SlideShare uma empresa Scribd logo

Think You’re Covered? Think Again: Cybersecurity, Data Privacy, and Cyber Insurance

Withum
Withum

Whether you are considering cyber insurance, shopping for a policy, and/or have been recently impacted by a cyberattack there are various considerations prior to and post attack.

Tecnologia
1 de 51
Baixar para ler offline
12020 WithumSmith+Brown, PC Think You’re Covered? Think Again: Cybersecurity, Data Privacy and Insurance CapitalOne | Withum | McElroy, Deutsch, Mulvaney & Carpenter, LLP
BE IN A POSITION OF STRENGTH Housekeeping • This is a CPE session – 1 CPE Credit in Information Technology • Webinar is being recorded • 45 minutes session • 15 minutes Q&A • Send in your questions! • Slides and recording will be emailed after the webinar
32020 WithumSmith+Brown, PC The contents contained within this slide deck may contain basic and preliminary observations. We also refer to some generally accepted principles for forensic investigations. All observations are subject to further investigation and explanation of facts and are therefore subject to change. Additional evidence and forensic analysis may be required to support any findings or observations. This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved. Disclaimer
POLL 1
What We Do… This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
Withum Cyber Team This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
Cyber Attacks Increase Across All Areas • Finance • Healthcare • Manufacturing • Real Estate • Non-Profits • Automotive • Transportation • E-Commerce • Datacenters • Cloud Computing…and much more This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
What is the ‘New Normal’ This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
COVID-19 Related Cyber Attack Statistics Since COVID-19 pandemic began: • Phishing Websites: Increased 350% • Banks: 238% increase in cyberattacks • Ransomware attacks: Increased 148% • Average Ransomware Demand: Increased by 33% This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
COVID-19: Remote Work Force • Phishing attacks: Increased 667% • Remote Workforce Metrics • Attack Surface Increase First Line of Defense…God Help Us. This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
Cyber Security Stats and Facts • Cybercrime economy in profits: • Cybercrime Damages: • Ransomware Attacks: • Top Country Targeted: • Est. Records Exposed 2018 - 2023: • Est. Cost Per Record Exposed: • Average Cost of Data Breach: • Dark Web Cybercrime Toolkit Cost: Source: IBM/Ponemon $1.5 Trillion $6 Trillion by 2021 14 Sec. | 11 Sec. 2021 USA 146 Billion $242 per record $8 Million This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
COVID-19 Related Cyber Attack Statistics (Cont.) Cyber attacks: Increased 600%!! This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
Results of Recent Cyber Attacks This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
Modern Warfare This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
ü CONFIDENTIALITY ü INTEGRITY ü AVAILABILITY What is Cyber Security in Today’s New Normal… This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
Confidentiality Zoom: 500k Stolen Passwords Twitter Hack: Phone Spear Phishing Marriott Data Breach: 500M Guests MGM Data Dump: 142M Guests FireEye: Recent Data Breach This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
What is Cyber Security in Today’s New Normal… Data Integrity
What is Cyber Security in Today’s New Normal… Availability This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
Incident Response Plan Call Govt. – they’ll solve it. This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
Cyber Insurance This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
The Next Cold War is Here, and it’s all about Data This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
Modern Business Threats (Internal Threats) Cyber Criminals Organized Crime Cyber Terrorism Hacktivism Regulatory | Legal Sanctions Nation State Actors targeting SMBs – Enterprise Environments Modern Business Competitors This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
Understanding Data Privacy Considerations and Reducing Compliance Failures Cyber Insurance
POLL 2
BE IN A POSITION OF STRENGTH Understanding Data Privacy Considerations and Reducing Compliance Failures Ø Why do privacy compliance failures occur? q No adequate understanding of data flows § Know what data you have and who you share it with q No understanding of regulatory landscape § Understand thresholds that can trigger liability under certain privacy laws such as CCPA, Biometric Information Privacy Act or COPPA q Institutional Idiosyncrasies § Smaller entities are particularly vulnerable
BE IN A POSITION OF STRENGTH Data Privacy Considerations Reducing Compliance Failures Ø Multitude of Federal and State Laws q Competing compliance requirements may overtax resources of respondents § Regulated entities may focus exclusively on first tier HIPAA, GLBA and ignore secondary regulations (e.g., COPPA, CAN SPAM, Model Insurance Data Security Act, New York DFS Cybersecurity Regulation). § Regional or National Laws (CCPA/CPRA, GDPR)
Scalable Universal Compliance Infrastructure Getting the Basics Right Triangulation Approach to Multi-Jurisdictional Compliance Requirements qAvoid institutional conflicts of interest (IT, Marketing) qMulti layered privacy organization with appropriate KPIs Organizational Foundation. Privacy Belongs on the C-level
Scalable Universal Compliance Infrastructure Invest in top-notch Privacy Notice qYour calling card in terms of privacy compliance qOne step towards § 5 FTC Act Compliance qUse basic fair processing principals, such as Transparency, choice, limited data collection for specific purposes qPrivacy notice can double as a basic check list for a variety of regulatory schemes Getting the Basics Right Triangulation Approach to Multi-Jurisdictional Compliance Requirements
Scalable Universal Compliance Infrastructure Ø Invest in a professional risk assessment of your security risk Ø Adopt reasonable security measures. FTC considers failure to do so potentially as “unfair business practice” Ø Invest in high-end employee training Getting the Basics Right Triangulation Approach to Multi-Jurisdictional Compliance Requirements
Regulatory Risk Management ØCompliance as Incremental Process qAllocate limited compliance resources based on enforcement risk § Who is my primary regulator? § Enforcement Priorities § Is there a leniency program? What are the criteria to qualify? Are there cure periods? § All politics is local – and so is compliance § Use attorneys or consultants with background knowledge of the regulatory agencies in each state
BE IN A POSITION OF STRENGTH Civil Litigation Ø Recent trend towards courts holding that businesses have a common law duty to use reasonable security measures to protect personal information Ø Moreover, businesses may face litigation under theories such as breach of contract, breach of fiduciary duty, and consumer fraud in the event of a cybersecurity incident Ø For public entities, cybersecurity incidents can lead to class action shareholder derivative lawsuits against directors and officers
POLL 3
Cyber Insurance Ø Typically covers business interruption, remediation, and civil liability. Ø Doesn’t cover reputational harm and loss of consumer confidence. Ø Cyber insurance may be causing a spike in ransomware since cyber criminals may believe that victims covered by cyber insurance that potentially covers ransomware payments will quickly pay demanded ransoms.
BE IN A POSITION OF STRENGTH Acts of War Exception Ø Some insurers have taken the position that cyberattacks perpetrated by foreign governments are not covered pursuant to insurance policies’ exceptions for “Acts of War.” Ø There are pending lawsuits challenging insurers’ denial of coverage for the NotPetya ransomware attack on the basis that it was an “Act of War” perpetrated by Russia.
BE IN A POSITION OF STRENGTH Cyber Insurance and Ransomware A recent Indiana Court of Appeals case held that a cyber insurance policy that covered “property loss” did not cover a ransom paid to a hacker in order to unlock the insured’s computer system after a ransomware attack.
What’s Really Going On…What You Need to Do
POLL 4
Local & Hybrid Networks This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
Cloud is the Solution! This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
Sample Suspicious Sessions Origin: Iran | Industry: Automotive This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
Sample Suspicious Sessions: Firewall Traffic Patterns Origin: Russia | Industry: Automotive This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
Sample Incidents Target: Major Tri-State Hospital | Timeframe: Onset of COVID-19 Origin: Iran This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
Dormant Accounts / NO PW Change Since 2010 This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
Switches Not Patched Firmware was released in 2017. Switch Has not been updated in ~3 years. This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
Inner and Outer Perimeter Findings • Exfiltration of 5 terabytes+ of confidential SAMPLE data. • Data to Paper Equivalency 5TB = 375,000,000 Pages • Multi-Billion Dollar Business Identified without a Single firewall • Medium Sized operating their entire network on Guest Wi-Fi • No Network Segmentation / Flat Environment • Passwords Digitally Stored in Clear • No 2FA • Computers without ANY Anti-Virus • Saved Credentials • No Active Monitoring, DLP, Syslogging, Limited to No Firewall Rules • Highly Susceptible to Phishing Attacks, Rooting, Priv. Escalations, Long Term command and controls of environment. • Ability to jump into DMS and attack other networks. This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
• Sharing Computers w/Family Members • Passwords left in open; taped to monitors • Personal Identifiable Information (“PII”) and financial records left exposed • No Incident Response Experience • Server rooms left accessible to the public. • No security controls to restrict browsing/downloading malware- no web filtering Security Assessments Summary Findings This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
• No Anti-virus (“AV”) on some systems • No data controls to secure data; Able to easily extract data from environment • Patching not current on some systems • No Business Continuity plan, Incident Response Plan or network or data diagrams for IT infrastructure • Systems and Data Well Beyond Lifecycles Security Assessments Summary Findings This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
How to Protect Your Business “Know your enemy and know yourself - Sun Tzu”
Protect Your Business Before the Downpour § Threat Emulation aka Red Teaming § vCISO / vCCO Analysis of Sec. Control Framework § Business Continuity & Incident Preparedness § Data Privacy Review & Analysis § Cyber Insurance Review & Analysis § Seek Additional Advice on Available Services from CapitalOne This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
51 SM Want to Get in Touch? Withum’s Cyber Team Wcyber.info@Withum.com CapitalOne Edward Dewalters edward.dewalters@capitalone.com McElroy Deutsch: Diane Reynolds DReynolds@mdmc-law.com

Recomendados

Webinar: Understanding the Cyber Threat Landscape for Nonprofits
Webinar: Understanding the Cyber Threat Landscape for NonprofitsWebinar: Understanding the Cyber Threat Landscape for Nonprofits
Webinar: Understanding the Cyber Threat Landscape for Nonprofits
Withum
 
Webinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the TrenchesWebinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the Trenches
Withum
 
Hacking3e ppt ch01
Hacking3e ppt ch01Hacking3e ppt ch01
Hacking3e ppt ch01
Skillspire LLC
 
Cybersecurity Brief: Understanding Risk, Legal Framework, & Insurance
Cybersecurity Brief: Understanding Risk, Legal Framework, & InsuranceCybersecurity Brief: Understanding Risk, Legal Framework, & Insurance
Cybersecurity Brief: Understanding Risk, Legal Framework, & Insurance
SecureDocs
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Paige Rasid
 
Funsec3e ppt ch03
Funsec3e ppt ch03Funsec3e ppt ch03
Funsec3e ppt ch03
Skillspire LLC
 
Hacking3e ppt ch13
Hacking3e ppt ch13Hacking3e ppt ch13
Hacking3e ppt ch13
Skillspire LLC
 
How to handle data breach incidents under GDPR
How to handle data breach incidents under GDPRHow to handle data breach incidents under GDPR
How to handle data breach incidents under GDPR
Charlie Pownall
 

Recomendados

Webinar: Understanding the Cyber Threat Landscape for Nonprofits
Webinar: Understanding the Cyber Threat Landscape for NonprofitsWebinar: Understanding the Cyber Threat Landscape for Nonprofits
Webinar: Understanding the Cyber Threat Landscape for Nonprofits
Withum
 
Webinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the TrenchesWebinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the Trenches
Withum
 
Hacking3e ppt ch01
Hacking3e ppt ch01Hacking3e ppt ch01
Hacking3e ppt ch01
Skillspire LLC
 
Cybersecurity Brief: Understanding Risk, Legal Framework, & Insurance
Cybersecurity Brief: Understanding Risk, Legal Framework, & InsuranceCybersecurity Brief: Understanding Risk, Legal Framework, & Insurance
Cybersecurity Brief: Understanding Risk, Legal Framework, & Insurance
SecureDocs
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Paige Rasid
 
Funsec3e ppt ch03
Funsec3e ppt ch03Funsec3e ppt ch03
Funsec3e ppt ch03
Skillspire LLC
 
Hacking3e ppt ch13
Hacking3e ppt ch13Hacking3e ppt ch13
Hacking3e ppt ch13
Skillspire LLC
 
How to handle data breach incidents under GDPR
How to handle data breach incidents under GDPRHow to handle data breach incidents under GDPR
How to handle data breach incidents under GDPR
Charlie Pownall
 
Cyber Liability Risk
Cyber Liability RiskCyber Liability Risk
Cyber Liability Risk
Christopher Rieser
 
Hacking3e ppt ch04
Hacking3e ppt ch04Hacking3e ppt ch04
Hacking3e ppt ch04
Skillspire LLC
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Shawn Tuma
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentation
Ethan S. Burger
 
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's EnterpriseJustin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
centralohioissa
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Financial Poise
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber Insurance
HB Litigation Conferences
 
Funsec3e ppt ch05
Funsec3e ppt ch05Funsec3e ppt ch05
Funsec3e ppt ch05
Skillspire LLC
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Shawn Tuma
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
Meg Weber
 
Hacking3e ppt ch10
Hacking3e ppt ch10Hacking3e ppt ch10
Hacking3e ppt ch10
Skillspire LLC
 
Legal Issues for Innovators & Inventors (Series: Intellectual Property 201)
Legal Issues for Innovators & Inventors (Series: Intellectual Property 201)Legal Issues for Innovators & Inventors (Series: Intellectual Property 201)
Legal Issues for Innovators & Inventors (Series: Intellectual Property 201)
Financial Poise
 
Digital Information Law & Your Business - The Alternative Board
Digital Information Law & Your Business - The Alternative BoardDigital Information Law & Your Business - The Alternative Board
Digital Information Law & Your Business - The Alternative Board
Shawn Tuma
 
Managing and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policiesManaging and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policies
IISPEastMids
 
A Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for BusinessesA Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for Businesses
Advanced Imaging Solutions & Pinnacle
 
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert
 
Hacking3e ppt ch15
Hacking3e ppt ch15Hacking3e ppt ch15
Hacking3e ppt ch15
Skillspire LLC
 
Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19
Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19
Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19
Citrin Cooperman
 
Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber Risks
This account is closed
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team Sport
Quarles & Brady
 
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
Withum
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec
 

Mais conteúdo relacionado

Mais procurados

Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Shawn Tuma
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Financial Poise
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
Meg Weber
 

Mais procurados (20)

Cyber Liability Risk
Cyber Liability RiskCyber Liability Risk
Cyber Liability Risk
 
Hacking3e ppt ch04
Hacking3e ppt ch04Hacking3e ppt ch04
Hacking3e ppt ch04
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentation
 
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's EnterpriseJustin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber Insurance
 
Funsec3e ppt ch05
Funsec3e ppt ch05Funsec3e ppt ch05
Funsec3e ppt ch05
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data Encryption
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 
Hacking3e ppt ch10
Hacking3e ppt ch10Hacking3e ppt ch10
Hacking3e ppt ch10
 
Legal Issues for Innovators & Inventors (Series: Intellectual Property 201)
Legal Issues for Innovators & Inventors (Series: Intellectual Property 201)Legal Issues for Innovators & Inventors (Series: Intellectual Property 201)
Legal Issues for Innovators & Inventors (Series: Intellectual Property 201)
 
Digital Information Law & Your Business - The Alternative Board
Digital Information Law & Your Business - The Alternative BoardDigital Information Law & Your Business - The Alternative Board
Digital Information Law & Your Business - The Alternative Board
 
Managing and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policiesManaging and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policies
 
A Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for BusinessesA Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for Businesses
 
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
 
Hacking3e ppt ch15
Hacking3e ppt ch15Hacking3e ppt ch15
Hacking3e ppt ch15
 
Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19
Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19
Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19
 
Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber Risks
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team Sport
 

Semelhante a Think You’re Covered? Think Again: Cybersecurity, Data Privacy, and Cyber Insurance

Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
Withum
 
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Financial Poise
 
Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breach
Ulf Mattsson
 
Cyber security lifting the veil of hacking webinar
Cyber security lifting the veil of hacking webinarCyber security lifting the veil of hacking webinar
Cyber security lifting the veil of hacking webinar
Association for Project Management
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
IBM Security
 

Semelhante a Think You’re Covered? Think Again: Cybersecurity, Data Privacy, and Cyber Insurance (20)

Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
Think You’re Covered? Think Again. Cybersecurity, Data Privacy, Payments Frau...
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
 
CRI Extract from "Cyber Lessons from the Front lines"
CRI Extract from "Cyber Lessons from the Front lines"CRI Extract from "Cyber Lessons from the Front lines"
CRI Extract from "Cyber Lessons from the Front lines"
 
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
 
Cyber
Cyber Cyber
Cyber
 
CRI Retail Cyber Threats
CRI Retail Cyber ThreatsCRI Retail Cyber Threats
CRI Retail Cyber Threats
 
nerfslides.pptx
nerfslides.pptxnerfslides.pptx
nerfslides.pptx
 
Cyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryCyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation Industry
 
Webinar: Introduction to GDPR - What It Is and How It Will Affect Your Business
Webinar: Introduction to GDPR - What It Is and How It Will Affect Your BusinessWebinar: Introduction to GDPR - What It Is and How It Will Affect Your Business
Webinar: Introduction to GDPR - What It Is and How It Will Affect Your Business
 
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
 
Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breach
 
Cyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to KnowCyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to Know
 
Cyber security lifting the veil of hacking webinar
Cyber security lifting the veil of hacking webinarCyber security lifting the veil of hacking webinar
Cyber security lifting the veil of hacking webinar
 
Candidate Data Compliance - Are you prepared for the risks?
Candidate Data Compliance - Are you prepared for the risks?Candidate Data Compliance - Are you prepared for the risks?
Candidate Data Compliance - Are you prepared for the risks?
 
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
 
Cyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counselCyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counsel
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
 
Law Firm Security: How to Protect Your Client Data and Stay Compliant
Law Firm Security: How to Protect Your Client Data and Stay CompliantLaw Firm Security: How to Protect Your Client Data and Stay Compliant
Law Firm Security: How to Protect Your Client Data and Stay Compliant
 
2018-11-15 IT Assessment
2018-11-15 IT Assessment2018-11-15 IT Assessment
2018-11-15 IT Assessment
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?
 

Mais de Withum

Congressional Update on Potential Tax Legislation For You and Your Business.pptx
Congressional Update on Potential Tax Legislation For You and Your Business.pptxCongressional Update on Potential Tax Legislation For You and Your Business.pptx
Congressional Update on Potential Tax Legislation For You and Your Business.pptx
Withum
 
Safeguarding Your Law Firm Against Cyber Threats
Safeguarding Your Law Firm Against Cyber ThreatsSafeguarding Your Law Firm Against Cyber Threats
Safeguarding Your Law Firm Against Cyber Threats
Withum
 
Put Your NetSuite Data to Work – Discover Better NetSuite Reporting
Put Your NetSuite Data to Work – Discover Better NetSuite ReportingPut Your NetSuite Data to Work – Discover Better NetSuite Reporting
Put Your NetSuite Data to Work – Discover Better NetSuite Reporting
Withum
 
Is There A Union In Your Future? Understanding Cannabis Labor Peace Agreements
Is There A Union In Your Future? Understanding Cannabis Labor Peace AgreementsIs There A Union In Your Future? Understanding Cannabis Labor Peace Agreements
Is There A Union In Your Future? Understanding Cannabis Labor Peace Agreements
Withum
 
Withum Global Summit 2022 6.8.22.pdf
Withum Global Summit 2022 6.8.22.pdfWithum Global Summit 2022 6.8.22.pdf
Withum Global Summit 2022 6.8.22.pdf
Withum
 

Mais de Withum (20)

Sage Intacct R3 Release 2023
Sage Intacct R3 Release 2023Sage Intacct R3 Release 2023
Sage Intacct R3 Release 2023
 
Congressional Update on Potential Tax Legislation For You and Your Business.pptx
Congressional Update on Potential Tax Legislation For You and Your Business.pptxCongressional Update on Potential Tax Legislation For You and Your Business.pptx
Congressional Update on Potential Tax Legislation For You and Your Business.pptx
 
Power Platform Governance Center of Excellence
Power Platform Governance Center of ExcellencePower Platform Governance Center of Excellence
Power Platform Governance Center of Excellence
 
Safeguarding Your Law Firm Against Cyber Threats
Safeguarding Your Law Firm Against Cyber ThreatsSafeguarding Your Law Firm Against Cyber Threats
Safeguarding Your Law Firm Against Cyber Threats
 
IRS Audits of The ERC 5.31.2023
IRS Audits of The ERC 5.31.2023IRS Audits of The ERC 5.31.2023
IRS Audits of The ERC 5.31.2023
 
Navigating Through Uncertain Times: An Economic Update for Manufacturers with...
Navigating Through Uncertain Times: An Economic Update for Manufacturers with...Navigating Through Uncertain Times: An Economic Update for Manufacturers with...
Navigating Through Uncertain Times: An Economic Update for Manufacturers with...
 
Put Your NetSuite Data to Work – Discover Better NetSuite Reporting
Put Your NetSuite Data to Work – Discover Better NetSuite ReportingPut Your NetSuite Data to Work – Discover Better NetSuite Reporting
Put Your NetSuite Data to Work – Discover Better NetSuite Reporting
 
IRS Audits of The Employee Retention Credit 2.16.23.pdf
IRS Audits of The Employee Retention Credit 2.16.23.pdfIRS Audits of The Employee Retention Credit 2.16.23.pdf
IRS Audits of The Employee Retention Credit 2.16.23.pdf
 
International Tax and TP in the Metaverse 2.9.23.pptx
International Tax and TP in the Metaverse 2.9.23.pptxInternational Tax and TP in the Metaverse 2.9.23.pptx
International Tax and TP in the Metaverse 2.9.23.pptx
 
CMMC for Contractors and Manufacturers – What to Know for 2023
CMMC for Contractors and Manufacturers – What to Know for 2023CMMC for Contractors and Manufacturers – What to Know for 2023
CMMC for Contractors and Manufacturers – What to Know for 2023
 
Sales Use Tax Opportunities and Traps Affecting Your Business
Sales Use Tax Opportunities and Traps Affecting Your BusinessSales Use Tax Opportunities and Traps Affecting Your Business
Sales Use Tax Opportunities and Traps Affecting Your Business
 
Tax Planning for Property Owners – 2022 Year-End and Beyond
Tax Planning for Property Owners – 2022 Year-End and BeyondTax Planning for Property Owners – 2022 Year-End and Beyond
Tax Planning for Property Owners – 2022 Year-End and Beyond
 
Webinar: Year-End Planning Steps for Success in 2022 11.29.2022.pdf
Webinar: Year-End Planning Steps for Success in 2022 11.29.2022.pdfWebinar: Year-End Planning Steps for Success in 2022 11.29.2022.pdf
Webinar: Year-End Planning Steps for Success in 2022 11.29.2022.pdf
 
Lessons from the First 100 Days of Recreational Cannabis in New Jersey
Lessons from the First 100 Days of Recreational Cannabis in New JerseyLessons from the First 100 Days of Recreational Cannabis in New Jersey
Lessons from the First 100 Days of Recreational Cannabis in New Jersey
 
6 Ways to Accelerate Your Multichannel Growth
6 Ways to Accelerate Your Multichannel Growth6 Ways to Accelerate Your Multichannel Growth
6 Ways to Accelerate Your Multichannel Growth
 
Is There A Union In Your Future? Understanding Cannabis Labor Peace Agreements
Is There A Union In Your Future? Understanding Cannabis Labor Peace AgreementsIs There A Union In Your Future? Understanding Cannabis Labor Peace Agreements
Is There A Union In Your Future? Understanding Cannabis Labor Peace Agreements
 
The Business of Sustainable Supply Chains for Manufacturers
The Business of Sustainable Supply Chains for ManufacturersThe Business of Sustainable Supply Chains for Manufacturers
The Business of Sustainable Supply Chains for Manufacturers
 
Using Cutting Edge Engagement Tools to Improve Talent Retention
Using Cutting Edge Engagement Tools to Improve Talent RetentionUsing Cutting Edge Engagement Tools to Improve Talent Retention
Using Cutting Edge Engagement Tools to Improve Talent Retention
 
PL 86-272 - The Past Present and Future
PL 86-272 - The Past Present and FuturePL 86-272 - The Past Present and Future
PL 86-272 - The Past Present and Future
 
Withum Global Summit 2022 6.8.22.pdf
Withum Global Summit 2022 6.8.22.pdfWithum Global Summit 2022 6.8.22.pdf
Withum Global Summit 2022 6.8.22.pdf
 

Último

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 

Último (20)

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 

Think You’re Covered? Think Again: Cybersecurity, Data Privacy, and Cyber Insurance

  • 1. 12020 WithumSmith+Brown, PC Think You’re Covered? Think Again: Cybersecurity, Data Privacy and Insurance CapitalOne | Withum | McElroy, Deutsch, Mulvaney & Carpenter, LLP
  • 2. BE IN A POSITION OF STRENGTH Housekeeping • This is a CPE session – 1 CPE Credit in Information Technology • Webinar is being recorded • 45 minutes session • 15 minutes Q&A • Send in your questions! • Slides and recording will be emailed after the webinar
  • 3. 32020 WithumSmith+Brown, PC The contents contained within this slide deck may contain basic and preliminary observations. We also refer to some generally accepted principles for forensic investigations. All observations are subject to further investigation and explanation of facts and are therefore subject to change. Additional evidence and forensic analysis may be required to support any findings or observations. This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved. Disclaimer
  • 5. What We Do… This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
  • 6. Withum Cyber Team This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
  • 7. Cyber Attacks Increase Across All Areas • Finance • Healthcare • Manufacturing • Real Estate • Non-Profits • Automotive • Transportation • E-Commerce • Datacenters • Cloud Computing…and much more This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
  • 8. What is the ‘New Normal’ This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
  • 9. COVID-19 Related Cyber Attack Statistics Since COVID-19 pandemic began: • Phishing Websites: Increased 350% • Banks: 238% increase in cyberattacks • Ransomware attacks: Increased 148% • Average Ransomware Demand: Increased by 33% This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
  • 10. COVID-19: Remote Work Force • Phishing attacks: Increased 667% • Remote Workforce Metrics • Attack Surface Increase First Line of Defense…God Help Us. This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
  • 11. Cyber Security Stats and Facts • Cybercrime economy in profits: • Cybercrime Damages: • Ransomware Attacks: • Top Country Targeted: • Est. Records Exposed 2018 - 2023: • Est. Cost Per Record Exposed: • Average Cost of Data Breach: • Dark Web Cybercrime Toolkit Cost: Source: IBM/Ponemon $1.5 Trillion $6 Trillion by 2021 14 Sec. | 11 Sec. 2021 USA 146 Billion $242 per record $8 Million This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
  • 12. COVID-19 Related Cyber Attack Statistics (Cont.) Cyber attacks: Increased 600%!! This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
  • 13. Results of Recent Cyber Attacks This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
  • 14. Modern Warfare This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
  • 15. ü CONFIDENTIALITY ü INTEGRITY ü AVAILABILITY What is Cyber Security in Today’s New Normal… This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
  • 16. Confidentiality Zoom: 500k Stolen Passwords Twitter Hack: Phone Spear Phishing Marriott Data Breach: 500M Guests MGM Data Dump: 142M Guests FireEye: Recent Data Breach This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
  • 17. What is Cyber Security in Today’s New Normal… Data Integrity
  • 18. What is Cyber Security in Today’s New Normal… Availability This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
  • 19. Incident Response Plan Call Govt. – they’ll solve it. This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
  • 20. Cyber Insurance This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
  • 21. The Next Cold War is Here, and it’s all about Data This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
  • 22. Modern Business Threats (Internal Threats) Cyber Criminals Organized Crime Cyber Terrorism Hacktivism Regulatory | Legal Sanctions Nation State Actors targeting SMBs – Enterprise Environments Modern Business Competitors This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
  • 23. Understanding Data Privacy Considerations and Reducing Compliance Failures Cyber Insurance
  • 25. BE IN A POSITION OF STRENGTH Understanding Data Privacy Considerations and Reducing Compliance Failures Ø Why do privacy compliance failures occur? q No adequate understanding of data flows § Know what data you have and who you share it with q No understanding of regulatory landscape § Understand thresholds that can trigger liability under certain privacy laws such as CCPA, Biometric Information Privacy Act or COPPA q Institutional Idiosyncrasies § Smaller entities are particularly vulnerable
  • 26. BE IN A POSITION OF STRENGTH Data Privacy Considerations Reducing Compliance Failures Ø Multitude of Federal and State Laws q Competing compliance requirements may overtax resources of respondents § Regulated entities may focus exclusively on first tier HIPAA, GLBA and ignore secondary regulations (e.g., COPPA, CAN SPAM, Model Insurance Data Security Act, New York DFS Cybersecurity Regulation). § Regional or National Laws (CCPA/CPRA, GDPR)
  • 27. Scalable Universal Compliance Infrastructure Getting the Basics Right Triangulation Approach to Multi-Jurisdictional Compliance Requirements qAvoid institutional conflicts of interest (IT, Marketing) qMulti layered privacy organization with appropriate KPIs Organizational Foundation. Privacy Belongs on the C-level
  • 28. Scalable Universal Compliance Infrastructure Invest in top-notch Privacy Notice qYour calling card in terms of privacy compliance qOne step towards § 5 FTC Act Compliance qUse basic fair processing principals, such as Transparency, choice, limited data collection for specific purposes qPrivacy notice can double as a basic check list for a variety of regulatory schemes Getting the Basics Right Triangulation Approach to Multi-Jurisdictional Compliance Requirements
  • 29. Scalable Universal Compliance Infrastructure Ø Invest in a professional risk assessment of your security risk Ø Adopt reasonable security measures. FTC considers failure to do so potentially as “unfair business practice” Ø Invest in high-end employee training Getting the Basics Right Triangulation Approach to Multi-Jurisdictional Compliance Requirements
  • 30. Regulatory Risk Management ØCompliance as Incremental Process qAllocate limited compliance resources based on enforcement risk § Who is my primary regulator? § Enforcement Priorities § Is there a leniency program? What are the criteria to qualify? Are there cure periods? § All politics is local – and so is compliance § Use attorneys or consultants with background knowledge of the regulatory agencies in each state
  • 31. BE IN A POSITION OF STRENGTH Civil Litigation Ø Recent trend towards courts holding that businesses have a common law duty to use reasonable security measures to protect personal information Ø Moreover, businesses may face litigation under theories such as breach of contract, breach of fiduciary duty, and consumer fraud in the event of a cybersecurity incident Ø For public entities, cybersecurity incidents can lead to class action shareholder derivative lawsuits against directors and officers
  • 33. Cyber Insurance Ø Typically covers business interruption, remediation, and civil liability. Ø Doesn’t cover reputational harm and loss of consumer confidence. Ø Cyber insurance may be causing a spike in ransomware since cyber criminals may believe that victims covered by cyber insurance that potentially covers ransomware payments will quickly pay demanded ransoms.
  • 34. BE IN A POSITION OF STRENGTH Acts of War Exception Ø Some insurers have taken the position that cyberattacks perpetrated by foreign governments are not covered pursuant to insurance policies’ exceptions for “Acts of War.” Ø There are pending lawsuits challenging insurers’ denial of coverage for the NotPetya ransomware attack on the basis that it was an “Act of War” perpetrated by Russia.
  • 35. BE IN A POSITION OF STRENGTH Cyber Insurance and Ransomware A recent Indiana Court of Appeals case held that a cyber insurance policy that covered “property loss” did not cover a ransom paid to a hacker in order to unlock the insured’s computer system after a ransomware attack.
  • 36. What’s Really Going On…What You Need to Do
  • 38. Local & Hybrid Networks This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
  • 39. Cloud is the Solution! This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
  • 40. Sample Suspicious Sessions Origin: Iran | Industry: Automotive This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
  • 41. Sample Suspicious Sessions: Firewall Traffic Patterns Origin: Russia | Industry: Automotive This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
  • 42. Sample Incidents Target: Major Tri-State Hospital | Timeframe: Onset of COVID-19 Origin: Iran This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
  • 43. Dormant Accounts / NO PW Change Since 2010 This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
  • 44. Switches Not Patched Firmware was released in 2017. Switch Has not been updated in ~3 years. This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
  • 45. Inner and Outer Perimeter Findings • Exfiltration of 5 terabytes+ of confidential SAMPLE data. • Data to Paper Equivalency 5TB = 375,000,000 Pages • Multi-Billion Dollar Business Identified without a Single firewall • Medium Sized operating their entire network on Guest Wi-Fi • No Network Segmentation / Flat Environment • Passwords Digitally Stored in Clear • No 2FA • Computers without ANY Anti-Virus • Saved Credentials • No Active Monitoring, DLP, Syslogging, Limited to No Firewall Rules • Highly Susceptible to Phishing Attacks, Rooting, Priv. Escalations, Long Term command and controls of environment. • Ability to jump into DMS and attack other networks. This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
  • 46. • Sharing Computers w/Family Members • Passwords left in open; taped to monitors • Personal Identifiable Information (“PII”) and financial records left exposed • No Incident Response Experience • Server rooms left accessible to the public. • No security controls to restrict browsing/downloading malware- no web filtering Security Assessments Summary Findings This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
  • 47. • No Anti-virus (“AV”) on some systems • No data controls to secure data; Able to easily extract data from environment • Patching not current on some systems • No Business Continuity plan, Incident Response Plan or network or data diagrams for IT infrastructure • Systems and Data Well Beyond Lifecycles Security Assessments Summary Findings This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
  • 48. How to Protect Your Business “Know your enemy and know yourself - Sun Tzu”
  • 49. Protect Your Business Before the Downpour § Threat Emulation aka Red Teaming § vCISO / vCCO Analysis of Sec. Control Framework § Business Continuity & Incident Preparedness § Data Privacy Review & Analysis § Cyber Insurance Review & Analysis § Seek Additional Advice on Available Services from CapitalOne This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
  • 50. This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2020 WithumSmith+Brown, PC All rights reserved.
  • 51. 51 SM Want to Get in Touch? Withum’s Cyber Team Wcyber.info@Withum.com CapitalOne Edward Dewalters edward.dewalters@capitalone.com McElroy Deutsch: Diane Reynolds DReynolds@mdmc-law.com