MANAGING CYBERSECURITY INVESTIGATIONS - Tara Swaminatha, Of Counsel, Washington, DC Sam Millar, Partner, London May 12, 2016 - DLA Piper
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
MANAGING CYBERSECURITY
INVESTIGATIONS
Tara Swaminatha, Of Counsel, Washington, DC
Sam Millar, Partner, London
May 12, 2016
If you cannot hear us speaking, please make sure you have called into the teleconference
number on your invite information.
• US participants: 1 800 893 0176
• Outside the US: 212 231 2928
• The audio portion is available via conference call. It is not broadcast through your computer.
*This webinar is offered for informational purposes only, and the content should not be construed as legal advice on
any matter.
www.dlapiper.com May 12, 2016 0
Speakers
Tara Swaminatha Sam Millar
Of Counsel, Washington, DC Partner, London
www.dlapiper.com May 12, 2016 1
If you have a breach, call counsel yesterday
Contact inside and outside counsel early (ideally before a breach)
In the wake of a suspected or actual breach, using counsel (properly)
allows you to keep things under wraps until you have a chance to get
facts straight
– As you triage internally, keep your internal discussions and
documents confidential
– Better to take a minute and sort out game plan before saying
anything
*Privilege is not automatic simply by using counsel
Fact-specific inquiry
Requires adherence to protocol
www.dlapiper.com May 12, 2016 2Incident response (IR) policy – important elements Purpose Roles and responsibilities Escalation procedures Types of incidents Incident-specific response procedures Communications plan Contact information (consider alternative methods of communication) www.dlapiper.com May 12, 2016 3
Other important elements of strong IR plan (improves efficacy of investigations) Response plan “cheat sheets” organized by role Proper training for team members Vendors engaged through counsel Privileged protocol established Pre-existing relationships with law enforcement Tabletop/security drill Continually revise and adapt plans and protocol www.dlapiper.com May 12, 2016 4
Phase 1 Phase 2 Phase 3 Phase 4
Role ``
Role
Role `
Role
Role
Role
www.dlapiper.com May 12, 2016 5Security incident triage guidelines www.dlapiper.com May 12, 2016 6
Roles & Responsibilities Matrix www.dlapiper.com May 12, 2016 7
Chain of custody www.dlapiper.com May 12, 2016 8
Data breach incident response quick start guide
Assemble an incident response team Conduct interviews of personnel
(IRT) involved
Contact inside and outside counsel Reissue or force security access
to establish a “privileged” reporting changes
and communication channel Do not probe computers and
Coordinate with legal counsel to affected systems
bring in cybersecurity experts and Do not turn off computers and
forensic examiners affected systems
Stop additional data loss Do not image or copy data, or
Secure evidence connect storage devices/media, to
affected systems
Preserve computer logs
Do not run antivirus programs or
Document the breach
utilities
Define legal obligations
Do not reconnect affected systems
Contact law enforcement (possibly)
www.dlapiper.com May 12, 2016 9Importance of attorney-client privilege and confidentiality (in USA) Confidential discussions or documents (“privileged communications”) Write and distribute documents within organization with reduced likelihood of disclosure Forensic exam analysis kept confidential Tradeoffs in a risk analysis Purpose of attorney-client privilege www.dlapiper.com May 12, 2016 10
Discuss confidentiality procedures
External team engaged through counsel
– PR/communications experts
– Forensic cybersecurity experts
Internal team
– IT
– Legal
– HR
– PR/communications
– Customer relations
– Risk management
– Operations (physical breaches)
– Finance (company financial information lost)
www.dlapiper.com May 12, 2016 11Choosing a forensic partner/vendor Recent launch of two UK government schemes to help companies choose a cybersecurity incident response supplier – CESG/CPNI CIR and CREST CSIR. Recognized set of professional qualifications and best practice standards Technical expertise to carry out sophisticated security incident investigations quickly and effectively Expert forensic ability Consider which elements of the investigation will be outsourced and which will be dealt with in-house Consider location of investigation e.g., does the business require a forensic vendor with international reach and ability to deploy teams globally? www.dlapiper.com May 12, 2016 12
Critical protections/lessons learned Strong security culture – whistleblowing Businesses should have a robust set of policies and procedures to manage cyber security risks. Having such policies is not enough – companies need to ensure that they are implemented correctly by monitoring compliance Regular training on cybersecurity issues linked to these policies is also important Screening: pre-employment and at regular intervals for employees and contractors to help manage "insider threat" Physical/digital security – strong link Portable devices – ban? encryption? www.dlapiper.com May 12, 2016 13
Critical protections/lessons learned (continued) Clear accountability for cybersecurity risk within the business Contract management to incorporate security controls User privileges Anti-virus software/malware detection Audit: security audits to include insider threat audit Incident management planning www.dlapiper.com May 12, 2016 14
Cybersecurity trends in the EU The FCA has identified cybercrime as a priority in its 2016-2017 Business Plan EY's Global Information Security Survey 2015 indicates that the threats people are most concerned about are phishing and malware The Panama Papers leak highlights the risk of cybersecurity/data breaches for law firms Increased coordination and information sharing between the police and the NCA in responding to and managing cybersecurity threats CPNI, GCHQ, BIS and the Cabinet Office have published an updated '10 Steps to Cyber Security' – practical steps businesses can take to improve the security of their networks and the information carried on them Increased reporting www.dlapiper.com May 12, 2016 15
EU General Data Protection Regulation
Key provisions include:
– Harmonization: single set of rules, directly applicable in all EU member
states
– Enforcement: power for regulators to levy heavy financial sanctions of up
to 4% of the annual worldwide turnover of the organization. This significantly
increases the risk associated with privacy non-compliance
– Offshore processing: application of EU regulatory framework to
companies established outside the EU if they target EU citizens
– Governance: increased responsibility and accountability on organizations
to manage how they control and process personal data
– One-stop-shop: ability to nominate a single national data protection
authority as the lead regulator for all compliance issues in the EU, where
the organization has multiple points of presence across the EU
www.dlapiper.com May 12, 2016 16EU General Data Protection Regulation (continued)
– Consent: adoption of a more active consent based model to support lawful
processing of personal data
– Right to be forgotten: a statutory “right to be forgotten” which will allow
individuals the right to require a controller to delete data files relating to
them if there are not legitimate grounds for retaining it
www.dlapiper.com May 12, 2016 17Questions?
Contact us to learn more
Tara Swaminatha Sam Millar
Of Counsel, Washington, DC Partner, London
tara.swaminatha@dlapiper.com sam.millar@dlapiper.com
+1 202 799 4323 +44 (0)20 7153 7714
www.dlapiper.com May 12, 2016 18www.dlapiper.com May 12, 2016 19
You can also read
