Embed Size (px)
Citation preview
Managing Enterprise Risks in a Digital World
2019 BakerHostetler Data Security Incident Response Report
April 16, 2019
Lynn Sessions | [email protected] | 713.646.1352Craig Hoffman | [email protected] | 513.929.3491Paul Karlsgodt | [email protected] | 303.764.4013
BakerHostetler
2019 Key Findings• Please enable MFA!• How big is the cloud?• Incidents will not go away• Basic hygiene• Get ahead of the compliance curve• Use “compromise threat intelligence”• Focus on effective cybersecurity• Phishing is remarkably effective• Digital risk management requires an enterprise approach• Do M&A due diligence• GDPR has changed the incident response game• Regulators are working together and on their own• Class actions arising from data breaches or that allege violations of
privacy laws continue
Ransomware
• Commodity
• More problematicTrickbot to Emotet to RyukAccess, lateral movement, delete backupfiles, deploy Ryuk, wait to be contacted,and then demand large ransom
95 Days 10 Days 36 Days 50 Days
Network Intrusion Timeline
Forensic Investigations
BakerHostetler
Regulatory Enforcement Trends• Timing• Risk assessments• Security practices• Remedial measures
Litigation
Data Breach Litigation• Lost/stolen device litigation ending, network
intrusions now predominant underlying issue• No decisions on class certification in 2018, one early
in 2019• Increase in shareholder derivative actions
Privacy Statute Litigation• BIPA• Impact of CCPA?
Compromise ReadyKnow your environmentThreat information gatheringTechnology – preventative & detectivePersonnel – awareness & trainingSecurity assessments
Identify assets and sensitive dataImplement reasonable safeguardsIncrease detection capabilities
Vendor managementRegulatory complianceGet involved in acquisitionsConduct tabletop exercises Cyber liability insuranceOngoing diligence and oversight
BakerHostetler
“Compromise Response Intelligence”• Look at incidents that affected similar
entities and the outcomes• Do you face the same risk?
Post-Incident
• Conduct lessons-learned session to evaluate IR approach – start with in-person meeting
• Evaluate containment action items and determine if any short-term or longer-term enhancements are warranted based on what occurred
• Leverage the “window”• Work to move security from technical silo to an enterprise
risk addressed by the enterprise – integration of disciplines to address “digital risks”
