SlideShare ist ein Scribd-Unternehmen logo

Corporate Cyber Attacks: Managing Risk to Avoid Reputation Harm

•Als PPTX, PDF herunterladen•
•
Ethisphere
Ethisphere

Corporate Cyber Attacks: Managing Risk to Avoid Reputation Harm

Business
1 von 45
Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │1 GOOD. SMART.BUSINESS. PROFIT. TM
Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │2 CORPORATE CYBERATTACKS: MANAGING RISK TO AVOID REPUTATIONAL HARM September 18, 2014
Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │3 Chelsie Chmela Events Manager Chelsie.Chmela@ethisphere.com We encourage you to engage during the Q&A portion of today’s webcast by using the “Submit Question” button located within your West LegalEdcenter experience or the Chat Box in ReadyTalk HOST QUESTIONS MATERIALS Included in your registration: • Event recording and deck: West LegalEdcenter provides on-demand event access for 180 days or until the end of your subscription, if sooner. Ethisphere will provide the recording and presentation deck following the live event to ReadyTalk attendees. 3
Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │4 Stuart Levi Partner Skadden, Arps, Slate Meagher & Flom LLP & Affliates Devon Kerr Senior Consultant Mandiant SPEAKING TODAY
Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │5 Beijing Boston Brussels Chicago Frankfurt Hong Kong Houston London Los Angeles Moscow Munich New York Palo Alto Paris São Paulo Shanghai Singapore Sydney Tokyo Toronto Washington, D.C. Wilmington Privacy and Cybersecurity 2014: The Current State of Affairs •Presented by •Stuart Levi
Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │6 PRIVACY V. CYBERSECURITY • Privacy policy compliance • Big data mining • Privacy regulations • Internet of things • Do not track • Location data • Global enforcement Privacy
Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │7 PRIVACY V. CYBERSECURITY • Data breaches • Non-data cyber theft • Denial of service attacks • Compliance with security policies • NIST guidelines Cybersecurity
Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │8 PRIVACY V. CYBERSECURITY Government Spying • Snowden revelations • Access to records through public companies • Government monitoring • Global implications
Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │9 PRIVACY V. CYBERSECURITY PRIVACY CYBERSECURITY Government spying Data Breaches Increased demands for privacy regulation
Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │10 THE REALITY COMPANIES FACE TODAY • Data breaches and cyberattacks are increasingly common. • More companies are considered “targets of choice.” • A large segment of the security community has adopted an “assume you’ve been breached” mentality. • Attacks are from: − Hackers looking to profit − State-sponsored organizations − Hackers looking to wreak havoc
Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │11 THE REALITY COMPANIES FACE TODAY • Attacks are not limited to personal information: − Theft of intellectual property − Theft of business information − Denial of service attacks • No industry is immune from attack. • Rapid detection has become as important as threat prevention. − Each day the threat is not detected, the level of damage and harm increases • Locating the source of the harm is becoming more difficult
Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │12 THE REALITY COMPANIES FACE TODAY • Informative statistics from the Verizon 2013 Data Breach Investigations Report: − 78% of intrusions were rated as “low difficulty” − 69% discovered by external parties − 66% took multiple months to discover − 75% are considered opportunistic attacks − 80% involved authentication based attacks • Each statistic presents a potential liability risk.
Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │13 KEY LEGAL THREATS TODAY • FTC enforcement activity − “Misleading” consumers by “promising” industry-standard or robust security − Inadequate security protection • Shareholder litigation − For any cybersecurity loss (not just data breaches) » Denial of service » Loss of intellectual property or confidential information • Data breach class actions
Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │14 THE RESPONSE CLOCK HAS ACCELERATED HISTORICAL PRACTICE COMPANIES OFTEN DELAYED NOTICE UNTIL FULL FORENSIC ANALYSIS WAS DONE » Provided time to formulate a response and manage PR, communications and legal » Companies often hopeful that forensics analysis would reveal notice was not required » Sometimes delay was required by law enforcement, but this was the exception
Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │15 THE RESPONSE CLOCK HAS ACCELERATED • Today, companies face a new and pressing reality: − Privacy advocates/activists » Learning of breaches and threatening to go public if the company does not disclose » Generally unsympathetic to pleas that the company needs more time to formulate its response − Insurance plans may require prompt notice
Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │16 DATA SECURITY CLASS ACTIONS ARE ON THE RISE • Plaintiffs’ lawyers are looking to cash in on the increase in data security breaches at retailers, banks and other institutions. • Their tool of choice: large-scale class actions based around theories of alleged damage to consumers’ privacy. • While relatively few cases have been filed so far, the number will undoubtedly grow.
Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │17 THE FTC AND PLAINTIFF LAWYERS NEED A HOOK • The company failed to install or implement adequate security protections. − Were there internal or consultant recommendations that were ignored? • The company “misled” customers about the level of its security. • The company’s procedures or policies were lacking or not followed. − Security policies − Vendor policies • C-suite and/or board was not adequately kept apprised of security procedures. • The company took too long to provide notice of a data breach or to respond to an attack
Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │18 KEY TAKEAWAY The goal of every company today should be to eliminate as many of these hooks as possible
Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │19 STEPS EVERY COMPANY SHOULD BE TAKING TODAY • Privacy audit and implementation • Risk assessment • Establish a rapid response team • Testing • Privacy by design • Evaluate insurance coverage
Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │20 PRIVACY AUDITS • Typically performed by a law firm and/or external consultant − External advisers see issues that are hidden to companies » View each issue from a “what if” lawsuit perspective − “Good fact” in the event of a litigation − External advisers have the benefit of seeing best practices at other companies − Provides regulators with comfort
Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │21 PRIVACY AUDITS • Key Steps: − Where is data coming into the company? − How is data used and what controls are in place? − How are security decisions made and implemented? − Do internal and external privacy policies align with actual practice? » Very often they do not − What is the company saying about its security practices? − What is the company disclosing in its public filings? − How are company executives and board members kept informed? − How mature is the privacy program? − What sort of training/retraining is provided? • Critical Step: Need to act on audit recommendations
Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │22 RISK ASSESSMENT • What types of personal information could be compromised? • Is there a risk of confidential information being compromised? • What is the potential for lost business? • Is there a potential for regulatory scrutiny? • Is there a potential for fines and penalties? • What is the potential for damage to reputation/loss of trust/media publicity?
Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │23 ESTABLISHING A RAPID RESPONSE TEAM • Critical in a world where you may lose control of the response timing • Key stakeholders will bring unique and important perspectives − IT, legal, security, PR/communications, HR, risk management, corporate management, government relations • Scrambling to figure out the team once an incident occurs is inefficient and dramatically increases the risk of a misstep • Create a playbook of how incidents will be handled • Understand the data breach notification requirements • Understand SEC disclosure obligations
Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │24 TESTING • Critical to test your incident response plan at least semi-annually − Consider different scenarios • Consider creating a report of areas to improve − But assess the risks of creating such a report • Assess roles and responsibilities − Did people leave? − Was there any internal restructuring? − Were new systems implemented?
Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │25 TESTING • Update process documents • Review third-party vendor contacts » PR » Forensics » Notification » Legal − Are these still the right contacts? • Any changes to law
Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │26 PRIVACY BY DESIGN • Area of focus for the FTC » Companies should maintain comprehensive data management procedures throughout the life cycle of their products and services • Now a critical area for risk mitigation • Key ideas: − Proactive not reactive − Privacy embedded into the design process − Visibility and transparency within the organization − Privacy and security as part of the corporate culture
Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │27 EVALUATE INSURANCE COVERAGE CRITICAL AREAS OF CYBER INSURANCE − Network security liability (third party) − Privacy liability (third party) − Professional liability (third party) − Notification costs − Regulatory defense − Data loss/recreation − Business Interruption
Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │28 Skadden, Arps, Slate, Meagher & Flom LLP & Affiliates
Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │29 Devon Kerr Senior Consultant
© Copyright 2010  Introductions  Overview  Building an investigation-ready environment  During an intrusion  Post-incident activities  Q&A Introduction Slide 30
© Copyright 2010 All information is derived from MANDIANT observations in non-classified environments Some information has been sanitized to protect our clients’ interests Important note 31
© Copyright 2010 DEVON KERR  Former IT operations (10+ years)  Lead investigator and forensic analyst  Develop internal training for Mandiant consultants  More than15 investigations this year 32 Introductions
© Copyright 2010  Build an investigation-ready environment: − Logging and monitoring − Fundamental security controls − Important procedures Preparing for a breach 33
© Copyright 2010  Before the breach… − Centralize logs and alerts into a unified dashboard  Consolidation reduces effort and increases efficiency  Collect logs for user logins of all kinds  Increase the amount of logs retained  Make sure you can actually get the logs out of the system − Implement application whitelisting on all critical systems  Ensures that only approved software will run  Easiest and cheapest way to slow down an attacker  Good for detecting attackers if you centralize these logs, too! Investigation readiness 34
© Copyright 2010  Before the breach…(continued) − Know where your data is  Intellectual property, financial data, competitive business data (sales, marketing, business logic)  Know the role of critical systems − Identify Internet points of presence  Egress points for user Internet access  VPN devices  Direct connections to service providers and partners  DMZs − Patch operating system and third party software  Critical vulnerabilities should be patched within 2 days Investigation readiness 35
© Copyright 2010  Before the breach…(continued) − Harden the environment  Block network traffic leaving your environment that doesn’t have a known business purpose  Strengthen systems administration by using dedicated management systems  Identify all users with admin-level privileges and revoke those rights  Domain administrators shouldn’t use privileged accounts for regular computer and network activities – only administration  Implement a second factor of authentication, like a token, for remote access (VPN) Investigation readiness 36
© Copyright 2010  Facilitating the investigation − Respond to requests quickly  Identifying the function of a system  Identifying all systems which may contain a specific type of data (PII, finacial records, etc)  Be able to search logs on-demand  Ex: search all log sources for an IP address  Be able to share logs with investigators  Ex: provide a copy of all VPN logs During an incident 37
© Copyright 2010  Remediating − Work with investigators to develop a remediation plan that includes short-term tactical and longer-term strategic objectives  Block malicious IP addresses  Sinkhole malicious domain names  Take infected systems offline and rebuild  Perform an enterprise password reset  … During an incident 38
© Copyright 2010  When the smoke clears − Determine notification requirements based on incident type, jurisdiction, and industry − Develop a coordinated message for the public  Understand that the public may include clients, regulatory bodies, and shareholders − Conduct a lessons learned exercise − Develop metrics  Time from incident to detection, detection to investigation, detection to remediation, etc  Review metrics after each incident Post-incident activities 39
Š Copyright 2010 Q&A 40
Š Copyright 2010 Devon Kerr Senior Consultant
Š Copyright 2010 Q&A
© Copyright 2010 This webcast and all future Ethisphere webcasts are available complimentary and on demand for BELA members. BELA members are also offered complimentary registration to Ethisphere’s Global Ethics Summit and other Summits around the world. For more information on BELA contact: Laara van Loben Sels Senior Director, Engagement Services laara.vanlobensels@ethisphere.com 480.397.2663 Business Ethics Leadership Alliance (BELA)
Š Copyright 2010 October 30, 2014 Cyber-Security, IP Theft and Data Breaches: Practical Steps to Protect Corporate Assets Internally and with Third Parties All upcoming Ethisphere events can be found at: http://ethisphere.com/events/ PLEASE JOIN US FOR
Š Copyright 2010 THANK YOU

Empfohlen

Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Joe Bartolo
 
Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise Mourad Khalil
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessLucy Denver
 
Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Dan Michaluk
 
ACCA Smart Finance Series - Trust in the Digital Age Presented by PwC
ACCA Smart Finance Series - Trust in the Digital Age Presented by PwCACCA Smart Finance Series - Trust in the Digital Age Presented by PwC
ACCA Smart Finance Series - Trust in the Digital Age Presented by PwCACCASG Community Manager
 
Security on a budget
Security on a budget Security on a budget
Security on a budget nCircle - a Tripwire Company
 
Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Dan Michaluk
 
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)Shawn Tuma
 

Empfohlen

Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Joe Bartolo
 
Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise Mourad Khalil
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessLucy Denver
 
Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Dan Michaluk
 
ACCA Smart Finance Series - Trust in the Digital Age Presented by PwC
ACCA Smart Finance Series - Trust in the Digital Age Presented by PwCACCA Smart Finance Series - Trust in the Digital Age Presented by PwC
ACCA Smart Finance Series - Trust in the Digital Age Presented by PwCACCASG Community Manager
 
Security on a budget
Security on a budget Security on a budget
Security on a budget nCircle - a Tripwire Company
 
Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Dan Michaluk
 
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)Shawn Tuma
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsResilient Systems
 
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...Citrin Cooperman
 
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your MindBrian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mindcentralohioissa
 
MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...
MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...
MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...Citrin Cooperman
 
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)Shawn Tuma
 
Cyber Security Planning: Preparing for a Data Breach
Cyber Security Planning: Preparing for a Data BreachCyber Security Planning: Preparing for a Data Breach
Cyber Security Planning: Preparing for a Data BreachFletcher Media
 
Cas cyber prez
Cas cyber prezCas cyber prez
Cas cyber prezDan Michaluk
 
Data protection: Steps Organisations can take to ensure compliance
Data protection: Steps Organisations can take to ensure complianceData protection: Steps Organisations can take to ensure compliance
Data protection: Steps Organisations can take to ensure complianceEquiGov Institute
 
30 Minute Release11i Security
30 Minute Release11i Security30 Minute Release11i Security
30 Minute Release11i SecuritySecureDBA
 
How to manage a data breach
How to manage a data breachHow to manage a data breach
How to manage a data breachDan Michaluk
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...centralohioissa
 
Learning from Verizon 2017 Data Breach Investigations Report – The New Targets
Learning from Verizon 2017 Data Breach Investigations Report – The New TargetsLearning from Verizon 2017 Data Breach Investigations Report – The New Targets
Learning from Verizon 2017 Data Breach Investigations Report – The New TargetsUlf Mattsson
 
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...Shawn Tuma
 
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasGet the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasShawn Tuma
 
HEMISPHERE SMB Case Study
HEMISPHERE SMB Case StudyHEMISPHERE SMB Case Study
HEMISPHERE SMB Case StudyCarter Schoenberg
 
Big 4 W's of Big Threat Hunting
Big 4 W's of Big Threat HuntingBig 4 W's of Big Threat Hunting
Big 4 W's of Big Threat HuntingEguardian Global Services
 
CIS13: FCCX and IDESG: An Industry Perspectives
CIS13: FCCX and IDESG: An Industry PerspectivesCIS13: FCCX and IDESG: An Industry Perspectives
CIS13: FCCX and IDESG: An Industry PerspectivesCloudIDSummit
 
Recovering from a Cyber Attack
Recovering from a Cyber AttackRecovering from a Cyber Attack
Recovering from a Cyber AttackShawn Tuma
 
Data Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachData Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachFinancial Poise
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants- Mark - Fullbright
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...Shawn Tuma
 

Weitere ähnliche Inhalte

Was ist angesagt?

Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsResilient Systems
 
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...Citrin Cooperman
 
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your MindBrian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mindcentralohioissa
 
MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...
MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...
MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...Citrin Cooperman
 
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)Shawn Tuma
 
Cyber Security Planning: Preparing for a Data Breach
Cyber Security Planning: Preparing for a Data BreachCyber Security Planning: Preparing for a Data Breach
Cyber Security Planning: Preparing for a Data BreachFletcher Media
 
Cas cyber prez
Cas cyber prezCas cyber prez
Cas cyber prezDan Michaluk
 
Data protection: Steps Organisations can take to ensure compliance
Data protection: Steps Organisations can take to ensure complianceData protection: Steps Organisations can take to ensure compliance
Data protection: Steps Organisations can take to ensure complianceEquiGov Institute
 
30 Minute Release11i Security
30 Minute Release11i Security30 Minute Release11i Security
30 Minute Release11i SecuritySecureDBA
 
How to manage a data breach
How to manage a data breachHow to manage a data breach
How to manage a data breachDan Michaluk
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...centralohioissa
 
Learning from Verizon 2017 Data Breach Investigations Report – The New Targets
Learning from Verizon 2017 Data Breach Investigations Report – The New TargetsLearning from Verizon 2017 Data Breach Investigations Report – The New Targets
Learning from Verizon 2017 Data Breach Investigations Report – The New TargetsUlf Mattsson
 
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...Shawn Tuma
 
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasGet the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasShawn Tuma
 
HEMISPHERE SMB Case Study
HEMISPHERE SMB Case StudyHEMISPHERE SMB Case Study
HEMISPHERE SMB Case StudyCarter Schoenberg
 
CIS13: FCCX and IDESG: An Industry Perspectives
CIS13: FCCX and IDESG: An Industry PerspectivesCIS13: FCCX and IDESG: An Industry Perspectives
CIS13: FCCX and IDESG: An Industry PerspectivesCloudIDSummit
 
Recovering from a Cyber Attack
Recovering from a Cyber AttackRecovering from a Cyber Attack
Recovering from a Cyber AttackShawn Tuma
 
Data Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachData Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachFinancial Poise
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants- Mark - Fullbright
 

Was ist angesagt? (20)

Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data Incidents
 
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
 
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your MindBrian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
 
MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...
MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...
MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...
 
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
 
Cyber Security Planning: Preparing for a Data Breach
Cyber Security Planning: Preparing for a Data BreachCyber Security Planning: Preparing for a Data Breach
Cyber Security Planning: Preparing for a Data Breach
 
Cas cyber prez
Cas cyber prezCas cyber prez
Cas cyber prez
 
Data protection: Steps Organisations can take to ensure compliance
Data protection: Steps Organisations can take to ensure complianceData protection: Steps Organisations can take to ensure compliance
Data protection: Steps Organisations can take to ensure compliance
 
30 Minute Release11i Security
30 Minute Release11i Security30 Minute Release11i Security
30 Minute Release11i Security
 
How to manage a data breach
How to manage a data breachHow to manage a data breach
How to manage a data breach
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
 
Learning from Verizon 2017 Data Breach Investigations Report – The New Targets
Learning from Verizon 2017 Data Breach Investigations Report – The New TargetsLearning from Verizon 2017 Data Breach Investigations Report – The New Targets
Learning from Verizon 2017 Data Breach Investigations Report – The New Targets
 
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
 
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasGet the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
 
HEMISPHERE SMB Case Study
HEMISPHERE SMB Case StudyHEMISPHERE SMB Case Study
HEMISPHERE SMB Case Study
 
Big 4 W's of Big Threat Hunting
Big 4 W's of Big Threat HuntingBig 4 W's of Big Threat Hunting
Big 4 W's of Big Threat Hunting
 
CIS13: FCCX and IDESG: An Industry Perspectives
CIS13: FCCX and IDESG: An Industry PerspectivesCIS13: FCCX and IDESG: An Industry Perspectives
CIS13: FCCX and IDESG: An Industry Perspectives
 
Recovering from a Cyber Attack
Recovering from a Cyber AttackRecovering from a Cyber Attack
Recovering from a Cyber Attack
 
Data Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachData Breach Response: Before and After the Breach
Data Breach Response: Before and After the Breach
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants
 

Ähnlich wie Corporate Cyber Attacks: Managing Risk to Avoid Reputation Harm

2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...Shawn Tuma
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for CybersecurityShawn Tuma
 
Cyber risk trends in 2015
Cyber risk trends in 2015Cyber risk trends in 2015
Cyber risk trends in 2015Wynyard Group
 
David doughty presentation 181119
David doughty presentation 181119David doughty presentation 181119
David doughty presentation 181119David Doughty
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest riskEvan Francen
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to knowNathan Desfontaines
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Shawn Tuma
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionShawn Tuma
 
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security ProsPrivacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security ProsNicholas Van Exan
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response PlanNext Dimension Inc.
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Shawn Tuma
 
Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksThis account is closed
 
20230426 AIIM23 How to Leverage Privacy Practices to Build Customer Trust.pptx
20230426 AIIM23 How to Leverage Privacy Practices to Build Customer Trust.pptx20230426 AIIM23 How to Leverage Privacy Practices to Build Customer Trust.pptx
20230426 AIIM23 How to Leverage Privacy Practices to Build Customer Trust.pptxJesse Wilkins
 
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...James Fisher
 
Torbay Business Forum with the South West Cyber Security Cluster
Torbay Business Forum with the South West Cyber Security ClusterTorbay Business Forum with the South West Cyber Security Cluster
Torbay Business Forum with the South West Cyber Security ClusterPeter Jones
 
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursHow to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursSurfWatch Labs
 
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourEXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourYasser Mohammed
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryWilliam McBorrough
 

Ähnlich wie Corporate Cyber Attacks: Managing Risk to Avoid Reputation Harm (20)

2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
 
Cyber risk trends in 2015
Cyber risk trends in 2015Cyber risk trends in 2015
Cyber risk trends in 2015
 
David doughty presentation 181119
David doughty presentation 181119David doughty presentation 181119
David doughty presentation 181119
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to know
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data Encryption
 
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security ProsPrivacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response Plan
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
 
Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber Risks
 
20230426 AIIM23 How to Leverage Privacy Practices to Build Customer Trust.pptx
20230426 AIIM23 How to Leverage Privacy Practices to Build Customer Trust.pptx20230426 AIIM23 How to Leverage Privacy Practices to Build Customer Trust.pptx
20230426 AIIM23 How to Leverage Privacy Practices to Build Customer Trust.pptx
 
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
 
Torbay Business Forum with the South West Cyber Security Cluster
Torbay Business Forum with the South West Cyber Security ClusterTorbay Business Forum with the South West Cyber Security Cluster
Torbay Business Forum with the South West Cyber Security Cluster
 
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursHow to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
 
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourEXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial Industry
 

Mehr von Ethisphere

Compliance Strategy and Performance
Compliance Strategy and PerformanceCompliance Strategy and Performance
Compliance Strategy and PerformanceEthisphere
 
Safe Harbor Webinar
Safe Harbor WebinarSafe Harbor Webinar
Safe Harbor WebinarEthisphere
 
Corruption In China: Recovery-Led Investigations
Corruption In China: Recovery-Led InvestigationsCorruption In China: Recovery-Led Investigations
Corruption In China: Recovery-Led InvestigationsEthisphere
 
Key Steps to Creating a Strong Compliance Culture Through Effective Leadership
Key Steps to Creating a Strong Compliance Culture Through Effective LeadershipKey Steps to Creating a Strong Compliance Culture Through Effective Leadership
Key Steps to Creating a Strong Compliance Culture Through Effective LeadershipEthisphere
 
Building on the Foundation of Ethics and Compliance to Achieve Sustainability
Building on the Foundation of Ethics and Compliance to Achieve SustainabilityBuilding on the Foundation of Ethics and Compliance to Achieve Sustainability
Building on the Foundation of Ethics and Compliance to Achieve SustainabilityEthisphere
 
Special Challenges of Doing Business in Russia
Special Challenges of Doing Business in RussiaSpecial Challenges of Doing Business in Russia
Special Challenges of Doing Business in RussiaEthisphere
 
Russian Sanctions: What the U.S. and OFAC Directives Mean for Global Companies
Russian Sanctions: What the U.S. and OFAC Directives Mean for Global CompaniesRussian Sanctions: What the U.S. and OFAC Directives Mean for Global Companies
Russian Sanctions: What the U.S. and OFAC Directives Mean for Global CompaniesEthisphere
 
Risk Containment: Tailoring Contract Provisions with Third Parties to Minimiz...
Risk Containment: Tailoring Contract Provisions with Third Parties to Minimiz...Risk Containment: Tailoring Contract Provisions with Third Parties to Minimiz...
Risk Containment: Tailoring Contract Provisions with Third Parties to Minimiz...Ethisphere
 
Reputation Risk: Why Companies Need to Care
Reputation Risk: Why Companies Need to CareReputation Risk: Why Companies Need to Care
Reputation Risk: Why Companies Need to CareEthisphere
 
Doing Business in Mexico: Compliance Implications of the Pact for Mexico
Doing Business in Mexico: Compliance Implications of the Pact for MexicoDoing Business in Mexico: Compliance Implications of the Pact for Mexico
Doing Business in Mexico: Compliance Implications of the Pact for MexicoEthisphere
 
Optimizing Compliance Programs in Organizations: A Top Down Approach
Optimizing Compliance Programs in Organizations: A Top Down ApproachOptimizing Compliance Programs in Organizations: A Top Down Approach
Optimizing Compliance Programs in Organizations: A Top Down ApproachEthisphere
 
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...Ethisphere
 
Anti-Corruption Update: Naughty or Nice? When Giving Gifts Will Get You a Lum...
Anti-Corruption Update: Naughty or Nice? When Giving Gifts Will Get You a Lum...Anti-Corruption Update: Naughty or Nice? When Giving Gifts Will Get You a Lum...
Anti-Corruption Update: Naughty or Nice? When Giving Gifts Will Get You a Lum...Ethisphere
 
Whistleblower Best Practices: What Do Compliance and Business Leaders Need to...
Whistleblower Best Practices: What Do Compliance and Business Leaders Need to...Whistleblower Best Practices: What Do Compliance and Business Leaders Need to...
Whistleblower Best Practices: What Do Compliance and Business Leaders Need to...Ethisphere
 
Best Practices in Anti-Corruption Diligence on M&A Targets, Joint Venture Par...
Best Practices in Anti-Corruption Diligence on M&A Targets, Joint Venture Par...Best Practices in Anti-Corruption Diligence on M&A Targets, Joint Venture Par...
Best Practices in Anti-Corruption Diligence on M&A Targets, Joint Venture Par...Ethisphere
 
Essential Elements of Global Compliance Programs
Essential Elements of Global Compliance ProgramsEssential Elements of Global Compliance Programs
Essential Elements of Global Compliance ProgramsEthisphere
 
Cybersecurity: Managing Risk Around New Data Threats
Cybersecurity: Managing Risk Around New Data ThreatsCybersecurity: Managing Risk Around New Data Threats
Cybersecurity: Managing Risk Around New Data ThreatsEthisphere
 
Anti-Corruption and Third Parties: Mitigating the Risks
Anti-Corruption and Third Parties: Mitigating the RisksAnti-Corruption and Third Parties: Mitigating the Risks
Anti-Corruption and Third Parties: Mitigating the RisksEthisphere
 
Conflict Minerals: The First Year and What's to Come
Conflict Minerals: The First Year and What's to ComeConflict Minerals: The First Year and What's to Come
Conflict Minerals: The First Year and What's to ComeEthisphere
 
Conflict Minerals Update: Making Sense of the Appellate Court Decision and SE...
Conflict Minerals Update: Making Sense of the Appellate Court Decision and SE...Conflict Minerals Update: Making Sense of the Appellate Court Decision and SE...
Conflict Minerals Update: Making Sense of the Appellate Court Decision and SE...Ethisphere
 

Mehr von Ethisphere (20)

Compliance Strategy and Performance
Compliance Strategy and PerformanceCompliance Strategy and Performance
Compliance Strategy and Performance
 
Safe Harbor Webinar
Safe Harbor WebinarSafe Harbor Webinar
Safe Harbor Webinar
 
Corruption In China: Recovery-Led Investigations
Corruption In China: Recovery-Led InvestigationsCorruption In China: Recovery-Led Investigations
Corruption In China: Recovery-Led Investigations
 
Key Steps to Creating a Strong Compliance Culture Through Effective Leadership
Key Steps to Creating a Strong Compliance Culture Through Effective LeadershipKey Steps to Creating a Strong Compliance Culture Through Effective Leadership
Key Steps to Creating a Strong Compliance Culture Through Effective Leadership
 
Building on the Foundation of Ethics and Compliance to Achieve Sustainability
Building on the Foundation of Ethics and Compliance to Achieve SustainabilityBuilding on the Foundation of Ethics and Compliance to Achieve Sustainability
Building on the Foundation of Ethics and Compliance to Achieve Sustainability
 
Special Challenges of Doing Business in Russia
Special Challenges of Doing Business in RussiaSpecial Challenges of Doing Business in Russia
Special Challenges of Doing Business in Russia
 
Russian Sanctions: What the U.S. and OFAC Directives Mean for Global Companies
Russian Sanctions: What the U.S. and OFAC Directives Mean for Global CompaniesRussian Sanctions: What the U.S. and OFAC Directives Mean for Global Companies
Russian Sanctions: What the U.S. and OFAC Directives Mean for Global Companies
 
Risk Containment: Tailoring Contract Provisions with Third Parties to Minimiz...
Risk Containment: Tailoring Contract Provisions with Third Parties to Minimiz...Risk Containment: Tailoring Contract Provisions with Third Parties to Minimiz...
Risk Containment: Tailoring Contract Provisions with Third Parties to Minimiz...
 
Reputation Risk: Why Companies Need to Care
Reputation Risk: Why Companies Need to CareReputation Risk: Why Companies Need to Care
Reputation Risk: Why Companies Need to Care
 
Doing Business in Mexico: Compliance Implications of the Pact for Mexico
Doing Business in Mexico: Compliance Implications of the Pact for MexicoDoing Business in Mexico: Compliance Implications of the Pact for Mexico
Doing Business in Mexico: Compliance Implications of the Pact for Mexico
 
Optimizing Compliance Programs in Organizations: A Top Down Approach
Optimizing Compliance Programs in Organizations: A Top Down ApproachOptimizing Compliance Programs in Organizations: A Top Down Approach
Optimizing Compliance Programs in Organizations: A Top Down Approach
 
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...
 
Anti-Corruption Update: Naughty or Nice? When Giving Gifts Will Get You a Lum...
Anti-Corruption Update: Naughty or Nice? When Giving Gifts Will Get You a Lum...Anti-Corruption Update: Naughty or Nice? When Giving Gifts Will Get You a Lum...
Anti-Corruption Update: Naughty or Nice? When Giving Gifts Will Get You a Lum...
 
Whistleblower Best Practices: What Do Compliance and Business Leaders Need to...
Whistleblower Best Practices: What Do Compliance and Business Leaders Need to...Whistleblower Best Practices: What Do Compliance and Business Leaders Need to...
Whistleblower Best Practices: What Do Compliance and Business Leaders Need to...
 
Best Practices in Anti-Corruption Diligence on M&A Targets, Joint Venture Par...
Best Practices in Anti-Corruption Diligence on M&A Targets, Joint Venture Par...Best Practices in Anti-Corruption Diligence on M&A Targets, Joint Venture Par...
Best Practices in Anti-Corruption Diligence on M&A Targets, Joint Venture Par...
 
Essential Elements of Global Compliance Programs
Essential Elements of Global Compliance ProgramsEssential Elements of Global Compliance Programs
Essential Elements of Global Compliance Programs
 
Cybersecurity: Managing Risk Around New Data Threats
Cybersecurity: Managing Risk Around New Data ThreatsCybersecurity: Managing Risk Around New Data Threats
Cybersecurity: Managing Risk Around New Data Threats
 
Anti-Corruption and Third Parties: Mitigating the Risks
Anti-Corruption and Third Parties: Mitigating the RisksAnti-Corruption and Third Parties: Mitigating the Risks
Anti-Corruption and Third Parties: Mitigating the Risks
 
Conflict Minerals: The First Year and What's to Come
Conflict Minerals: The First Year and What's to ComeConflict Minerals: The First Year and What's to Come
Conflict Minerals: The First Year and What's to Come
 
Conflict Minerals Update: Making Sense of the Appellate Court Decision and SE...
Conflict Minerals Update: Making Sense of the Appellate Court Decision and SE...Conflict Minerals Update: Making Sense of the Appellate Court Decision and SE...
Conflict Minerals Update: Making Sense of the Appellate Court Decision and SE...
 

KĂźrzlich hochgeladen

Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfAmzadHosen3
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756dollysharma2066
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...amitlee9823
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...Any kyc Account
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Dave Litwiller
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxpriyanshujha201
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataExhibitors Data
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxWorkforce Group
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 

KĂźrzlich hochgeladen (20)

Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdf
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 

Corporate Cyber Attacks: Managing Risk to Avoid Reputation Harm

  • 1. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │1 GOOD. SMART.BUSINESS. PROFIT. TM
  • 2. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │2 CORPORATE CYBERATTACKS: MANAGING RISK TO AVOID REPUTATIONAL HARM September 18, 2014
  • 3. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │3 Chelsie Chmela Events Manager Chelsie.Chmela@ethisphere.com We encourage you to engage during the Q&A portion of today’s webcast by using the “Submit Question” button located within your West LegalEdcenter experience or the Chat Box in ReadyTalk HOST QUESTIONS MATERIALS Included in your registration: • Event recording and deck: West LegalEdcenter provides on-demand event access for 180 days or until the end of your subscription, if sooner. Ethisphere will provide the recording and presentation deck following the live event to ReadyTalk attendees. 3
  • 4. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │4 Stuart Levi Partner Skadden, Arps, Slate Meagher & Flom LLP & Affliates Devon Kerr Senior Consultant Mandiant SPEAKING TODAY
  • 5. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │5 Beijing Boston Brussels Chicago Frankfurt Hong Kong Houston London Los Angeles Moscow Munich New York Palo Alto Paris SĂŁo Paulo Shanghai Singapore Sydney Tokyo Toronto Washington, D.C. Wilmington Privacy and Cybersecurity 2014: The Current State of Affairs •Presented by •Stuart Levi
  • 6. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │6 PRIVACY V. CYBERSECURITY • Privacy policy compliance • Big data mining • Privacy regulations • Internet of things • Do not track • Location data • Global enforcement Privacy
  • 7. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │7 PRIVACY V. CYBERSECURITY • Data breaches • Non-data cyber theft • Denial of service attacks • Compliance with security policies • NIST guidelines Cybersecurity
  • 8. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │8 PRIVACY V. CYBERSECURITY Government Spying • Snowden revelations • Access to records through public companies • Government monitoring • Global implications
  • 9. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │9 PRIVACY V. CYBERSECURITY PRIVACY CYBERSECURITY Government spying Data Breaches Increased demands for privacy regulation
  • 10. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │10 THE REALITY COMPANIES FACE TODAY • Data breaches and cyberattacks are increasingly common. • More companies are considered “targets of choice.” • A large segment of the security community has adopted an “assume you’ve been breached” mentality. • Attacks are from: − Hackers looking to profit − State-sponsored organizations − Hackers looking to wreak havoc
  • 11. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │11 THE REALITY COMPANIES FACE TODAY • Attacks are not limited to personal information: − Theft of intellectual property − Theft of business information − Denial of service attacks • No industry is immune from attack. • Rapid detection has become as important as threat prevention. − Each day the threat is not detected, the level of damage and harm increases • Locating the source of the harm is becoming more difficult
  • 12. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │12 THE REALITY COMPANIES FACE TODAY • Informative statistics from the Verizon 2013 Data Breach Investigations Report: − 78% of intrusions were rated as “low difficulty” − 69% discovered by external parties − 66% took multiple months to discover − 75% are considered opportunistic attacks − 80% involved authentication based attacks • Each statistic presents a potential liability risk.
  • 13. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │13 KEY LEGAL THREATS TODAY • FTC enforcement activity − “Misleading” consumers by “promising” industry-standard or robust security − Inadequate security protection • Shareholder litigation − For any cybersecurity loss (not just data breaches) Âť Denial of service Âť Loss of intellectual property or confidential information • Data breach class actions
  • 14. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │14 THE RESPONSE CLOCK HAS ACCELERATED HISTORICAL PRACTICE COMPANIES OFTEN DELAYED NOTICE UNTIL FULL FORENSIC ANALYSIS WAS DONE Âť Provided time to formulate a response and manage PR, communications and legal Âť Companies often hopeful that forensics analysis would reveal notice was not required Âť Sometimes delay was required by law enforcement, but this was the exception
  • 15. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │15 THE RESPONSE CLOCK HAS ACCELERATED • Today, companies face a new and pressing reality: − Privacy advocates/activists Âť Learning of breaches and threatening to go public if the company does not disclose Âť Generally unsympathetic to pleas that the company needs more time to formulate its response − Insurance plans may require prompt notice
  • 16. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │16 DATA SECURITY CLASS ACTIONS ARE ON THE RISE • Plaintiffs’ lawyers are looking to cash in on the increase in data security breaches at retailers, banks and other institutions. • Their tool of choice: large-scale class actions based around theories of alleged damage to consumers’ privacy. • While relatively few cases have been filed so far, the number will undoubtedly grow.
  • 17. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │17 THE FTC AND PLAINTIFF LAWYERS NEED A HOOK • The company failed to install or implement adequate security protections. − Were there internal or consultant recommendations that were ignored? • The company “misled” customers about the level of its security. • The company’s procedures or policies were lacking or not followed. − Security policies − Vendor policies • C-suite and/or board was not adequately kept apprised of security procedures. • The company took too long to provide notice of a data breach or to respond to an attack
  • 18. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │18 KEY TAKEAWAY The goal of every company today should be to eliminate as many of these hooks as possible
  • 19. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │19 STEPS EVERY COMPANY SHOULD BE TAKING TODAY • Privacy audit and implementation • Risk assessment • Establish a rapid response team • Testing • Privacy by design • Evaluate insurance coverage
  • 20. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │20 PRIVACY AUDITS • Typically performed by a law firm and/or external consultant − External advisers see issues that are hidden to companies Âť View each issue from a “what if” lawsuit perspective − “Good fact” in the event of a litigation − External advisers have the benefit of seeing best practices at other companies − Provides regulators with comfort
  • 21. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │21 PRIVACY AUDITS • Key Steps: − Where is data coming into the company? − How is data used and what controls are in place? − How are security decisions made and implemented? − Do internal and external privacy policies align with actual practice? Âť Very often they do not − What is the company saying about its security practices? − What is the company disclosing in its public filings? − How are company executives and board members kept informed? − How mature is the privacy program? − What sort of training/retraining is provided? • Critical Step: Need to act on audit recommendations
  • 22. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │22 RISK ASSESSMENT • What types of personal information could be compromised? • Is there a risk of confidential information being compromised? • What is the potential for lost business? • Is there a potential for regulatory scrutiny? • Is there a potential for fines and penalties? • What is the potential for damage to reputation/loss of trust/media publicity?
  • 23. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │23 ESTABLISHING A RAPID RESPONSE TEAM • Critical in a world where you may lose control of the response timing • Key stakeholders will bring unique and important perspectives − IT, legal, security, PR/communications, HR, risk management, corporate management, government relations • Scrambling to figure out the team once an incident occurs is inefficient and dramatically increases the risk of a misstep • Create a playbook of how incidents will be handled • Understand the data breach notification requirements • Understand SEC disclosure obligations
  • 24. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │24 TESTING • Critical to test your incident response plan at least semi-annually − Consider different scenarios • Consider creating a report of areas to improve − But assess the risks of creating such a report • Assess roles and responsibilities − Did people leave? − Was there any internal restructuring? − Were new systems implemented?
  • 25. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │25 TESTING • Update process documents • Review third-party vendor contacts Âť PR Âť Forensics Âť Notification Âť Legal − Are these still the right contacts? • Any changes to law
  • 26. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │26 PRIVACY BY DESIGN • Area of focus for the FTC Âť Companies should maintain comprehensive data management procedures throughout the life cycle of their products and services • Now a critical area for risk mitigation • Key ideas: − Proactive not reactive − Privacy embedded into the design process − Visibility and transparency within the organization − Privacy and security as part of the corporate culture
  • 27. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │27 EVALUATE INSURANCE COVERAGE CRITICAL AREAS OF CYBER INSURANCE − Network security liability (third party) − Privacy liability (third party) − Professional liability (third party) − Notification costs − Regulatory defense − Data loss/recreation − Business Interruption
  • 28. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │28 Skadden, Arps, Slate, Meagher & Flom LLP & Affiliates
  • 29. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │29 Devon Kerr Senior Consultant
  • 30. Š Copyright 2010  Introductions  Overview  Building an investigation-ready environment  During an intrusion  Post-incident activities  Q&A Introduction Slide 30
  • 31. Š Copyright 2010 All information is derived from MANDIANT observations in non-classified environments Some information has been sanitized to protect our clients’ interests Important note 31
  • 32. Š Copyright 2010 DEVON KERR  Former IT operations (10+ years)  Lead investigator and forensic analyst  Develop internal training for Mandiant consultants  More than15 investigations this year 32 Introductions
  • 33. Š Copyright 2010  Build an investigation-ready environment: − Logging and monitoring − Fundamental security controls − Important procedures Preparing for a breach 33
  • 34. Š Copyright 2010  Before the breach… − Centralize logs and alerts into a unified dashboard  Consolidation reduces effort and increases efficiency  Collect logs for user logins of all kinds  Increase the amount of logs retained  Make sure you can actually get the logs out of the system − Implement application whitelisting on all critical systems  Ensures that only approved software will run  Easiest and cheapest way to slow down an attacker  Good for detecting attackers if you centralize these logs, too! Investigation readiness 34
  • 35. Š Copyright 2010  Before the breach…(continued) − Know where your data is  Intellectual property, financial data, competitive business data (sales, marketing, business logic)  Know the role of critical systems − Identify Internet points of presence  Egress points for user Internet access  VPN devices  Direct connections to service providers and partners  DMZs − Patch operating system and third party software  Critical vulnerabilities should be patched within 2 days Investigation readiness 35
  • 36. Š Copyright 2010  Before the breach…(continued) − Harden the environment  Block network traffic leaving your environment that doesn’t have a known business purpose  Strengthen systems administration by using dedicated management systems  Identify all users with admin-level privileges and revoke those rights  Domain administrators shouldn’t use privileged accounts for regular computer and network activities – only administration  Implement a second factor of authentication, like a token, for remote access (VPN) Investigation readiness 36
  • 37. Š Copyright 2010  Facilitating the investigation − Respond to requests quickly  Identifying the function of a system  Identifying all systems which may contain a specific type of data (PII, finacial records, etc)  Be able to search logs on-demand  Ex: search all log sources for an IP address  Be able to share logs with investigators  Ex: provide a copy of all VPN logs During an incident 37
  • 38. Š Copyright 2010  Remediating − Work with investigators to develop a remediation plan that includes short-term tactical and longer-term strategic objectives  Block malicious IP addresses  Sinkhole malicious domain names  Take infected systems offline and rebuild  Perform an enterprise password reset  … During an incident 38
  • 39. Š Copyright 2010  When the smoke clears − Determine notification requirements based on incident type, jurisdiction, and industry − Develop a coordinated message for the public  Understand that the public may include clients, regulatory bodies, and shareholders − Conduct a lessons learned exercise − Develop metrics  Time from incident to detection, detection to investigation, detection to remediation, etc  Review metrics after each incident Post-incident activities 39
  • 41. Š Copyright 2010 Devon Kerr Senior Consultant
  • 43. Š Copyright 2010 This webcast and all future Ethisphere webcasts are available complimentary and on demand for BELA members. BELA members are also offered complimentary registration to Ethisphere’s Global Ethics Summit and other Summits around the world. For more information on BELA contact: Laara van Loben Sels Senior Director, Engagement Services laara.vanlobensels@ethisphere.com 480.397.2663 Business Ethics Leadership Alliance (BELA)
  • 44. Š Copyright 2010 October 30, 2014 Cyber-Security, IP Theft and Data Breaches: Practical Steps to Protect Corporate Assets Internally and with Third Parties All upcoming Ethisphere events can be found at: http://ethisphere.com/events/ PLEASE JOIN US FOR

Hinweis der Redaktion

  1. If you work in a classified environment, you may recognize some of the information we present today. MANDIANT observed everything we’ll talk about in non-classified environments, and we’ve changed some of it to protect our clients.