The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Articles By Topic

By Topic: Cyber Threat Types

  • From Vol. 3 No.4 (Feb. 22, 2017)

    Marsh and FireEye Take the Pulse of European Cybersecurity Climate

    FireEye, Inc. and Marsh & McLennan Companies recently released their joint 2017 European cyber risk report, which is based in part on data collected by Marsh in a survey of 750 of its European clients. It analyzes the current European threat environment, benchmarks companies’ cyber perceptions, discusses coming regulations that should provide increased transparency on cyber attacks and provides best practices for cybersecurity preparedness. For more insight from FireEye, see “How the Financial Services Industry Can Manage Cyber Risk” (Jul. 20, 2016). For more from Marsh, see our two-part series: “Building a Strong Cyber Insurance Policy to Weather the Potential Storm (Part One of Two)” (Nov. 25, 2015) and Part Two (Dec. 9, 2015).

    Read Full Article …
  • From Vol. 2 No.22 (Nov. 2, 2016)

    Advice From Blackstone and Tiffany CISOs on Fighting Cybercrime

    Information security is “the hottest industry of all time” according to Lisa J. Sotto, managing partner of Hunton & Williams’ New York office and chair of the firm’s global privacy and cybersecurity practice. At a recent PLI panel, Sotto and fellow panelists Jay Leek, managing director and CISO for The Blackstone Group L.P.; Anthony Longo, CISO for Tiffany & Co. and Matthew F. Fitzsimmons, an Assistant Attorney General in Connecticut and head of the office’s Privacy and Data Security Department discussed the ballooning issue of cybercrime and how to both prevent and respond to attacks. See also “Establishing Strong Cybersecurity and Data Privacy Leadership: The Roles of the Chief Information Security Officer and Chief Privacy Officer” Part One (May 6, 2015); Part Two (May 20, 2015).

    Read Full Article …
  • From Vol. 2 No.16 (Aug. 3, 2016)

    Procedures for Hedge Fund Managers to Safeguard Trade Secrets From Rogue Employees 

    In an era when high-profile data theft cases have shaken some people’s faith in the security of personal information entrusted to fund managers, it is critically important for firms to take steps to detect, prevent and address such thefts by rogue employees. This is of particular urgency for hedge fund managers now that the SEC has stepped up its focus on cybersecurity. Data security and the measures that can help safeguard trade secrets and sensitive information were the focus of a recent Hedge Fund Association panel discussion featuring participants from the law firm Gibbons, the litigation consulting firm DOAR and the hedge fund Litespeed Partners. See also “How Financial Service Providers Can Address Common Cybersecurity Threats” (Mar. 16, 2016).

    Read Full Article …
  • From Vol. 2 No.13 (Jun. 22, 2016)

    ISIL-Linked Hacker Pleads Guilty in First-of-Its-Kind Cyber Terror Case

    Hackers are not only breaching companies’ systems for their own monetary gain – they can be “cyber terrorists,” acting on behalf of nation-states or movements. After successful international cooperation, on June 15, 2016, one such terrorist, Kosovo citizen Ardit Ferizi, pled guilty to charges of providing material support to the Islamic State of Iraq and the Levant. He stole PII from an Illinois company to help ISIL threaten U.S. military and government personnel. “The case against Ferizi is the first of its kind, representing the nexus of the terror and cyber threats,” Assistant Attorney General for National Security John Carlin said. See also “Prosecuting Borderless Cyber Crime Through Proactive Law Enforcement and Private Sector Cooperation” (Mar. 2, 2016).

    Read Full Article …
  • From Vol. 2 No.5 (Mar. 2, 2016)

    How the American Energy Industry Approaches Security and Emphasizes Information Sharing

    The North American bulk power system, a large, complex machine consisting of thousands of generation plants and thousands of miles of transmission lines, has become a model for cybersecurity, according to Marcus Sachs, senior vice president and chief security officer of North American Electric Reliability Corporation, a not-for-profit regulatory authority. In this guest article, Sachs discusses how the industry has avoided loss-of-load events due to a cyber or physical attack on a power plant, and steps the industry is taking to address cyber threats, including its continued focus on information sharing, where it has been a leader for other sectors. Sachs will be a panelist at the Financial Times Cyber Security Summit on March 16, 2016 in Washington, D.C. See also “Energy Industry Demonstrates Public-Private Cybersecurity Coordination” (Oct. 14, 2015).

    Read Full Article …
  • From Vol. 1 No.18 (Dec. 9, 2015)

    The Multifaceted Role of In-House Counsel in Cybersecurity 

    To effectively advise corporations on cybersecurity issues, in-house counsel must navigate myriad issues that can vary across industries, state and international jurisdictions as well as privacy and information security contexts.  A recent PLI program brought together privacy and information security counsel from various industries to share insights on the role of in-house counsel charged with securing business-critical and confidential data and technology.  They discussed the different responsibilities for data privacy and cybersecurity professionals, international data privacy and protection laws, and offered strategies for in-house counsel to prevent internal cybersecurity threats, develop breach prevention and response policies and handle vendors.  The panel was moderated by Lori E. Lesser, a partner at Simpson Thacher, and included top practitioners Rick Borden, chief privacy officer at the Depository Trust & Clearing Corporation; Nur-ul-Haq, U.S. privacy counsel at NBCUniversal Media; Michelle Ifill, senior vice president at Verizon and general counsel of Verizon Corporate Services; and Michelle Perez, assistant general counsel of privacy for Interpublic Group.  See “Analyzing and Complying with Cyber Law from Different Vantage Points (Part One of Two),” The Cybersecurity Law Report, Vol. 1, No. 8 (Jul. 15, 2015); and Part Two, Vol. 1, No. 9 (Jul. 29, 2015).

    Read Full Article …
  • From Vol. 1 No.14 (Oct. 14, 2015)

    MasterCard and U.S. Bancorp Execs Share Tips for Awareness and Prevention of Mushrooming Cyber Risk (Part One of Two)

    Two senior-level executives in the financial industry, leading cybersecurity experts, recently offered their views on how they are balancing the lure of new technology with the associated risks.  In this article, the first in a two-part series covering the PLI program “Cybersecurity 2015: Managing the Risk,” Jenny Menna, the cybersecurity partnership executive at U.S. Bancorp and Greg Temm, vice president for information security at MasterCard, and responsible for MasterCard’s cyber intelligence program, address: the current cyber landscape; the most pressing threats across industries; and how the government, regulators and private companies are responding to those threats.  In the second article, they tackle mitigating cybersecurity risk, including industry projects geared toward improving the overall cybersecurity ecosystem; and tips for avoiding cyber threats at work and home.  See “The SEC’s Updated Cybersecurity Guidance Urges Program Assessments,” The Cybersecurity Law Report, Vol. 1, No. 3 (May 6, 2015).

    Read Full Article …
  • From Vol. 1 No.8 (Jul. 15, 2015)

    The Challenge of Coordinating the Legal and Security Teams in the Current Cyber Landscape (Part Two of Two)

    Legal and security teams each play a crucial role in cybersecurity and data protection, but working together to understand the most pressing threats and shifting regulatory landscape can be challenging.  In this second article of our two-part series covering a recent panel at Practising Law Institute’s Sixteenth Annual Institute on Privacy and Data Security Law, Lisa J. Sotto, managing partner of Hunton & Williams’ New York office and chair of the firm’s global privacy and cybersecurity practice, and Vincent Liu, a security expert and partner at security consulting firm Bishop Fox, give advice on how to prepare for and respond to a cyber incident and how security and legal teams can effectively work together throughout the process.  The first article in this series discussed the current cyber threat landscape and the relevant laws and rules.

    Read Full Article …
  • From Vol. 1 No.7 (Jul. 1, 2015)

    Coordinating Legal and Security Teams in the Current Cybersecurity Landscape (Part One of Two)

    As cybersecurity concerns permeate every industry, it becomes increasingly urgent for lawyers across disciplines to understand the most pressing threats and shifting regulatory landscape; help shape and direct the responses; and be able to effectively communicate and collaborate with technical security efforts.  In this first article in our two-part coverage of a recent panel at PLI’s Sixteenth Annual Institute on Privacy and Data Security Law, Lisa J. Sotto, managing partner of Hunton & Williams’ New York office and chair of the firm’s global privacy and cybersecurity practice, discusses the current cyber threat landscape and the relevant laws and rules.  See “After a Cyber Breach, What Laws Are in Play and Who Is Enforcing Them?,” The Cybersecurity Law Report, Vol. 1, No. 4 (May 20, 2015).  The second part will detail her advice on preparing for and responding to a cyber incident and will include insight from her co-panelist Vincent Liu, a partner at security consulting firm Bishop Fox, on how security and legal teams can effectively work together throughout the process. 

    Read Full Article …