Forensics: Plan for Success

A Q&A with:

  • Navid Jam, director of security consulting services at Mandiant.
  • Daimon Geopfert, national leader of security and privacy consulting at RSM.
  • Darin Bielby, managing director of disputes and investigations at Navigant
  • Bill Hardin, vice president of forensics services at Charles River Associates
  • Jason Smolanoff, managing director, global practice leader of cyber security and investigations at Kroll
  • Austin Murphy, director of incident response for Crowdstrike

Forensics firms play a vital role in any data loss incident, helping the breached organization determine exactly what went wrong, assess the scope of the damage, and, in conjunction with a Breach Coach®’s efforts, take steps to remediate the problem. We spoke with leading forensics experts about dos and don’ts for an optimal forensics process.

Continue Reading

Business Interruption, Financial Risk and the Internet of Things

A Q&A with Ashwin Kashyap of Symantec

On the long—and growing—list of cyber security concerns that keep risk managers up at night are business interruption due to denial of service attacks and the profound vulnerabilities in the Internet of Things. I asked Ashwin Kashyap, director of product management for Symantec, about these risks, the company’s latest research and what can be done to adequately prepare for potentially costly security breaches and business interruption.

Continue Reading

Phishing Schemes: More Sophisticated and Dangerous Than Ever

A Q&A with Ondrej Krehel of LIFARS

Even as users become more educated about phishing attacks, attackers continue to up the ante, producing new and more credible-looking ways of tricking people into sharing personal information. I spoke with Ondrej Krehel, eRiskHub® security coach and CEO and founder at LIFARS about the latest round of phishing to hit Gmail users.

Continue Reading

Corporate Brand Risk and Security with Internet Ads

 Guest Author: Dane Greisiger

dane

A Q&A with Summer Han and Martin Zhang of Adbug

Most of the cyber risk companies deal with internet facing data is quantifiable. But digital advertising poses another significant problem for global organizations that have not done due diligence. To understand more about this specific kind of threat, I spoke with Summer Han, Vice President, and Martin Zhang, CEO of Adbug, a China-based search engine for digital advertising and ad verification service provider.

Continue Reading

Jetro v. MasterCard: New Concerns for Merchants and Insurers

A Q&A with Doug Meal
The brave new world of cyber liability got a lot more complicated last May. That’s when the Jetro Holdings LLC v MasterCard Inc. case held that if a card brand withholds merchant funds to satisfy the brand’s PCI fines and assessments following a data breach, the merchant has no legal recourse against the brand—even if the brand acted unlawfully in imposing the fines and assessments in the first place. I talked to attorney Doug Meal of Ropes & Gray, LLP, to explore this case and its implications for retailers and their insurers.

Continue Reading

Examining the Recently Introduced New York Department of Financial Services Regulation

A Q&A with Alice Kane and Philip Goldstein of Duane Morris, LLP

Acknowledging the degree to which cyber theft poses a threat to the insurance industry, the New York Department of Financial Services (NYDFS) issued a proposed cybersecurity regulation in September. We talked to Alice Kane and Philip Goldstein, attorneys at Duane Morris, LLP about the regulation and its implications for the insurance industry.

Continue Reading

A Closer Look at the 2016 Cyber Claims Study

 Guest Author: Dane Greisiger

dane

A Q&A with Patrick Florer and Heather Goodnight-Hoffmann

The annual NetDiligence® Cyber Claims Study examines reported claims by leading insurers to assess the true costs of data breaches. As we unveil the 2016 study, I spoke with Patrick Florer and Heather Goodnight-Hoffmann of Risk Centric Security who compiled the data and analyzed its results.

Continue Reading

Mitigating Phishing Threats

A Q&A with Bob Bell and Luke Emrich of RSM US; Sudhir Bhati of Symantec; and Ondrej Krehel of LIFARS

Once a crude way for hackers to gain access to sensitive data, phishing attempts have now become increasingly sophisticated and more commonplace. Most concerning, this attack vector relies almost completely on human error, making it a difficult challenge to stamp out. We spoke with several experts—Bob Bell and Luke Emrich of RSM US, Sudhir Bhatti of Symantec and Ondrej Krehel of LIFARS—about how organizations can better arm themselves to avoid phishing scams. Their recommendations fell into three basic categories: training, technology and a combination of training and monitoring.

Continue Reading

Breach Coach® 101

A Q&A with Chris DiIenno, Esq. of Lewis Brisbois

Breach Coach® (es) are first responders on the scene of a data loss event and companies are increasingly hiring these cyber security experts to help manage their incident response. We asked Chris DiIenno about his work in this area and his advice to companies facing a data breach.

Continue Reading

No more posts.