Sharing the Load: What are Chief Privacy Officers, Chief Information Security Officers, and General Counsel Doing in Real Life to Divide Up Roles and Responsibilities? (conference panel discussion)

Business leaders are beginning to understand that cyber is not just an IT issue, a legal issue, or any other silo-ed issue, but that it is an overall business risk issue and that makes managing cyber risk a team sport.
This week I had the privilege of moderating a panel discussion that was titled “Sharing the Load: What are Chief Privacy Officers, Chief Information Security Officers, and General Counsel Doing in Real Life and How Do They Work Together with Outside Firms to Divide Up Roles and Responsibilities?”
For this discussion we had these amazing panelists sharing their unique industry expertise:
Our objective was to help the attendees understand that since cyber — one of the greatest overall risks that businesses face — is an overall business risk issue, it takes a team of many different stakeholders within and outside of the organization, working together as a team, to effectively manage this risk, and to help them understand how those stakeholders should all work together. We covered these main topics:
  1. Who is on the team, both internally and externally?
  2. What are the various players’ roles?
  3. How do the players communicate and collaborate together?
  4. How does the team play well together, overall, and who is the head coach?
  5. How do the players share and divide up responsibility for cyber risk?
  6. Who is involved with procuring appropriate cyber insurance and ensuring you can use your favorite outside vendors?
  7. Who ultimately owns incident response planning and preparation?
  8. Who takes the lead when the bad stuff happens?
Many thanks to these outstanding speakers and to The Center for American and International Law for providing us with the opportunity to present this very important information at its outstanding 3rd Annual Cybersecurity & Data Privacy Law Conference, I am already looking forward to next year’s conference!

Making Sure It’s Covered: Cyber Insurance — What are the Practical Things In-House and Outside Attorneys Need to Know? (conference panel discussion)

Cyber insurance is a hot topic among many but unfortunately, far too many companies are not getting any cyber coverage or are not getting the coverage they need for their risks.
This week I had the privilege of moderating a panel discussion targeted for in-house counsel that was titled “Making Sure It’s Covered: Cyber Insurance — What are the Practical Things In-House and Outside Attorneys Need to Know?”
For this discussion we had these amazing panelists sharing their unique industry expertise:
Our objective was to give the attendees a broad understanding of cyber insurance so they know why it is important to have cyber coverage (and dispel some of the “fake news” about cyber insurance), how to get the right coverage, and how to properly use their insurance solutions before and after they have an incident. We covered these main topics:
  1. Why cyber insurance is critical.
  2. Overview of the insurance process, who the players are such as brokers, underwriters, and claims, and how they all work together in the overall insurance ecosystem.
  3. Getting the right coverage.
  4. The claims process.
  5. Understanding how the panel of approved vendors works and why it is important to understand that before you have an incident.
  6. Incident response planning and practice.
Many thanks to these outstanding speakers and to The Center for American and International Law for providing us with the opportunity to present this very important information at its outstanding 3rd Annual Cybersecurity & Data Privacy Law Conference, I am already looking forward to next year’s conference!

Was the ransomware attack on 20+ Texas local governments an attack on a single service provider? [UPDATE: YES!]

The Texas local governments attack seems to me to be more akin to the trend we have been seeing in 2019 with attackers targeting one MSP and then using that access and the MSP’s tools to attack / encrypt the MSP’s individual clients. If I’m not mistaken (and, I could be), the Texas DIR often acts as sort of a provider / MSP or/ MSSP to some local governments by providing outsourced services to those local governments.

Does anyone know if that was the case for these 22 entities or if that has some connection? I do know DIR is leading the response.

UPDATE: I just heard from a friend who has worked arm in arm with these folks and the answer is:

Hey Shawn. Answer to your DIR question is no. DIR does not provide services to local gov in this form but does coordinate response.

UPDATE UPDATE:

As we learn more, yep, it was an MSP — join the discussion here:

https://www.linkedin.com/posts/activity-6569964507114852352-8IK7

https://www.linkedin.com/posts/shawnetuma_about-dir-activity-6569395266389110784-40Jw

 

***URGENT*** MEMO TO “THE IT GUY” RE: RANSOMWARE

***urgent memorandum***

TO: The “IT Guy”

FROM: Shawn Tuma

SUBJECT: Your clients affected by ransomware


STOP OVERWRITING / WIPING / DELETING OR OTHERWISE DESTROYING YOUR CLIENTS’ DATA WHEN THEY ARE AFFECTED BY RANSOMWARE!!!

PLEASE!!! PRETTY PLEASE!!! PRETTY PLEASE WITH SUGAR ON TOP!!! JUST STOP IT!!!

Seriously, everyone understands that ransomware is scary stuff and when you discover that one of your clients has been hit by it, it can cause quite a bit of panic. That is understandable. But, when you feel that sense of panic, that is not the time to act — that is the time to pause, take a deep breath, gather your senses, and let your emotions settle down and your brain take back over. Then, recall the Hippocratic Oath that doctors must take:

“first, do no harm”

Just because you cannot figure out what to do with the encrypted data does not mean that there are not other people out there who can. Consider these points:

  • There are really good folks out there who are experts at getting data like this decrypted.
  • There are outstanding cyber insurance policies that will pay the cost of the ransom to recover the data.
  • Over the course of time, ransomware decryption keys start to make their way into the wild and data that was at one time unrecoverable magically becomes recoverable.
  • And, in many cases, that original encrypted data is necessary to perform forensics that may prove to be very beneficial to your client.

But guess what? NONE OF THIS IS POSSIBLE AFTER YOU COME ALONG AND FINISH THE HACKER’S JOB BY DESTROYING ANY HOPE YOUR CLIENT EVER HAD OF RECOVERING ITS DATA BY PERMANENTLY DELETING IT!!!

PLEASE, JUST STOP IT!!!

Texas AG: Business Must Implement and Maintain Reasonable Cybersecurity Safeguards

Texas AG - Reasonable Cybersecurity

Go here to read: Texas Businesses Must Implement and Maintain Reasonable Cybersecurity Safeguards According to State Attorney General