cybersecurity minimizing the x factor kathleen rice
play

Cybersecurity : Minimizing the X-Factor Kathleen Rice Faegre Baker - PowerPoint PPT Presentation

Jun 02, 2023 •42 likes •202 views

Cybersecurity : Minimizing the X-Factor Kathleen Rice Faegre Baker Daniels NFI Insurance Forum Indianapolis, IN October 23, 2015 1 Data Security and Privacy Incidents Are on the Rise Billions lost in cyber theft of Potential for identity

  1. Cybersecurity : Minimizing the X-Factor Kathleen Rice Faegre Baker Daniels NFI Insurance Forum Indianapolis, IN October 23, 2015 1

  2. Data Security and Privacy Incidents Are on the Rise Billions lost in cyber theft of Potential for identity theft Specific protections for intellectual property and and other consumer personal information breach costs as high as $217 losses per record Potential damages from Security safeguards for Impact on product or security lapses in vendors, certain kinds of data environmental safety contractors or affiliates Breach notification, Lawsuits and regulatory including penalties for Lost consumer confidence enforcement actions failure to comply 2

  3. Why More Companies are Paying Attention to Cybersecurity 3

  4. Why More Companies are Paying Attention to Cybersecurity In 2015, average cost for each lost or stolen record increased from $201 to $217. Total average cost paid by U.S. company increased from $5.9 million to $6.5 million. Source: Ponemon Institute 2015 Cost of Data Breach Study: United States 4

  5. Why More Companies are Paying Attention to Cybersecurity ► The legal costs ► Data breach notification ► Data breach litigation ► Regulatory enforcement ► The non-legal costs ► Loss of consumer/shareholder/employee confidence ► Ponemon Institute: reputation and loss of customer loyalty do the most damage to the bottom line ► Business interruption ► Disabled web storefront ► Demands on employee time ► Loss of intellectual property, confidential information 5

  6. Minimizing the X-factor: Understanding Data and Risk ► Know your organization ► Increased regulatory focus on “tone at the top” ► Understand applicable laws and regulations ► Implement data security and privacy policies, procedures, and training ► Know your data ► e.g., personal, employee, consumer, proprietary ► Understand and implement safeguards ► Know your risks ► Insider threat (including inadvertent disclosure); vendors; suppliers; contractors; customers; and employees; bring your own device ► Cyber attack ► Physical threat and natural disasters 6

  7. Minimizing the X-Factor: Navigating the Legal and Regulatory Landscape ► New laws; old proposals ► Regulatory enforcement ► Recent data breach court decisions ► Split among courts as to whether there is actual injury/standing ► Viability of state claims 7

  8. U.S. Legislative Landscape ► Federal laws govern certain industries: e.g., HIPAA applies to healthcare sector ► Otherwise, no overarching federal cybersecurity/data breach notification law or cybersecurity standards ► Congress considering data breach notification and cyber information sharing legislation ► Patchwork of 47 state laws, plus laws in DC, Guam, Puerto Rico, and the Virgin Islands 8

  9. U.S. Legislative Landscape: State Laws ► In general, data breach = an event in which NAME + SS# or FINANCIAL INFO are accessible to unauthorized individual ► When a data breach occurs, data subjects must be notified and usually provided some explanation about incident ► Notification to regulators: Indiana says notify AG ► Most states require prompt notification: Indiana says without unreasonably delay (often interpreted as 30 days) ► The law that applies = law of the state where data subject resides ► May or may not be state where company is headquartered ► Often means company has to comply with 47+ different laws 9

  10. U.S. Regulatory Landscape ► NIST Cybersecurity Framework ► Not a regulation, but provides roadmap for regulators and industry to identify risk and defend against threats ► National Association of Insurance Commissioners ► 12 cybersecurity principles for insurers to protect consumer information ► Securities and Exchange Commission ► Issued guidance in 2011 on the disclosure of cybersecurity risks and incidents ► Federal Trade Commission ► Has authority under Section 5 of FTC Act to investigate “unfair/deceptive acts or practices” ► Pursues companies that don’t keep promises made in privacy statements (this is deceptive) ► Pursues companies that don’t provide adequate security (this is unfair) 10

  11. U.S. Regulatory Landscape: FTC v. Wyndham ► FTC v. Wyndham Worldwide Corp. , No. 14-3514 (3d Cir. 2015) ► Arose out of security breach involving 619,000 customers, $10 million in fraudulent transactions ► FTC sued Wyndham for failing to protect its customers ► Wyndham moved to dismiss on ground that FTC failed to provide businesses with adequate notice of what constitutes “unfair” data security practices ► Court: FTC has authority to take action against companies that employ poor IT security practices ► FTC : ► Every General Counsel should know what FTC is doing ► Basic security deficiencies outlined in complaint—FTC guidance 11

  12. U.S. Litigation Landscape ► Consumer class actions ► Suits by credit card companies, banks, and other issuing entities ► Shareholder derivative cases and securities litigation ► Claims for breach of fiduciary duty, or even securities fraud; challenge conduct of officers/directors before & after breach ► Lessons from case law ► Regularly discuss data security/privacy at BoD meetings ► Give BoD committee oversight of data security/privacy ► Periodically have third-party consultants assess IT security; consider any deficiencies ► Establish incident response team ► Fully investigate any breach allegation 12

  13. Minimizing the X-Factor: Incident Response ► Prepare ► Engage management ► Review/update policies and procedures ► Develop incident response plan ► Detection/prevention/insurance ► Practice, Practice ► Respond ► Execute response plan ► Stop the bleeding ► Take remedial action ► Engage external experts— forensics, outside counsel, insurers 13

  14. Minimizing the X-Factor: Incident Response ► Investigate ► Find out who, what, how, when, and why ► Identify compromised data ► Determine obligation to notify ► Communicate ► Internally—employees, management, advisors, affiliates, and BoD ► Externally—insurance, law enforcement, regulators, elected officials, shareholders, affiliates, customers, and media ► Assess potential liability, claims, or public safety issues ► Comply ► Identify and comply with federal and state laws and regulations ► Develop litigation response strategy 14

  15. Minimizing the X-Factor: Review and Update Policies ► General Privacy ► Social Media ► Bring your own device ► Employee Monitoring ► Information Technology Usage ► Information and Physical Security ► Data Collection, Sharing, and Retention ► Vendor agreements (e.g., data safeguards, responsibility to protect data, responsibility in event of a breach, compliance, liability considerations) ► Incident Response ► Training 15

  16. Thank you! Leita Walker, Partner +1 612 766 8347 leita.walker@FaegreBD.com Rikke Dierrsen-Morice , Partner +1 612 766 7655 Kathleen Rice , Counsel rikke.morice@FaegreBD.com +1 574-239-1958 Mike Ponto , Partner kathleen.rice@FaegreBD.com +1 612 766 7420 michael.ponto@FaegreBD.com 16

Recommend

Multi-Factor Authentication (MFA) What is it? Why should I use it? CYBERSECURITY Tech Fair 2018

Multi-Factor Authentication (MFA) What is it? Why should I use it? CYBERSECURITY Tech Fair 2018

10.10.18 1 Multi-Factor Authentication (MFA) What is it? Why should I use it? CYBERSECURITY Tech Fair 2018 Boston University Information Services & Technology 10.10.18 2 Recent Password Hacks PlayStation Network (2011) 77 Million

157 views • 13 slides
U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity cybersecurity? William J. Perry Martin Casado Keith Coleman Dan Wendlandt MS&E 91SI Spring 2004 Stanford University U.S. National Cybersecurity

79 views • 7 slides
Cambodian Rice Exporters Video Introduction Of Cambodia, Rice Country Cambodian Rice Exporters

Cambodian Rice Exporters Video Introduction Of Cambodia, Rice Country Cambodian Rice Exporters

CAMBODIA, THE RICE KINGDOM of WHITE GOLD Presented by: Kunthy KANN Chief Executive Officer Battambang Rice Investment Co., Ltd www.battambangrice.com On behalf of the Delegation of Cambodian Rice Exporters Cambodian Rice Exporters

388 views • 13 slides
Cybersecurity Update Its More Than Technology People: Your First Line of Defense Incident

Cybersecurity Update Its More Than Technology People: Your First Line of Defense Incident

Cybersecurity Update Its More Than Technology People: Your First Line of Defense Incident Response Overview Types of data in your environment and why it is important. Trending threats. Minimizing risks through layers of defense:

486 views • 30 slides
Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives:

Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives:

Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives: Define Cybersecurity & why its important Provide information about Dept. Homeland Security Cybersecurity Campaigns: National

328 views • 22 slides
Rice: Rice: )) 5(

Rice: Rice: )) 5(

4# International Rice Research Institute Rice: Rice: )) 5(

327 views • 4 slides
DIFFERENTIAL EXPRESSION OF TISSUE FACTOR F3 AND NUCLEAR RECEPTORS 4A IN EARLY DEATH ACUTE

DIFFERENTIAL EXPRESSION OF TISSUE FACTOR F3 AND NUCLEAR RECEPTORS 4A IN EARLY DEATH ACUTE

DIFFERENTIAL EXPRESSION OF TISSUE FACTOR F3 AND NUCLEAR RECEPTORS 4A IN EARLY DEATH ACUTE PROMYELOCYTIC LEUKEMIA PATIENTS Miriam Frech 1 , Kathleen Stabla 1 , Andrea Nist 1 , Marco Mernberger 1 , Sabine Teichler 1 , Cornelia Brendel 1 , Heidi

439 views • 16 slides
Cybersecurity A presentation to the National Association of Black Accountants Cleveland

Cybersecurity A presentation to the National Association of Black Accountants Cleveland

Cybersecurity A presentation to the National Association of Black Accountants Cleveland Chapter Contents Cybersecurity and risk management 1 Cybersecurity and the regulatory 2 environment Cybersecurity and the audit 3 4 Appendix

685 views • 37 slides
The U.S. EPAs Draft Oral Slope Factor (OSF) for 2,3,7,8-Tetrachlorodibenzo- p - dioxin (TCDD)

The U.S. EPAs Draft Oral Slope Factor (OSF) for 2,3,7,8-Tetrachlorodibenzo- p - dioxin (TCDD)

The U.S. EPAs Draft Oral Slope Factor (OSF) for 2,3,7,8-Tetrachlorodibenzo- p - dioxin (TCDD) Glenn Rice, Sc.D. National Center for Environmental Assessment Office of Research and Development Science Advisory Board Dioxin Review Panel

278 views • 13 slides
Certainty Factor certainty factor CF (is the certainty factor in the hypothesis H due to

Certainty Factor certainty factor CF (is the certainty factor in the hypothesis H due to

Certainty Factor certainty factor CF (is the certainty factor in the hypothesis H due to evidence E) ranges between -1 (denial of the hypothesis H) and +1 (confirmation of H) allows the ranking of hypotheses difference between

280 views • 5 slides
Lender Liability: Evaluating, Minimizing Lender Liability: Evaluating, Minimizing and Defending

Lender Liability: Evaluating, Minimizing Lender Liability: Evaluating, Minimizing and Defending

Presenting a live 90 minute webinar with interactive Q&A Lender Liability: Evaluating, Minimizing Lender Liability: Evaluating, Minimizing and Defending Claims Defending Against Attacks on Loans in Workouts, Defaults and Bankruptcy THURS

979 views • 95 slides
Minimizing Churn in Distributed Systems Brighten Godfrey Scott Shenker Ion Stoica SIGCOMM 2006

Minimizing Churn in Distributed Systems Brighten Godfrey Scott Shenker Ion Stoica SIGCOMM 2006

Minimizing Churn in Distributed Systems Brighten Godfrey Scott Shenker Ion Stoica SIGCOMM 2006 1 introduction Churn: an important factor for most distributed systems Turnover causes dropped requests, increased bandwidth, ... Would like to

631 views • 31 slides
KACo Cybersecurity Training KACo Cybersecurity Training Cybersecurity Threats Phishing

KACo Cybersecurity Training KACo Cybersecurity Training Cybersecurity Threats Phishing

7/17/2020 KACo Cybersecurity Training KACo Cybersecurity Training Cybersecurity Threats Phishing Attacks Malware/Ransomware Hacking Imposter Scams 1 7/17/2020 KACo Cybersecurity Training BEWARE OF Phishing Phishing attacks

248 views • 6 slides
Com pressive Sensing and Applications Volkan Cevher volkan@rice.edu Rice University

Com pressive Sensing and Applications Volkan Cevher volkan@rice.edu Rice University

Com pressive Sensing and Applications Volkan Cevher volkan@rice.edu Rice University Acknowledgements Rice DSP Group (Slides) Richard Baraniuk Mark Davenport, Marco Duarte, Chinmay Hegde, Jason Laska, Shri

1.15k views • 90 slides
Conflicting objectives in design Common design objectives: Minimizing mass ( sprint bike;

Conflicting objectives in design Common design objectives: Minimizing mass ( sprint bike;

Conflicting objectives in design Common design objectives: Minimizing mass ( sprint bike; satellite components ) Minimizing volume ( mobile phone; minidisk player ) Objectives Minimizing environmental impact ( packaging, cars ) Maximizing

450 views • 24 slides
Rating Factor 1 Review Rating Factor 1 Capacity of the Applicant 1 Rating Factor Review 2

Rating Factor 1 Review Rating Factor 1 Capacity of the Applicant 1 Rating Factor Review 2

Fiscal Year (FY) 2020 Indian Housing Block Grant (IHBG) Competitive Grant Application Review Training Rating Factor 1 Review Rating Factor 1 Capacity of the Applicant 1 Rating Factor Review 2 This module will introduce all Rating Factors

576 views • 25 slides
Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright

Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright

Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright CyberSecurity Scholar 4 September 2019 James Davenport Formal Methods and CyberSecurity CyberSecurity CyberSecurity failures abound: tens daily in the

212 views • 19 slides
Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright

Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright

Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright CyberSecurity Scholar 4 September 2018 James Davenport Formal Methods and CyberSecurity CyberSecurity CyberSecurity failures abound: tens daily in the

325 views • 18 slides
Real Application of Factor Investing in SA Ann Sebastian STANLIB FACTOR INVESTING WHAT IS IT?

Real Application of Factor Investing in SA Ann Sebastian STANLIB FACTOR INVESTING WHAT IS IT?

Real Application of Factor Investing in SA Ann Sebastian STANLIB FACTOR INVESTING WHAT IS IT? A factor is a broad, persistent driver of long-term returns SA specific factors are Growth, Quality, Momentum, Analyst Sentiment and Valuation

667 views • 12 slides
ITU Mandate and Activities ITU Mandate and Activities Related to Cybersecurity Cybersecurity

ITU Mandate and Activities ITU Mandate and Activities Related to Cybersecurity Cybersecurity

ITU Mandate and Activities ITU Mandate and Activities Related to Cybersecurity Cybersecurity Related to Subregional Seminar on Cybersecurity for Information and Communication Networks 21 June 2005 Lima, Peru Christine Sund Christine Sund

921 views • 48 slides
Being Strategic about Cybersecurity Regional Cybersecurity Forum, 29-30 Nov 2016, Grand Hotel

Being Strategic about Cybersecurity Regional Cybersecurity Forum, 29-30 Nov 2016, Grand Hotel

Being Strategic about Cybersecurity Regional Cybersecurity Forum, 29-30 Nov 2016, Grand Hotel Sofia, Bulgaria Mr. Joaqun Castelln , Operational Director Spanish National Security Department Ms. Anita TIKOS , Desk Officer for International

197 views • 15 slides
EU in action about cybersecurity NIS Directive 5G Cybersecurity Act GDPR Contractual ISACs

EU in action about cybersecurity NIS Directive 5G Cybersecurity Act GDPR Contractual ISACs

EU Cybersecurity European policy overview e-IRG e-IRG 4 December 2019 Brussels Anni Hellman, Senior Expert, Permanent Representation of Finland to the European Union Seconded for the Finnish Presidency from the Directorate General

320 views • 28 slides
Cybersecurity Today CYBERSECURITY IN TODAYS WORLD Cyberattacks in Wyoming Medical

Cybersecurity Today CYBERSECURITY IN TODAYS WORLD Cyberattacks in Wyoming Medical

Cybersecurity Today CYBERSECURITY IN TODAYS WORLD Cyberattacks in Wyoming Medical Facilities Local Government Schools Law Enforcement Media Outlets The threat and how to think about it Ransomware has rapidly emerged as the most

398 views • 15 slides
INTRODUCTION Institute 12/10/2018 1 OBJECTIVES Current cybersecurity statistics and

INTRODUCTION Institute 12/10/2018 1 OBJECTIVES Current cybersecurity statistics and

Section 1 Dr. Bruce Burton California Cybersecurity INTRODUCTION Institute 12/10/2018 1 OBJECTIVES Current cybersecurity statistics and implications Learn from past attacks Understand the NIST Cybersecurity Framework (CSF) &

368 views • 33 slides

More recommend