Law.com Subscribers SAVE 30%
Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
<b><i>Online Extra:</b></i> Cyber Attacks Demand Rapid Response, ACC Panel Says
Be ready and act fast. That's the advice a panel on cybersecurity attacks at the Association of Corporate Counsel's annual meeting last month told in-house lawyers.'
'The amount of time companies have to respond is shrinking,' said Miriam Wugmeister, a New York partner at Morrison & Foerster who moderated the panel. Wugmeister, whose practice includes privacy and data security, noted that Target Corp. notified 40 million people in four days after its 2013 data breach. Target is a client of Morrison & Foerster.
'That's where the bar has been set,' Wugmeister said.
The panel also included: Korin Neff, corporate compliance officer at Wyndham Worldwide Corp.; Erez Liebermann, senior regulatory counsel at Prudential Financial Inc.; and Jeremy Batterman, an associate director at Navigant Consulting.
At the meeting in Boston, they participated in a session titled 'A Brave New World: Cybersecurity and Data Protection in the Wake of Recent Corporate Attacks.'
The four panelists emphasized the importance of creating precrisis relationships and agreements with vendors who can help, such as forensic firms and credit monitoring companies. Liebermann suggested getting to know local secret service and Federal Bureau of Investigation officials.
'Once you develop that personal relationship, they're going to view you in a different light,' Liebermann said.
Companies need to be ready for dire situations, including those like the 2014 cyberattack that North Korean hackers mounted against Sony Pictures Entertainment Inc., Liebermann said.
When planning for a possible incident, 'you should start thinking about your business-continuity people in the room,' Liebermann said. He added that hackers might be reading company emails even in breaches that do not resemble the Sony situation.
And hackers aren't just targeting major public companies, Batterman said.
Midsize companies, privately held companies and smaller hospitals are facing smaller scale, but still very disruptive breaches, Batterman said.
'This is, again, circling back why it's important to get arrangements [in place],' Batterman said.
During the session, the panel weighed in on several hypothetical situations. The first scenario was a phone call from a well known security blogger about a rumored breach at the company on Friday afternoon of a three-day weekend. Another was a confirmation by internal colleagues and an outside forensic firm that a data breach compromised the names, addresses and credit card data of 10 million customers in the United States and information about upcoming merger and acquisition deals.
The panel members suggested different types of professionals to serve on response teams, such as communications and investor relations, depending on the situation.
Batterman and Wugmeister also suggested keeping the response team small enough to minimize the likelihood of leaks.
Neff and other panelists emphasized the importance of having agreements with more than one outside company that can be called in to handle a specific task, like credit monitoring.
'It's not a huge universe of choices, so having relationships with more than one vendor is pretty important as well,' Neff said.
'
Be ready and act fast. That's the advice a panel on cybersecurity attacks at the Association of Corporate Counsel's annual meeting last month told in-house lawyers.'
'The amount of time companies have to respond is shrinking,' said Miriam Wugmeister, a
'That's where the bar has been set,' Wugmeister said.
The panel also included: Korin Neff, corporate compliance officer at
At the meeting in Boston, they participated in a session titled 'A Brave New World: Cybersecurity and Data Protection in the Wake of Recent Corporate Attacks.'
The four panelists emphasized the importance of creating precrisis relationships and agreements with vendors who can help, such as forensic firms and credit monitoring companies. Liebermann suggested getting to know local secret service and Federal Bureau of Investigation officials.
'Once you develop that personal relationship, they're going to view you in a different light,' Liebermann said.
Companies need to be ready for dire situations, including those like the 2014 cyberattack that North Korean hackers mounted against
When planning for a possible incident, 'you should start thinking about your business-continuity people in the room,' Liebermann said. He added that hackers might be reading company emails even in breaches that do not resemble the Sony situation.
And hackers aren't just targeting major public companies, Batterman said.
Midsize companies, privately held companies and smaller hospitals are facing smaller scale, but still very disruptive breaches, Batterman said.
'This is, again, circling back why it's important to get arrangements [in place],' Batterman said.
During the session, the panel weighed in on several hypothetical situations. The first scenario was a phone call from a well known security blogger about a rumored breach at the company on Friday afternoon of a three-day weekend. Another was a confirmation by internal colleagues and an outside forensic firm that a data breach compromised the names, addresses and credit card data of 10 million customers in the United States and information about upcoming merger and acquisition deals.
The panel members suggested different types of professionals to serve on response teams, such as communications and investor relations, depending on the situation.
Batterman and Wugmeister also suggested keeping the response team small enough to minimize the likelihood of leaks.
Neff and other panelists emphasized the importance of having agreements with more than one outside company that can be called in to handle a specific task, like credit monitoring.
'It's not a huge universe of choices, so having relationships with more than one vendor is pretty important as well,' Neff said.
'
Strategy vs. Tactics: Two Sides of a Difficult Coin
With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.
'Huguenot LLC v. Megalith Capital Group Fund I, L.P.': A Tutorial On Contract Liability for Real Estate Purchasers
In June 2024, the First Department decided Huguenot LLC v. Megalith Capital Group Fund I, L.P., which resolved a question of liability for a group of condominium apartment buyers and in so doing, touched on a wide range of issues about how contracts can obligate purchasers of real property.
The Article 8 Opt In
The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.
Major Differences In UK, U.S. Copyright Laws
This article highlights how copyright law in the United Kingdom differs from U.S. copyright law, and points out differences that may be crucial to entertainment and media businesses familiar with U.S law that are interested in operating in the United Kingdom or under UK law. The article also briefly addresses contrasts in UK and U.S. trademark law.