A Q&A with David Zetoony of Bryan Cave LLC
Every year the Data Breach Litigation Report offers a needed view into the reality of the legal risk associated with data security incidents. I spoke with David Zetoony, attorney at Bryan Cave LLC, about this year,s edition and its most notable findings.
A Q&A with Simon Oddy of RGL Forensics
Business interruption (BI) can be a costly side effect of a cyber-attack, and insurance companies are responding in kind with BI policies. I spoke with Simon Oddy, partner of RGL Forensics, about how insurers assess BI and what organizations can do to avoid it.
Q&A with Zach Olsen of Infinite Global
Let’s face it: PR, and it’s fancier sibling, crisis communications, is the red-headed stepchild of the data breach family. Everyone accepts that you need a seasoned breach coach to help navigate the maze of state-specific disclosure laws and avoid third-party litigation, and we can all agree that a sophisticated forensics shop is key to stopping the bleeding and assessing the damage. But then what? It seems like more often than not, a breach victim’s response to an attack is limited to a very delayed and often-canned press release that leaves customers and employees with more questions than answers. I talked to Zach Olsen, President of Infinite Global and head of the firm’s Crisis Response & Reputation Management Group about where he sees an opportunity for reducing the costs and reputational harm of a breach.
A Q&A with Quest
More organizations are adopting Microsoft’s cloud-based Azure Active Directory (AD) but maintaining on premises AD deployments to support legacy systems or applications without internet access. We call this a hybrid Active Directory deployment. Hybrid ADs may pose a security risk if not managed properly. Unexpected changes to the AD environment, such as changes in user privilege, multiple logins in rapid succession, and logins from unusual locations often provide the first indication of an external or internally initiated breach. We spoke to Keri Farrell, Brad Kirby and Matthew Vinton from Quest about this particular concern for organizations and how they can shore up security measures to avoid data loss.
A Q&A with Asaf Cidon of Barracuda
The recent reports about Popcorn Time—a ransomware attack that involves a Ponzi scheme encouraging targets to in turn spread the malware to contacts—show that criminals are becoming ever more creative in their approaches to cybersecurity exploits. I spoke with Asaf Cidon, VP of Content Security at Barracuda about Popcorn Time and what companies need to know about the current threats from hackers.
Q&A with Chris Novak of Verizon
Even as public awareness around ransomware grows, many companies find they are still unprepared for this malicious exploit when it hits. Often, organizations find that despite their best intentions to cooperate with the perpetrators, they still may not get their data back. I talked to Chris Novak, global director of the RISK Team at Verizon Enterprise Solutions, about some of the pitfalls associated with this increasingly common crime.
A Q&A with Matt Ahrens, The Crypsis Group
Last week, the devastating WannaCry attack— considered unprecedented in its scale and speed—hit more than 230,000 computers in 150 countries, including the National Health Service, FedEx, Deutsche Ban and LATAM Airlines, among others. I asked Matt Ahrens of The Crypsis Group about the attack, what made it so dangerous and what it means for organizations trying to improve their cyber security posture.
NetDiligence® Security Advisory – May 14th, 2017
WannaCry/WannaCrypt Exploit Protection Tips
This NetDiligence Security Advisory is published for the benefit of our cyber insurance carrier/broker clients and their insureds. We urge clients to take special note of the details included in this Advisory and take preventative/remedial action on a timely basis. Clients are welcomed to distribute this Advisory to their colleagues and others as they see fit, provided it is distributed without modification of its contents.
A Q&A with:
Forensics firms play a vital role in any data loss incident, helping the breached organization determine exactly what went wrong, assess the scope of the damage, and, in conjunction with a Breach Coach®’s efforts, take steps to remediate the problem. We spoke with leading forensics experts about dos and don’ts for an optimal forensics process.
A Q&A with Ashwin Kashyap of Symantec
On the long—and growing—list of cyber security concerns that keep risk managers up at night are business interruption due to denial of service attacks and the profound vulnerabilities in the Internet of Things. I asked Ashwin Kashyap, director of product management for Symantec, about these risks, the company’s latest research and what can be done to adequately prepare for potentially costly security breaches and business interruption.
