Zero-Day Malware Worries

A Q&A with Greg Wasson of ICSA Labs
The term zero-day malware refers to threats that take advantage of existing but unknown (to the owner or developer) loopholes in the system. I spoke to Greg Wasson, program manager at ICSA Labs, about zero-day vulnerabilities and the risks they pose for companies.

Read more »

Cyber Risk , , , ,

Cloud Risk: The Blind Spot in Cyber Risk Management

A Q&A with Taiye Lambo of CloudeAssurance – an eFortresses Company
With the cloud becoming a daily reality for most businesses, security risks are greater than ever before. Yet many companies are not even aware of their vulnerability, says Taiye Lambo of CloudeAssurance. I asked him what they could be doing to bolster data safety and securely within the cloud.

Read more »

Cyber Risk , , ,

Placing a Value on an R&D Loss

A Q&A with Rob Chiang of Navigant Consulting
When a company loses valuable R&D data during a breach incident, that loss or value must be calculated for financial and legal purposes. I asked Rob Chiang, leader of the Intellectual Property valuation practice at Navigant Consulting, about the valuation process, and how he determines the value of lost data.

Read more »

Cyber Risk , , , , ,

Protecting Children’s Data Online

A Q&A with Marshall Harrison of Imperium
With the passage of the Children’s Online Privacy Act (COPPA) businesses are scrambling to find effective ways of staying compliant with the regulation. I talked to Marshall Harrison, founder and CEO of Imperium, about the law’s implications and his new product ChildGuardOnline, an FTC-approved parental consent verification solution.

Read more »

Cyber Risk , , , , , , , ,

Breach Forensics: Preparing for an Investigation

A Q&A with Steve Visser, Managing Director at Navigant Consulting
Many types of data security incidents can require a forensic investigation to uncover the depth of the breach and how it occurred, and this process is more efficient when an organization has anticipated what’s involved. I talked to Steve Visser—national leader of Navigant Consulting’s information security incident investigation and response practice—about what risk managers can do to prepare for a successful forensic investigation.

Read more »

Data Breach Response , , , , , , ,

Unpacking CryptoLocker

A Q&A with Michael Tanji of Kyrus
The introduction of CryptoLocker “ransomware” poses a new security threat to organizations—in fact, one of our customers was recently hit with this hostage-taking nuisance. To get a better sense of what CryptoLocker does and how it can be stopped before any damage is done, I spoke with Michael Tanji of Kyrus.

Read more »

Cyber Risk , , , , , ,

Using Data Security Policy Templates to Maximum Effect

A Q&A with Ronald Raether of Faruki Ireland and Cox P.L.L.
Having written privacy and security policies and procedures in place is critical for organizations in an era when data breaches are an inevitable reality, which is why data security-focused law firm Faruki Ireland & Cox has created policy templates for clients. These templates are now available in the eRisk Hub® and I spoke to attorney Ronald Raether about how they should be used.

Read more »

Data Breach Response , , , , ,

Mobile App Data Security

A Q&A with Jack Walsh of ICSA Labs
With the proliferation of mobile devices, businesses from all sectors are now offering apps for consumer and employee use. However, data insecurity, the potential for lost personal information and a lack of developer experience pose a major liability for companies providing mobile apps. I talked to Jack Walsh, mobility programs manager of ICSA Labs, about the major security and privacy issues connected to mobile apps.

Read more »

Cyber Risk , , , , ,

Data Breach Liability from a Class Action Trial Lawyer’s Standpoint

A Q&A with Jay Edelson of Edelson LLC
With court attitudes around privacy issues constantly evolving, it can be a challenge to understand what constitutes a significant data breach case and the consequences liable organizations face. I asked counsel Jay Edelson about how he chooses his class action cases and how the current legal climate is treating them.

Read more »

Data Breach Response , , , , ,

Mandiant’s Summers: Companies Mostly Ill-Prepared for Inevitable State-Sponsored Cyber Attacks

Reprinted with permission from HB Litigation. Fire alarms sounded at the waterfront luxury hotel in Southern California, bringing an early end to the speaker’s presentation.  He was addressing [..]

Cyber Risk , , , ,