data security Archives

Financial Institutions Struggle to Keep Up with ‘Changing Business Needs’ Such as Social Mobile Apps, and Getting Risk Data Quickly, Deloitte Report Suggests

January 27th, 2019|Categories: HB Risk Notes|Tags: Cyber Risk, cyberisk, data breach, data security, deloitte, icrmc, privacy law, risk data, Risk Management|

Deloitte's report is based on a survey of 94 financial institutions around the world that operate in a range of financial sectors and with aggregate assets of $29.1 trillion. Deloitte's Edward Hida -- financial risk community of practice global leader and a partner in Deloitte Risk and Financial Advisory -- posted his executive summary the latest Global Risk Management Survey which is the organization's eleventh. The report is a detailed one and Deloitte draws quite a few conclusions around the continued focus on cyber security, engagement of boards of directors, increase attention to non-financial risks, the potential of digital risk management, enterprise risk management, the proliferation of Chief Risk Officers, an increased reliance on stress testing and more. A couple figures jumped out at me which show at least two challenges to financial institutions. Hear this Deloitte professional at ICRMC in Toronto April 15-16! Respondents are finding "extremely challenging" the need to keep up with changing business operational needs, such as deployment of social mobile applications, data analytics and cloud-based risks. Also in the "extremely challenging" category, not surprisingly, are threats from "sophisticated actors," like foreign governments and crackerjack hacktivists. Other issues categorized as "extremely high priority "revolve around getting quality risk data quickly. Given the average length of time other studies show that a hacker can poke around in your network before you [...]

Kenneth Jones of Tanenbaum Keale on Law Firm Tech Development Capabilities

October 16th, 2018|Categories: HB Risk Notes, HB Tort Notes|Tags: data security, law firm clouds, law firm security|

Should Law Firms Should be Able to Develop Custom Technologies? Here is #10 of Jones' Top-10 List. #10. Security. The cloud is great, and generally speaking, companies in this space operate systems in a highly professional manner. However, occasionally one encounters special business needs which call for extensive “above and beyond” levels of security. This could be times a firm is storing financial information, medical records, or other data they wish to absolutely, positively protect. In these situations — under the theory that “no one does things better than I do” —it’s nice to have the option to build super-secure systems with features such as encrypted data within database tables, and to manage the systems with a very small number of highly trusted professionals specifically known by the law firm. Read more of the article posted by Thomson Reuters. Kenneth Jones oversees various aspects of technology at Tanenbaum Keale LLP in the role of Chief Technologist. He leads efforts to support TK’s computing environment and infrastructure, one that features a strategy of professionally protecting and processing client data in the cloud with highly skilled and respected leading-edge business partners in the technology space. Ken also helps lead and support various TK programs in the areas of security, compliance, business continuity and firm administration. Learn more.

Financial Services Cyber Risk Information Sharing

September 26th, 2018|Categories: HB Risk Notes|Tags: Cyber Risk, cyber security, cybersecurity, data security, financial data, FS-ISAC, hacking, icrmc, privacy law|

Why We Need to be More Like Apes, Less Like Seagulls By Tom Hagy Featuring Craigg Ballance, Director of Canadian Member Services, FS-ISAC Even before we can walk we are encouraged to share. We’re told to share our things even when we barely have any. Even some wild animals share food and resources – even when those resources are scarce. Some creatures are better at it than others, of course. Apes and lions? Absolutely. Seagulls? All you have to do next time you’re on the beach is toss what’s left of your ham sandwich into the air and see how generous gulls are. People fall into sharing -- and not-fond-of-sharing -- groups, too. Sharing is particularly critical in the financial sector where, while privacy and security regulations command a tight lid on data, global financial institutions are successfully sharing data about cyber risk, says Craigg Ballance, Director of Canadian Member Services for FS-ISAC in Toronto. But, he says, sharing has to take place across a broad landscape. “Information analysis sharing has to cut across the various subsets of the financial sector,” says Ballance. “While banks share local data, they are trying more and more to share globally, but,” he says, “banks need to share with other institutions, like insurers, investment funds, pension funds, and other types of financial institutions, for this cooperation [...]

Courtney Klein on Social Media & Security

August 1st, 2018|Categories: HB Risk Notes|Tags: cybersecurity, data security, social media risk|

A Restructured Paradigm for Corporate Teamwork By Courtney Klein of Soteria Risk Consultants Social media has become an integral part of everyday life. It’s how some of us get our news, research our opinions, learn about local events, and connect with friends. For the modern western business, it is also immensely important for staying in touch with customers, advertising, and overall visibility. For this reason, many companies employ veritable armies of “Social Media Specialists” that do everything from designing graphics to writing tweets to replying to customer questions and complaints. Some companies interact with each other (such as the hilarious and long-standing Twitter Battle between Wendy’s and McDonald's), and some use it as their primary form of communication. Customers, too, know that social media is a way to get in touch with a company - for good reasons and for bad - and while many companies are aware that they will and do receive threats on social media, very few of them have any kind of protocol in place for how to deal with them – and even fewer still encourage their social media teams to pass this information on to or (better yet) work together with their security team. This sort of blasé attitude to threats – either because “it’s not my job” or “they can’t be serious” – leads to [...]

A.I. Best Practices: Rules and Policies for Using Artificial Intelligence in Your Business

July 30th, 2018|Categories: HB Risk Notes|Tags: critical infrastructure, cybersecurity, data breach, data security, ransomware, ransomware insurance|

DATE: Sept. 27, 2018 TIME: 2 p.m. EDT; 1 p.m. CDT; 12 p.m. MDT; 11 a.m. PDT PLACE: Your computer or mobile device PRICE: $197* per dial-in site *Price is good through Aug. 16. After that it's $247. GROUPS ARE GOOD: Registering qualifies you to multiple attendees at your location. CLE: 1 credit Please send CLE questions to CLE@LitigationConferences.com SPEAKER: John Frank Weaver Attorney McLane Middleton Your registration includes: • A site license to attend this webinar (invite as many people in one location as you can fit around your computer at no extra charge). • Downloadable PowerPoint presentations from our speakers. • The opportunity to connect directly with speakers during the audience Q&A session. • At least one-hour of CLE credit. Produced in collaboration with and their new Journal of Robotics, Artificial Intelligence & Law Nearly every industry is adopting or preparing to adopt artificial intelligence applications into their business practices. That's exciting. However, there are almost no government regulations for their use and few resources providing best practices that anticipate ethical considerations and forthcoming legal requirements. This lack of direction poses a serious problem as A.I. applications become more widespread. Businesses are creating their own ad hoc practices without considering the eventual government oversight and ethical consensus, which will result in costs and potential liability later when [...]

BitSight Releases eBook on Use of A.I. & Big Data in Continuous Cyber Risk Monitoring

July 18th, 2018|Categories: HB Risk Notes|Tags: bermuda cyber conference, bitsight, cyber insurance, Cyber Risk, cyber risk management, data breach, data security, icrmc|

"With every reported data breach or cyberattack, the cyber risk landscape gets a little more complex. Cyber criminals create new attack vectors, cybersecurity professionals develop new controls to protect their systems, the criminals get to work circumventing the controls, and so on.The result of this back and forth is that cyber risk professionals have a huge variety of risk factors to worry about. In response, risk managers and security specialists need to develop extremely complex cybersecurity programs to make sure all of their bases are covered. "With so many cybersecurity risks to consider, it’s inevitable that some will receive less attention than they deserve. Unfortunately, these overlooked risk factors could play a role in your next cyberattack, and if your financial services firm isn’t prepared, that could be extremely costly." Read more. We're looking forward to seeing the BitSight team in Bermuda Dec. 6-7, 2018, at the International Cyber Risk Management Conference.

Insurance Industry's Role in Mitigating Natural Disasters

March 17th, 2018|Categories: HB Risk Notes|Tags: critical infrastructure, Crowell & Moring, cyber attack, data breach, data security, laura foggan, power grid, Russia cyber|

The insurance industry can play a role in helping prepare for future severe weather because the companies have a tremendous amount of data and knowledge about loss avoidance and prevention, Foggan says. “One of the things insurers can do is partner with government regulators both at the state and federal level to identify and articulate loss-prevention strategies that will benefit society as well as insurers,” she says. Loss prevention or mitigation of physical damage to key infrastructure—such as electrical grids—saves costs of repair, as well as the important downstream costs to private industry and society that result from loss of infrastructure function. Laura Foggan is a partner in the DC office of Crowell & Moring. Read more insights from Laura and her colleagues by clicking the read more button. This outstanding insurance and reinsurance attorney also is co-chair of HB's Cyber Sector Risk: Blockchain Security on April 25, 2018, in New York. Immediately following that seminar will be HB's Cyber Sector Risk: Critical Infrastructure. And, June 19-20, 2018, we are producing another relevant program in San Juan, titled HB's Cyber Sector Risk: Critical Infrastructure Blackout. See our conference listings for more details.

The Insurance Lifecycle of a Ransomware Attack | April 10 | 2pm

March 9th, 2018|Categories: HB Risk Notes|Tags: critical infrastructure, cybersecurity, data breach, data security, ransomware, ransomware insurance|

Speakers Kimberly Horn Claims Manager Beazley Dominic Paluzzi Partner and Co-Chair of Data Privacy and Cybersecurity McDonald Hopkins LLC Edward (“Ted”) Brown Associate Wiley Rein LLP Info Date: April 10, 2018 Time: 2 – 3:15 P.M. ET Fee: The webinar is complimentary from HB. But upgrade for $95 to get CLE, the PowerPoint and the recording. The webinar is also available to subscribers of the West LegalEdcenter®, but you must register there. CLE: 1 credit* * CLE Questions? Ransomware Damages Estimated to Reach $11.5 Billion Annually by 2019 That's up from $5 billion in 2017 and $325 million in 2015. Organizations of all sizes – from local nonprofits to large, multinational corporations – are finding that ransomware events can range from a costly nuisance to an existential crisis. But despite the prevalence and severity of ransomware attacks, many lawyers, risk managers, and other professionals do not understand the full lifecycle of a ransomware attack and how different coverages respond to the various impacts. This webinar will discuss the lifecycle from a ransomware attack. In addition to touching on key trends and developments, it will provide an overview of the ransomware response process on a step-by-step basis, including facilitation and brokering of cryptocurrency for payment of ransom demands. The webinar will also tie the various response-related activities (including [...]

Critical Infrastructure & Cybersecurity | March 13 | 2pm

March 8th, 2018|Categories: HB Risk Notes|Tags: critical infrastructure, cybersecurity, data breach, data security|

Speakers Megan Brown Partner Wiley Rein LLP formerly with the U.S. Justice Department Matthew Gardner Partner Wiley Rein LLP former federal prosecutor Gus P. Coldebella Partner Fish & Richardson former acting General Counsel, U.S. Department of Homeland Security Info Date: March 13, 2018 Time: 2 – 3:35 P.M. ET Duration: 95 minutes Fee: Complimentary with registration LexisNexis CLE Questions: Is Our Critical Infrastructure Cyber Resistant? Scientific American recently published an article which concluded that while our power grid and most of our infrastructure is pretty well built, it was not constructed with cybersecurity in mind. And our adversaries are pouring it on, the article says, learning about our industrial computer networks and, more urgently, how our industrial engineering systems can be disrupted or torched. “That’s where you start reaching some particularly alarming scenarios,” Scientific American says. Writing for Law360®, Wiley Rein LLP partner and former U.S. Justice Department attorney Megan Brown, along with her colleagues Matthew Gardner and Michael Diakiwski, agreed that our adversaries continue to be aggressive. They cited the WannaCry malware attack from North Korea, an event that whipped up a “flurry of federal cybersecurity activity” in December. And we can expect a busy 2018, the Wiley Rein attorneys wrote, with review of national security strategy and executive orders, policymakers considering how to secure the internet [...]

Is Cyber War the Same as Actual War?

January 31st, 2018|Categories: HB Risk Notes|Tags: critical infrastructure, cyber attack, cyber war, cybersecurity, data security|

If your company suffers a cyber attack attack by a foreign power, is that an act of war? Is it your responsibility or right to retaliate, or is it up to the government? When it comes to missile attacks, it's not up to a corporation to fire back. That's the military's job. But when it comes to cyber defense, the responsibility falls to the corporation. Should it be a shared responsibility? Can we better defend ourselves with an improved cyber defense architecture that is developed by a public-private partnership? General (Ret.) Keith B. Alexander (U.S. Army), Jamil N. Jaffer and Jennifer S. Brunet of IronNet Cybersecurity recently wrote an article on the subject, offering insights based on their deep experience in the intelligence, defense and government sector. Gen. Alexander, among many other posts, was Director of the U.S National Security Agency when he was tapped to head the U.S. Cyber Command. Jaffer was counsel on cybersecurity to the White House, the U.S. Senate and the U.S. Department of Justice. Brunet is former Protocol Officer with the NSA. They say the situation is an urgent one that must be addressed ASAP. "When it comes to understanding what might constitute acts of war in cyberspace," they write, "it is easy to imagine categories of cyberattacks with consequences that we would likely be prepared to [...]