Your Company Has Been Cyber Hacked! Strategies For Dealing With The Fallout
Overview:
Damage caused by cyber-attacks is increasing exponentially and can cause huge losses for companies and consumers. Businesses must take cyber security seriously to avoid the threats that cybercrime possess to their networks and customers.Damage caused by cyber-attacks is increasing exponentially and can cause huge losses for companies and consumers. Businesses must take cyber security seriously to avoid the threats that cybercrime possess to their networks and customers.
- FBI new measures, such as embedding agents with police departments across Eastern Europe, including Estonia, Romania and Ukraine
- Privacy and Civil Liberties Oversight Board- their role and functions
- FCC – Small Biz Cyber Planner
- The NIH Information Security and Privacy Training Courses
- Up to the minute regulatory updates
Agenda:
Jim Halpert, Partner,
DLA Piper
- Hacking is a growing problem (perpetrated not only by “recreational hackers” but also by overseas competitors and sophisticated governmental actors) that companies need to take very seriously. If you find out that you are hacked, you need to conduct a thorough investigation to understand what has occurred and to ensure that you have restored the integrity of your system with no malware or vulnerabilities remaining in your system.
- It is critical that before they are hacked organizations implement both strong information security programs and sound incident response plans. The incident response plan needs to draw on and involve key resources within your organization — IT, legal, law enforcement liaison, corporate communications and, if client data are involved, the relationship team for those client.
- For most organizations, it is a very good idea to engage a skilled computer forensics consultant to determine exactly what happened, to clean your IT infrastructure of vulnerabilities and detect and purge all malware. A key element of data security legal requirements is to adjust your system in light of actual and potential security threats. Failure to respond and learn from actual hacks will likely be considered as negligence. Furthermore, businesses have obligations under SOX to have business continuity plans and protections in place so as not to be crippled by cyber threats. Businesses in heavily targeted sectors (e.g. financial services and defense) should seriously consider going further and helping to raise the security of devices that interact with their servers.
- It is very important to assess as quickly as possible whether the hack likely involves: (1) sensitive personal information triggering a security breach notice obligation to individuals and to government authorities, (2) PCI-DSS data, which triggers requirements to notify the payment card brands and potentially to indemnify them, pay for a special PCI audit and pay fines, (3) sensitive trade secret information serious enough to trigger an SEC requirement to notify shareholders, or (4) a compromise of the security of critical infrastructure, which can give rise to significant harm. The presentation will explain each of these four categories and the steps to take in each case.
- It is also sometimes advisable with appropriate confidentiality assurances and obtaining trade secret protection, to share information about hacking incidents with law enforcement, particularly if you want to attempt to pursue the hacker. Adopting more aggressive counter-measures (for example to retrieve stolen data that is stored on an intermediary server) can sometimes be desirable, but it is important to review these measures for compliance with the law. In addition, organizations in targeted sectors often benefit from sharing information on potential and actual threats with colleagues in other organizations and potentially with government cyber-security authorities. Given the dynamic nature of cyber security threats, information sharing is very important to stay up to speed with evolving threats and to help protect the infrastructure.
C. Kelly Bissell, Global Incident Response and U.S. IT Risk Management Leader,
Deloitte & Touche LLP
breaches, fraud, and disruption of services
- Organizations are experiencing more frequent cyber incidents than ever before
- Discuss costs and impacts to organizations
- Discuss number and types of breaches
- Discuss how to plan for and respond to cyber incidents including loss of data, security
Daimon E. Geopfert, National Leader, Security and Privacy Consulting,
McGladrey LLP
Paula Vuksic, CPA, MST , Partner ,
Citrin Cooperman
- Many organizations still rely almost exclusively on preventative controls (patching, anti-virus, IDS,
etc) while neglecting their detective (monitoring) and corrective (incident response) controls - The issue with this is that modern threats are purpose built to bypass preventative controls (zero-
days, rapidly mutating malware, IDS evasion, etc) - While the odds are low that any single organization will be targeted by an APT level threat, we are
seeing a “bleed-over” affect where APT-ish capabilities are being built into hacking toolkits
which are then wielded by the masses of malicious but un-skilled attackers - The focus on preventative controls contributes not only to the large number of breaches we’ve been
seeing, but also their duration. Some organizations are breached for years at a time
without knowing it. - Organizations should use the information in the public domain that describes how other companies
were breached, and they should run mock exercises to see if they would be capable of handling a
similar attack. They should as themselves, where would we have done better monitoring in order to
catch this attack? - Organizations need to plan to fail as all security solutions can eventually be breached. Their goal
should be to fail gracefully, by which I mean that they can quickly identify the breach and respond
before significant damage is done.
Jonathan Fowler, EnCE, ACE , Director of Forensics,
First Advantage Litigation Consulting
- Internal Fallout
- The company needs to determine how the hack was carried out so that appropriate measures can be put in place to (a) prevent the hack from being carried out again and (b) ensure that corporate IT systems are no longer infected. Additionally, proactive measures should be taken to educate employees on potential dangers of hacking (including social engineering concepts).
- External Fallout
- Depending on the type of data hacked, does the company have an obligation to report the incident, either to governmental regulators or to investors (or both). Outside counsel may need to be involved to assist the company in navigating through the various state and Federal regulations/requirements in reporting these incidents.
- Proactive Steps
- Aside from corporate IT departments using proactive tools and techniques to monitor for attacks, corporations should form data breach incident teams that include personnel from IT, Risk Management, Legal, as well as business-group leaders to put together a set of standard procedures for the company to follow should an incident occur in the future. This may also involve outside vendors as well, such as computer forensic or cybersecurity specialists.
Who Should Attend:
- Chief Security Officers
- Senior Executives
- Chief Risk Officers
- IT Heads
- Other related Professionals>
Jim Halpert is a partner in the Communications, E-Commerce and Privacy practice of DLA Piper.Mr. Halpert counsels technology and content …
Kelly Bissell is a Principal Deloitte’s Security & Privacy group. Kelly has been with Deloitte for over nine years and …
Daimon Geopfert is a director with the technology risk advisory services group at McGladrey LLP. He specializes in penetration testing, …
Jonathan Fowler is Director of First Advantage’s Digital Forensics practice in the United States. In that capacity, he conducts complex …
Course Level:
Intermediate
Advance Preparation:
Print and review course materials
Method of Presentation:
On-demand Webcast (CLE)
Prerequisite:
NONE
Course Code:
124281
Total Credits:
2.0 CLE
Login Instructions:
No Access
You are not logged in. Please Login or register to the event to gain access to the materials and login instructions.
Unlock All The Knowledge and Credit You Need
Leading Provider of Online Continuing Education
It's As Easy as 1, 2, 3
Get Your 1-Year All Access Pass For Only $199
SPEAKERS' FIRMS:
About DLA Piper
DLA Piper became one of the largest business law firms in the world in 2005 through a merger of unprecedented scope in the legal sector. We were built to serve clients wherever in the world they do business – quickly, efficiently and with genuine knowledge of both local and international considerations. Whether our clients require seamless coordination across multiple jurisdictions or delivery in a single location, they can count on us to deliver the right service and solutions.
Website: https://www.dlapiper.com/home.aspx
About Deloitte & Touche LLP
Deloitte’s Audit & Enterprise Risk Services help organizations build value by taking a Risk Intelligent approach to managing financial, technology and business risks. This approach helps our clients focus on their areas of increased risk, bridge silos to effectively manage risk across organizational boundaries and seek not only risk mitigation, but also pursue intelligent risk taking as a means to value creation.Deloitte’s Security & Privacy practice assists clients across all industries with information risk management, security, and privacy initiatives including:• Information & Technology Security Management • Business Continuity Management • Privacy & Data Protection • Cyber Threat & Vulnerability Management • Identity & Access Management • Application Integrity Its innovation center, the Deloitte Center for Security & Privacy Solutions, focuses on building innovative, transformational and sustainable solutions that address current management challenges posed. The Center has been developing new ways to help organizations align strategies, processes, and operations to improve operational resilience in uncertain environments.Visit:https://www.deloitte.com/us/securityandprivacysolutions
About McGladrey LLP
McGladrey is the fifth largest U.S. provider of assurance, tax and consulting services, with nearly 6,500 professionals and associates in more than 70 offices nationwide. McGladrey is a licensed CPA firm, and is a member of RSM International, the sixth largest global network of independent accounting, tax and consulting firms. We have approximately 100 information assurance professionals nationwide dedicated exclusively to serving clients’ technology security- and risk-related needs. The McGladrey professionals who work with you have wide-ranging experience within the forensics and response fields, including law enforcement, military, intelligence and corporate investigations. Our professionals carry a multitude of industry recognized certifications, and several of our members are recognized thought leaders within the security industry. Our certifications include EnCase Certified Examiner (EnCE), GIAC Certified Incident Handler (GCIH), Certified Forensic Computer Examiner (CFCE) and various security certifications such as the Certified Ethical Hacker (CEH) and the Certified Information Security Systems Professional (CISSP).
Website: https://mcgladrey.com/
About First Advantage Litigation Consulting
First Advantage Litigation Consulting is an international eDiscovery and managed review provider with extensive experience in litigation, antitrust, second requests, and internal and external investigations. The company supports law firms and corporations with cost-effective, end-to-end litigation services that include data collection, computer forensics, expert testimony, multi-lingual and on-site data processing, hosting and document review. Safe Harbor certified, the company can deploy its services rapidly and efficiently to clients anywhere in the world from offices and data centers in North America, Europe and Asia. For more information, please visit www.fadvlit.com.
Website: https://www.fadv.com/