Upload
others
View
6
Download
0
Embed Size (px)
Citation preview
www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential
www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential
A RANSOMWARE TALESPOILER ALERT: THERE IS NO FAIRY TALE ENDING
T H E C Y B E R S E C U R I T Y P R E S E N T A T I O N A S S O C I A T I O N O F A M E R I C A H A S R A T E D T H I S P R E S E N T A T I O N R : A S I N R E Q U I R E D V I E W I N G F O R T H E C - S U I T E
J U S T I N S . D A N I E L S
B A K E R D O N E L S O N
S H A R E H O L D E R
6 7 8 . 4 0 6 . 8 7 0 6
j d a n i e l s @ b a k e r d o n e l s o n . c o m
J O D I D A N I E L S
R E D C L O V E R A D V I S O R S
P R I V A C Y C O N S U L T A N T
4 0 4 . 9 6 4 . 3 7 6 2
j o d i @ r e d c l o v e r a d v i s o r s . c o m
www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential
A PLEASANTLY SOUNDING UNPLEASANT NOTE
www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential
WHAT DO WE DO NOW?
Breach Notification Analysis and
Advice
Get Breach Team in Place
Employee and Customer
Communication
Forensic Investigation
Contact Threat Actor and
Ransomware Negotiation
www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential
BREACH TEAM
• Time is precious – yet most companies don’t know who to call when they are the star in the Ransomware Tale!
• All hail the forensics team…what is this privilege thing?
• What is a ransomware negotiator and why do I need it?
• What is the comms plan?
www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential
CUSTOMER AND EMPLOYEE COMMUNICATIONS
• As Crash Davis says: Learn your Phrases “network outage” “disruption to the network”
• Just the facts, NO SPECULATING as this story changes hourly!
• Always qualify what you say with the words “the investigation is ongoing.”
• Do you have a solid NDA in case you have to discuss the cyber event with specific customers?
www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential
FORENSIC ANALYSIS: SEPARATING THE SH FROM THE IT
• How did the TA get in?
• What systems were impacted?
• Any evidence of data exfiltration?
• Any concern of migration to customer’s systems?
• Any issues with the integrity of backups?
www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential
THE RANSOMWARE NEGOTIATION DANCE
• Do you have to negotiate and how do you do it?
• Request proof of decryption (Do not send PI/PHI files).
• Do not pay the ransomware without interacting with law enforcement: Booby prize could be prosecution for aiding terrorism!
• Do not assume the decryption key will work on all files.
www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential
A PAUSE FOR PRIVACY
• Do you collect PI or PHI?
• Do you store PI or PHI?
• Do you process PI or PHI for others?
• Do you know where it is on your network?
• Will PI or PHI appear in unexpected places?
www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential
BREACH NOTIFICATION RULES
GDPR: 72 HOURS AFTER THE BREACH
VS.
50 U.S. BREACH NOTIFICATION LAWS
(TIME PERIOD VARIES BY STATE)
www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential
BREACH COSTS TO DATE
BREACH COSTS
Forensic Firm $150,000
Legal Fees $80,000
Rebuild IT Infrastructure $110,000
Ransomware Payment $80,000
Loss of Customers ???
Reputational Harm ???
TOTAL $420,000
www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential
RANSOMWARE EPILOGUE
MFA ImplementationRisk
Assessment/Implementation Cyber Plan
What is your Liability under your customer and vendor
contracts?
Security Cost of Continued Use of Legacy Systems
Understand Your Insurance Coverage and Panel Firms
No Incident Plan is Planning to Fail
www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential
RANSOMWARE BY THE NUMBERS
• “Double-extortion” ransomware attacks – hackers stealing & encrypting on-site sensitive information, then threatening to release that data – increased by 200% IN 2020
• Hackers launched 1,200 ATTACKS using double-extortion against victims from 63 COUNTRIES IN 2020
• The total estimated cost of global ransomware attacks reached $20B IN 2020, up from $11.5b in 2019.
• The average U.S. ransomware payment increased 775% FROM 2019 TO 2020.
• 70% OF RANSOMWARE ATTACKS in Q4 2020 involved hackers threatening to release stolen data.
www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential
KEY TAKEAWAYS
It won’t happen to our organization is no excuse!
How many customers do you want to lose before security is a priority??
Ransomware is now a trillion-dollar industry for a reason!
Do you have a plan? Who are you going to call?? Hint: It’s not Ghostbusters!
www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential
Q&A DISCUSSIONPRESENTED BY:
Justin S. Daniels
Baker Donelson
Shareholder
678.406.8706
Jodi Daniels
Red Clover Advisors
Privacy Consultant
404.964.3762
www.redcloveradvisors.com
CHECK OUT OUR PODCAST!
https://redcloveradvisors.com/podcasts/
www.bakerdonelson.com© 2021 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC | Confidential
C O N N E C T W I T H U S
WEBSITE
Baker Donelson is among the 80 largest law firms in the country, with more than 650 attorneys and public policy advisors representing more than 30 practice areas to serve a
wide range of legal needs. Clients receive knowledgeable guidance from experienced, multi-disciplined industry and client service teams, all seamlessly connected across 21 offices
in Alabama, Florida, Georgia, Louisiana, Maryland, Mississippi, South Carolina, Tennessee, Texas, Virginia and Washington, D.C.
TWITTERFACEBOOK LINKEDINwww.bakerdonelson.com @Baker_Donelson@BakerDonelson @Baker-Donelson