Following an outstanding SecureWorld Expo – Dallas Conference, Courtney Theim posted a nice wrap up of the lessons learned as of the time of her post: #SWDAL16: What We’ve Learned So Far
I am going to give you the gist of it and encourage you to go check out the full post:
- Surgical Info. Hackers are changing their tactics, as I always mention when I reference Sun Tzu on Cybersecurity. In 2014 they hacked for payment card data, in 2015 they hacked for heath care data, and now, in 2016, they are seeking more surgical information, looking for high-value data, not massive data dumps. I have discussed this issue in other contexts such as the Ashley Madison and Brazzers hacks and the increase of “shame hacking.” The preeminent Dr. Larry Ponemon spoke on this and why companies are so vulnerable because of the insider threat.
- Preparedness. Referencing my presentation and the now-popular building on fire slides, “You don’t wait until your building is on fire…you can’t plan for everything but you can plan for a lot” is the quote used to explain the need for every organization to get prepared in advance. As discussed previously, a breach response plan is now a must-have, for every organization. Read here to learn why, And, when the New York Department of Financial Services Cybersecurity Requirements for Financial Services Companies becomes effective next January and your business partners are requiring these, you will really thank me. Stay tuned for a full series on this new NYDFS Cybersecurity Requirements issue!
Do not resist the anticipation any longer. Give in. Go read the full post #SWDAL16: What We’ve Learned So Far and share it with your friends on social media!
Finally, I had the privilege of giving an interview about my recommendations for some basic things that organizations can do to improve their cybersecurity posture (and, effectively use their legal counsel) so please check that out (yes, I need voice lessons and sound like Daffy Duck, sorry!).
Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.