds-acfcs cybersecurity webcast
TRANSCRIPT
![Page 1: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/1.jpg)
Life’s A Breach: Surviving Your Next Cyber-Attack
Garry A. Pate
Director
Stout Risius Ross, Inc.
Robert C. Ludolph
Of Counsel
Pepper Hamilton LLP
Members OnlyMembers Only
![Page 2: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/2.jpg)
Visit ediscoveryconference.com
![Page 3: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/3.jpg)
Visit FinancialCrimeConference.com
KEYNOTE
![Page 4: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/4.jpg)
Robert C. Ludolph
Of Counsel
Pepper Hamilton LLP+1.248.359.7368
Garry A. Pate
Director
Stout Risius Ross+1.248.432.1304
Members Only
![Page 5: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/5.jpg)
Members Only
Attack From Within
High level executive placed on leave to investigate a series of improprieties.
Executive keeps company laptop and iPhone on which he stored sensitive customer information, proprietary trade secrets and personal data on employees.
Computer returned with 40,000 documents deleted but e-mails to competitor are found.
General Counsel engages outside counsel who retains forensic investigator.
![Page 6: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/6.jpg)
Members Only
What is Your Cyber-Security Strategy?
Who Is In Charge?
Who Do You Notify?
Do You Take Any Legal Action?
What Is This Going to Cost?
And many more questions.
![Page 7: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/7.jpg)
Members Only
Real Threats?
![Page 8: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/8.jpg)
Members Only
Target Breach: Tip of the Iceberg
![Page 9: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/9.jpg)
Members Only
Who Are Your Cyber Threats?
Nuisance hacker
Social engineering
Disgruntled workers
Employee/third party theft
– Customer lists
– IP theft cases
Criminal enterprises
– Advanced persistent threats
– State-sponsored enterprises – cyber warfare
![Page 10: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/10.jpg)
Members Only
Is Your Law Firm the Worst Line of Defense?
Banks demand that law firms harden cyber attack defenses
Wall Street Journal October 26, 2014
Law Firms Are Pressed on Security for Data New York Times March 26, 2014
![Page 11: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/11.jpg)
Members Only
That’s Where the Money Is.
Law firms are a rich target,” said FBI's assistant special agent in charge of the Pittsburgh field office. “They don't have the capabilities and the resources to protect themselves. Within their systems are a lot of the sensitive information from the corporations that they represent. And, therefore, it's a vulnerability that the bad guys are trying to exploit, and are exploiting.”
Unprepared law firms vulnerable to hackers Pittsburgh Tribune Review September 13, 2014
![Page 12: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/12.jpg)
Members Only
Can Your Law Firm Keep A Secret?
FBI began warning New York law firms in 2009:
"We have hundreds of law firms that we see increasingly being targeted by hackers.“
Cybersecurity company Mandiant claims that in 2011, around 80 major U.S. law firms were hacked.
Ransomware hackers pose threat to B.C. law firms
CBC News January 12, 2015
![Page 13: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/13.jpg)
Members Only
Will You Know When the Attack Begins?
![Page 14: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/14.jpg)
Members Only
Target system compromised for 19 consecutive days.
Information of 110 Million people compromised.
11 GB of data stolen.
Target Breach
![Page 15: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/15.jpg)
Members Only
Target Breach: Consequences
– $100M effort to move to chip-based payment cards
– $5M campaign to raise awareness on cybersecurity issues
– Fourth-quarter profit slumped 46% while revenue slid 5.3%
– Reputational damage
– $61 million in hacking-related expenses
– VP Technology / CIO / CEO resign
![Page 16: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/16.jpg)
Members Only
Target Breach: Actions
– Notification to customers by email and online posts
– 1 year of free credit monitoring for all customers
– 1 year of free identity theft protection for all affected customers
– 10% discount offered to all shoppers on December 21 and 22
– Increase fraud detection on REDcards
– Launched retail industry cybersecurity and data privacy initiative
![Page 17: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/17.jpg)
Members Only
Duty to Warn:
Data Breach Law and Regulatory Requirements
State Privacy Laws
– Data breach notification legislation.
– Identity theft legislation including protection of Social
Security Numbers.
– State legislation on protection of personal information
broader than federal (CA, MA, NV).
![Page 18: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/18.jpg)
Members Only
Alphabet Soup of the Duty to Warn: Data Breach Law and Regulatory Requirements
Federal requirements on content and timeframe of data breach
notification:
Office of the Comptroller of Currency (OCC)
Federal Deposit Insurance Corporation (FDIC)
Department of Health and Human Services (HHS)
Federal Trade Commission (FTC)
US Securities and Exchange Commission (SEC)
New regulations are coming
![Page 19: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/19.jpg)
Members Only
At What Cost?
$233
![Page 20: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/20.jpg)
Members Only
Target –40 Million credit cards
Home Depot – 56 Million accounts
eBay – 145 Million customers
Anthem – 80 Million social security numbers
You Do the Math
![Page 21: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/21.jpg)
Members Only
“There are known knowns. These are things we know that we know. There are known unknowns. That is to say, there are things that we know we don't know. But there are
also unknown unknowns. There are things we don't know we don't know.”
Donald Rumsfeld
![Page 22: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/22.jpg)
Members Only
Challenges
Fraud and cyber crime now powers a multi-billion dollar economy
Defacements and Denial of Service attacks
Targeted Threats and Advanced Persistent Threats
Inconsistent information practices across the enterprise lead to pockets of vulnerability.
Lack of employee education and awareness leads to vulnerability
Unauthorized collection and use of customer information
Loss of control over personal information and marketing lists
![Page 23: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/23.jpg)
Members Only
Key Information Security Challenges
Who Are The Attackers?
![Page 24: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/24.jpg)
Members Only
Key Information Security ChallengesPerimeter Defense is Insufficient
New Technology = New Exploits
Rootkits
Morphing Malware
Zero-Days
Insider Threats
![Page 25: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/25.jpg)
Members Only
Advanced Persistent Threat
Second-largest health insurer in the United States
Accessed PII of 80 million customers
Hackers stole names, birthdays, medical IDs, social security numbers, street addresses, e-mail addresses of Anthem customer data
Hackers may have been inside the Anthem network more than a month before being detected
![Page 26: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/26.jpg)
Members Only
Advanced Persistent Threat
World famous Hollywood studio
Hackers stole over 100TB of data
Leaked online some of Sony’s unreleased films, highly sensitive and confidential information - like passwords and executives' salaries, and even threatened employees and their families
Went unnoticed for weeks until computers were paralyzed
Not the first time Sony has struggled with cybersecurity
![Page 27: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/27.jpg)
Members Only
Human Error
Apple Data Breach
![Page 28: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/28.jpg)
Members Only
Human Error
2012 Super Bowl Champion New York Giants
Bank of Montreal
![Page 29: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/29.jpg)
Members Only
Supervisory Control and Data Acquisition
(SCADA)
Large scale industrial and manufacturing plants.Maroochy Shire
![Page 30: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/30.jpg)
Members Only
Law Firm Data Breach
China-based hackers were looking to derail the $40 billion acquisition of the world’s largest potash producer
Hackers exploited the networks of seven different law firms as well as Canada’s Finance Ministry and the Treasury Board
Chinese effort to invalidate the takeover as part of the global competition for natural resources
Stolen data can be worth tens of millions of dollars and give the party who possesses it an unfair advantage in deal negotiations
![Page 31: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/31.jpg)
Members Only
Law Firm Data Breach
Los Angeles, CA law firm
Series of Trojan emails (spear-phishing ) appeared to be from members of the firm but in reality were designed to steal data from the firm’s network
Each email contained a link or attachment that would download malware
In 2011, the firm was representing a leading provider of blocking and filtering software programs in a $2.2 billion lawsuit against Chinese computer firms, software makers, and the Chinese government
Forensic analysis revealed that the Trojan emails were linked to Chinese servers.
The malware was not released. No compromise to its system.
![Page 32: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/32.jpg)
Members Only
Emerging Strategies
Shifting the focus away from building robust defensive systems
Neutralizing cybersecurity threats once attackers are inside the networks
The median length of time that attackers lurk inside a victim’s network is 229 days
Protecting high value information = high price tag
![Page 33: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/33.jpg)
Members Only
NIST Cybersecurity Framework Core
Identify– Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and
capabilities.
Protect– Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services
Detect– Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.
Respond– Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.
Recover– Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities
or services that were impaired due to a cybersecurity event.
![Page 34: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/34.jpg)
Members Only
Critical Cyber Risk Management
Take every report seriously
– Suspicious email/internet activity
– Malware/phishing programs
Be aware of employee activity
– Off-boarding process
Know your partners and third party contacts
![Page 35: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/35.jpg)
Members Only
Key Considerations for Policies and Procedures
– Privacy Policy
Clear and conspicuous
Say what you do and do what you say
– BYOD Policy
– Information Security Policy
– Business Continuity Plan
– Security Audits – check and double check!
![Page 36: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/36.jpg)
Members Only
Steps to Improving Cybersecurity Program
Step 1: Prioritize and Scope
– Identify business/mission objectives and systems and assets that support the business line.
Step 2: Orient
– Identify threats to and vulnerabilities of systems and assets, regulatory requirements, and overall risk approach.
Step 3: Create a Current Profile
– Identify which outcomes are being achieved.
![Page 37: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/37.jpg)
Members Only
Steps to Improving Cybersecurity Program
Step 4: Conduct a Risk Assessment
– Analyze the likelihood of a cybersecurity event and the impact that the event could have on the organization.
Step 5: Create a Target Profile
Step 6: Determine, Analyze, and Prioritize Gaps
– Create a prioritized action plan to address those gaps between the Current Profile and the Target Profile.
Step 7: Implement Action Plan
– Monitor its current cybersecurity practices against the Target Profile.
![Page 38: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/38.jpg)
Members Only
Practical Steps: Post Incident Activity – 3 R’s
Review
– Incident response team model
– Policies/procedure
Revise
– Tools and resources
– Training of employees
Reevaluate
– Integrity of third parties systems
– Documentation and reports
![Page 39: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/39.jpg)
Members Only
Managing Cyber BreachesReport and Post-Mortem
“Elite Eight” Recommendations– Eliminate unnecessary data; keep tabs on what’s left.
– Perform regular checks to ensure that essential controls are met.
– Collect, analyze and share incident data to create a rich information source that can drive security program effectiveness.
– Collect, analyze and share tactical threat intelligence, especially indicators of compromise (IOCs), that can greatly assist defense and detection.
– Without de-emphasizing prevention, focus on better and faster detection through a blend of people, processes, and technology.
– Regularly measure things like “number of compromised systems” and “meantime to detection”, and use these numbers to drive better practices.
– Evaluate the threat landscape to prioritize a treatment strategy. Don’t buy into a “one-size-fits-all” approach to security.
– Don’t underestimate the tenacity of your adversaries, especially espionage-driven attackers, or the power of the intelligence and tools at your disposal.
![Page 41: ACEDS-ACFCS Cybersecurity Webcast](https://reader030.vdocument.in/reader030/viewer/2022032616/55a7650a1a28ab3f058b4846/html5/thumbnails/41.jpg)
Members Only
Contact Information
Robert C. LudolphOf CounselPepper Hamilton [email protected]
Garry A. PateDirectorStout Risius Ross, Inc. +1.248.432.1304 [email protected]