CYBERSECURITY Trends & Initiatives – Once More unto the Breach
On Thursday, October 6, 2016, the BABC hosted a top of mind business seminar about cybersecurity. Howard Silverstone, Director, Forensic Resolutions, Inc., and prior BABC President and current Programs & Events Chairman provided opening remarks and a general overview of the topic. Howard mentioned how easily fraud can be committed and how devastating it can be to both an individual and a business. Just saying the word elicits concern. Technology is in our hands, at our fingertips, all of the time. It is both a blessing and a curse. With just the touch of a button, business transactions are conducted and highly confidential information is shared instantaneously across the globe. The world is both smaller and scarier than ever. Panel experts: Michael Ebert, Partner, KPMG LLP; Matt Siegel, Member, Cozen O’Connor; and Andy Williams, Cyber Envoy, Department for International Trade, were guided through the dynamic discussion by the moderator. Areas of focus covered by each presenter included: current pressing cybersecurity issues affecting the US and the UK; recent regulations especially how things will be changing rapidly re. Brexit; what you need to know and do to safeguard your company; what you can expect from government regulations in both the short and long term; Cybersecurity Information Sharing Act; and the European Commission on Cybersecurity.
Matt Siegel, Member, Cozen O’Connor, discussed emerging cyber risks and exposures. He talked about different kinds of risks and where they come from. Matt explained cybersecurity affects all lines of business and the motivations for hackers vary widely. The implications for a hacked company can be hard to predict. Increasing employee mobility leads to increasing risks of data loss. There is also the growing threat of foreign state actors. American companies face an increasing risk of being hacked by foreign state actors to gain a competitive advantage in business. Such hacks also have the potential to expose personal information of customers and employees, making them responsible for notification costs and susceptible to class action litigation. Matt covered relevant state/federal legislation, breach notification statutes, and state AG involvement. He warned companies need to keep abreast of FTC investigations, and hope that a baseline standard of care can be established. There is also HIPAA for health care providers and business associates, and the NIST guidelines that apply to critical infrastructure. It is very important for companies to remain aware of emerging trends in breach litigation, and standing in data breach cases. Courts have reached different conclusions on whether simply being a victim to a data breach is sufficient to confer standing.
Michael Ebert, Partner, KPMG LLP explained that the value of the information at our fingertips has created the increase in threats. Michael talked about national states intelligence; intellectual property theft – it’s cheaper to steal than to develop; monetary reward (resell of information); SSN; insurance numbers; credit card information; addresses; other PII; and monetary reward (payment to regain control of compromised systems – ransomware). He explained investments in cyber defense fall short; they are focused on technology not governance, people and process. The skilled workforce also falls short. However, on the bright side, the education system is catching up, awareness is broadening, and regulatory oversight is increasing. Michael talked about the convergence on ISO in the EU and NIST standards in the US. Laws are increasing but fragmented, and enforcement penalties are also rising. There is a new wave of global corrective action agreements, and executive officers are being held accountable.
Andy Williams, Cyber Envoy, Department for International Trade, provided an overview of the current key cybersecurity developments in the UK. His discussion covered how the government is addressing the national cyber threat, and the imminent launch of the new UK National Cyber Security Centre (NCSC). Andy talked about why the UK is establishing the NCSC; what the government is doing to support UK individuals and organizations with various new cyber initiatives and regulations; and what the UK government is doing with respect to US/UK government cooperation. Click here for UK Government information about the Cyber Essentials program and all related documents.
The discussion was truly interactive. Attendees did not need encouragement to ask questions. People began to interact with the panelists before their presentations had even officially concluded. Cybersecurity is undoubtedly a global top of mind issue affecting individuals, companies of all sizes, and every industry sector throughout the world – no one is exempt. Cybersecurity must be at the forefront of business practices as modern technology continues to evolve and develop.
Special thanks to our sponsors: Cozen O’Connor, The Department for International Trade, Forensic Resolutions Inc., and KPMG LLP.
Click here to view pictures from the event.
