Cyber Security: Tackling The Threat From Within in 2015 and Beyond
Traditionally, most cyber security threats are viewed as being external. However, misguided, unscrupulous, or disgruntled employees, contractors, partners, co-operators, and past employees can pose a significant threat of cyber security breach within an organization because they are allowed access within the system. The threat of fraud posed by employees and other authorized users affect the public and commercial sectors, and places personal information, data, and intellectual property at risk. Much of the risk today is from younger people and often relates to procurement fraud.
IT security should also be asking: how do you tell the difference between an employee and an outsider who has taken over an employee’s credentials? File accesses by outsiders pretending to be insiders — directory searches, files and emails read, and files copied — can be difficult to spot without automated analysis, and even harder to spot if you’re not monitoring user/data activity at all.
A great deal of activity on company networks is unmonitored, there is a huge amount of data that grows larger and larger, and many fraudsters are intelligent. In addition, internal breaches often are subtle and complex. They can be harder to detect because they may occur over a long period of time and be confounded by the complexity of computer networks; especially of financial institutions. Many organizations are vulnerable to the increasing threats to intellectual property and data because they tend to be unaware of the risk for months or even years.
One answer is to look at behavioral patterns — detailed file and email access patterns of each user. User Behavior Analytics (UBA) emphasizes security on the inside – identifying what a user is doing compared to his/her normal activity.
Dealing effectively with insider threats requires sufficient review of prospective employees and co-operators, education, monitoring of networks, sound security policies and procedures, strong enforcement, analytics, and good cyber security governance policies. With such procedures and systems in place, prevention, detection, and recovery from cyber security incidents is easier.
In a two hour, LIVE webcast, a panel of distinguished professionals and leaders assembled by The Knowledge Group will discuss the nuances of Cyber Security when tackling the threat from within in 2015 and beyond. The panel of speakers will provide insight into methods for prevention, detection, and mitigation of the consequences of internal cyber security breaches.
In a two-hour LIVE Webcast, the speakers will discuss:
- Cyber Security and Insider Threats – An Overview
- Commercial and Public Sectors Vulnerability
- Insider Threat Profiling & Other Security Strategies
- Protecting Network Systems
- Protecting Data & Intellectual Property
- Effective Cyber Security Governance Policies and Procedures
- Sanctions and Liabilities
- Regulatory Updates
- Compliance and Litigation Risks
Rob Sobers, Director of Inbound Marketing
- 3 different types of insider threats
- An example of a high profile insider breach
- Fear and irrational biases about risk
- The new normal: no more secure perimeter
- Inside-out security approach
Seth C. Harrington, Partner
Ropes & Gray LLP
- Essentially every company is at risk of a data breach and, in the event of a data breach (particularly one involving sensitive or personal information), litigation and regulatory action are a near certainty.
- I will provide an overview of the various claimants and legal theories advanced in such litigation/actions, as well as likely defenses to such claims, including a focus on specific examples involving inside actors or insider access compromised by external sources.
- Finally, I will conclude by summarizing key practices for preparing for and responding to a data breach. First, I will discuss the importance of having an incident response plan and the key features for developing (and testing) such a plan prior to a data breach with references to particular examples. Second, I will discuss risk mitigation, particularly regarding insurance and how different insurance policies (including specialty cyber-risk) may assist with respect to insider threats.
Who Should Attend:
- Data Security Expert
- Chief Information Security Officers
- Chief Information Officers
- IT Security Officers
- Fraud Monitoring
- Compliance and Risk Officers
- In-house Counsel
- Legal Consultants
- Other Related/Interested Professionals and Organizations
Rob Sobers, a Director at Varonis. He has been writing and designing software for over 20 years and is co-author of the book Learn Ruby the Hard Way, which has been used by thousands of students to learn the Ruby programming language. He is a 12-year technology industry veteran and prior to joining Varonis, held positions in software engineering, design and professional services.
Rob Sobers, a Director at Varonis. He has been writing and designing software for over 20 years and is co-author …
Seth Harrington is a litigation partner whose practice focuses on complex business litigation, specifically the wide array of legal issues arising out of data security breaches. Seth works with clients to manage all aspects of the response to a privacy or data security incident, from directing the forensic investigation of a breach to defending against litigation and regulatory inquiries. In particular, Seth has extensive experience representing clients in connection with claims by credit card brands and financial institutions relating to payment card-related data breaches. Additionally, Seth works with attorneys in the privacy and data security group in connection with advising clients on the Payment Card Industry Data Security Standards and negotiation of agreements implicating payment card data. Seth also regularly advises clients on indemnification and insurance matters, including cyber risk insurance.
Seth Harrington is a litigation partner whose practice focuses on complex business litigation, specifically the wide array of legal issues …
Print and review course materials
Method of Presentation:
NASBA Field of Study:
NY Category of CLE Credit:
Law Practice Management
Unlock All The Knowledge and Credit You Need
Leading Provider of Online Continuing Education
It's As Easy as 1, 2, 3
Get Your 1-Year All Access Pass For Only $199
About Varonis Systems
Varonis provides an innovative software platform that allows enterprises to map, analyze, manage and migrate their unstructured, human-generated data. This type of unstructured data includes an enterprise’s spreadsheets, word processing documents, presentations, audio files, video files, emails, text messages and any other data created by employees.
About Ropes & Gray LLP
Ropes & Gray LLP is a leading global law firm with offices in New York, Washington, D.C., Boston, Chicago, San Francisco, Silicon Valley, London, Hong Kong, Shanghai, Tokyo, and Seoul. Built on a foundation of 150 years of forging strong client relationships, Ropes & Gray has over 1,100 lawyers and professionals representing interests across a broad spectrum of industries in corporate law and litigation matters, as well as counseling on labor and employment issues, tax and benefits, creditors’ rights, and private client services. The firm’s clients include leading industrial companies, financial institutions, government agencies, hospitals and health care organizations, colleges and universities, as well as families and individuals.