The Ever-Increasing Danger of Cyberattacks – With Sean Hoar of Lewis Brisbois

In this episode of CHATTINN CYBER, Marc Schein interviews Sean Hoar, of Lewis Brisbois and chair of the Data Privacy & Cybersecurity Practice. He has extensive experience managing responses to digital crises and effectively marshaling resources to contain and remediate information security incidents. He served as the lead cyber attorney for the U.S. Attorney’s Office in Oregon, and he worked closely with the Computer Crime & Intellectual Property Section in Washington D.C. He holds the Certified Information Systems Security Professional (CISSP), the Global Information Security Professional (GISP), and the Certified Information Privacy Professional/United States (CIPP/US.

Sean served in the US Attorney’s Office for many years where he handled career cases that exposed him to the digital world of electronic surveillance. He believes that cyber hackers have evolved fast and have become more sophisticated over the years, leveraging the systems and applications. Sean explains that as long as cybercriminals are able to monetize data; ransom and other exploits are going to continue, the most dangerous of which right now is extortion. Sean explains how he advises his clients to give information to the FBI who gather evidence across the country and attribute each case to malicious actors, they hold them accountable, and criminally charge them.

Sean explains why security starts with setting up foundational basics in an organization. He also describes the criteria they use to ensure advanced cybersecurity for their clients: they make sure the internal teams understand what they’re supposed to do, and the external teams stay in touch with their obligations. Companies need to put cyber procedures in place to avoid financial consequences in the long run if they are not proactive. “But for me, it’s a matter of helping them really visualize what it will look like, and until they understand that, it’s going to be hard to get them to take action.”

Companies that carry cyber insurance are well educated and have immediate attention and deployment of resources they need to go from one side to the other, which limits the expense and the impact of the attack. Companies without insurance, on the other hand, struggle on who they should call because they don’t have the education and systems in place to go from one side to the other. They contact the wrong people which results in more confusion and expenses.

What You Will Learn:

  • The danger of cyber ransom exploits and extortion in risking data privacy online.
  • Why cybercrimes are only going to increase in the future and become more dangerous
  • How Sean helps his clients visualize their cyber exposure procedure as a long-term financial investment.
  • The difference between companies that carry cyber insurance and those who don’t.
  • The tools that Sean created to deal with information security control assessments and response planning for the private sector.
  • The power of building a stable effective team with the right attitude.

Cybersecurity Across Sectors — Chattinn Cyber with Vince Stewart

In this episode of Chattinn Cyber, Marc Schein interviews retired Lieutenant General Vince Stewart. He is the Chief Innovation and Business Intelligence Officer at Ankura and Founder/CEO of Stewart Global Solutions. In previous roles, he has served as the Director of Intelligence at the USMC, Commanding General of the Marine Forces Cyberspace Command, Director of the Defense Intelligence Agency, and Deputy Commander of the US Cyber Command.

Born in Jamaica, Vince was determined to live the American dream. In 1971, he and his sister joined their mother in the US with nothing but hope and a vision — no titles, no special privileges, only the basics. He learned to play American football and started at Western Illinois University with a scholarship, eventually being recruited into the US Army ROTC program. He was determined to serve and give back to the country that gave him all these opportunities. 38 years later, Vince retired with many medals and distinctions, all of which he modestly credits to the individuals who served beside him.

Vince speaks deeply to his transition from public to private sector and how despite many years of experience, many challenges still emerged. While in the public sector he was executing the budgets, the private sector forced him to maneuver making the budget and consider the margins in order to facilitate it. The heavy reliance on litigation in the private sector was also a learning point for Vince.

Vince strongly advocates for “collective defense” – a collaboration between organizations and government agencies for sharing intelligence and solutions to win the fight against the very real threats in cyberspace.

Around 60% of large companies ($100 million +) never recover from a data breach. Vince explains the misconception that large companies are the only ones at risk – some criminals want $20 million, but some want just $5000! The mere fact that we all have data that we want to protect is a point of great interest to nation-states and criminals. As a company, around 70% of breaches are as a result of insider activity.

Vince talks about the evolution of phishing and how susceptible many people are to those types of schemes. About 5% of people are curious enough to open an email with the subject line “don’t open this email.” What about the other 95%? Smarter criminals are developing socially engineered phishing, in the form of ads tailored to a person’s interests – you see the ad and you click on the link.

To learn more about Vince’s incredible career, from landing in America with nothing but the basics, to climbing the ladder and becoming the Deputy Commander of the United States Cyber Command, listen to this episode of Chattinn Cyber with Marc Schein.

 

Using Data to Quantify Future Cyber Risk- With Eduard Alpin

In this episode of CHATTINN CYBER, Marc Schein interviews Eduard Alpin, the Lead Cyber Actuary for the Specialty Actuarial Products division of Verisk ISO. He leads the development of loss costs and risk segmentation models for ISO’s new and existing cyber insurance programs. He also oversees the Cyber Data Exchange, which aggregates industrywide cyber insurance data and provides summarized results back to participating companies. Born in the Ukraine, he has had an interesting journey, coming to US at an early age,  today he is one of the leading names in Cyber Insurance.

Eduard defines an actuary as someone that quantifies risk. Applying the knowledge of Math and Statistics, He builds the pricing models that help companies determine how much to charge for different policies. He explains how they look at the historical events and trends’ frequency and severity to determine future pricing.

Eduard discusses his thoughts on the next 10 years in cyber risks.  It is a unique process and collecting data is associated with it. It has a broad scope and we need to collect data from hundreds of companies across the world to analyze and figure out the policies. It is sophisticate and complex to manage data and risk but he’s confident that it’ll evolve rapidly in next 10 years.

There were forecasts made In 2019, but no one could have accurately predicted where we would be in 2020. So it is important to update the data frequently. With all the is happening, many people working from home, ransomware is on the rise, cybersecurity risks like security breaches are still happening and data is exposed.​ We need to have better data to quantify risk and minimize the breaches. Next year is looking interesting and we’re excited about the cyber insurance market.

What You Will Learn:

●  What is Actuarial Science & How it works?

●  What is the future of cyber security risks & how we can plan better?

●  How companies quantify the risks & figure our pricing policies?

●  How to deal with cyber security breaches & cyber insurance market?

LinkedIn: https://www.linkedin.com/in/eduard-alpin/

 

How Auto Threats Target Small Car Suppliers to Get to Big Suppliers- with Faye Francy

In this episode of CHATTINN CYBER, Marc Schein interviews Faye Francy, Executive Director of Automotive Information Sharing and Analysis Center (Auto-ISAC). She serves the global automotive industry through the analysis and sharing of trusted, timely cyber threat information about existing or potential cyber-related threats and vulnerabilities for on-road vehicle electronics and associated networks. Faye is actively engaged with private-sector partners and government agencies to facilitate information sharing and strengthen the industry’s capability to detect, prevent, respond, and mitigate disruptions related to the connected vehicle and supporting infrastructure. Their responsibilities include developing and executing a 2020 Vision that outlines strategic and operational priorities for the automotive industry. Auto-ISAC works closely with Chief Information Officers (CIOs), Chief Information Systems Officers (CISOs), Product Development leadership, and other executives across the automotive industry responsible for securing vehicles and connected infrastructure.

Faye started her career as a forensic chemist with the Maryland police where she became very interested in arson and aeronautics, specializing in the aviation industry. Her experience their propelled her into the automotive industry interested in her after she retired in 2016.

The ISAC model was developed in 1998 through a presidential directive for industries managing or operating critical infrastructure. Faye explains that it became a concern for the public sector after it was discovered that over 80% of the private sector operated critical infrastructure. This prompted both sectors to come together and create a sector-specific organization to share information about physical and cyber threats, vulnerabilities, and incidences.  There are 24 ISACs today that serve in that role. Faye explains the purpose of the auto ICAS in sharing tactical threat information, building resilience across the whole industry, and asking everyone including the consumer to take responsibility. One of their first steps was to proactively shape industry-wide best practices into a working level document to help domestically.

Faye explains that when it comes to car supply chain, the threat actors look for small suppliers that don’t have the capabilities of larger supplies and use that to get to the ‘big fish’. “The soft underbellies are important, and so is the supply chain in ensuring all of them have tools, techniques, and understanding of how to address issues.”

She talks about the efficiency and effectiveness of the automobile industry due to technological connectivity, which also brings cyber risks and requires vigilance about cyber hygiene and cybersecurity. She explains that the typical trends in auto cybercrimes have been focusing on the integration of highly automated systems even during COVID. She covers the topic of the top cyber threats during the COVID-19 pandemic.

Protecting Personal Information Online Amid World Digitization with James Mottola

In this episode of CHATTINN CYBER, Marc Schein interviews James Mottola, the Vice President of Data Privacy, Investigations, and Security for Porzio Compliance Services. He served 25 years in the United States Secret Service as former Special Agent in charge of the Newark Field Office of the United States Secret Service. Jim discusses how he leverages his experience to advise clients on matters of information security, data privacy, physical security, schools’ safety, internal corporate investigations, incident response management, and other compliance-related matters.

Over his 25-year career, Jim worked on many cases pertaining to financial fraud. In that time, fraud schemes have grown more sophisticated and entered into online spaces. Most businesses are underprepared and under matched to defend against these new tactics, making them easy targets. Jim explains how the greater presence of digital information has made it easier for criminals to commit identity theft.

The digital world continues to grow exponentially, particularly in light of the COIVD-19 pandemic. Jim unpacks how e-commerce giants are influencing user behavior. How we can control the digital world and live normally when it is evident that cybercrime disruptions will increase?

Jim advises people to take control of their information since technology is evolving:

“I think as a society we got to take a hold of our information and we have to, unfortunately, put more obligation on businesses on how they have our information, what they do with our information.”

Jim continues on why there’s a need for public and private co-operation to protect individual rights. “Together we need to figure out what are the threats we need to work on, focus on those, and then collaborate as best as possible.”

What You Will Learn:

  • How the digitization of information is aiding in the facilitation of identity theft cybercrimes.
  • The future of eCommerce in influencing consumer behavior and how it will create cyber disruptions.
  • How to install resilient measures to combat cybercrime
  • Why public and private sectors need to partner to protect individual’s rights.

 

Cybersecurity: How COVID-19 has Increased the Risk of Cyberattacks with guest, Joe Mann

In this episode of CHATTINN CYBER, Marc Schein interviews Joe Mann, Founder, and CEO of Arete. He is a recognized industry leader in information risk, with over 20+ years of experience serving corporations, government agencies, and nonprofit organizations. Joe has developed information-sharing initiatives across the Financial and Legal sectors to synchronously align the interests of organizations and C-Suite decision-makers to create “win/win” scenarios for complex risk issues.

Joe started Arete 5 years ago to create solutions that bring more impact in investigation matters, an area which was not being provided by big consulting companies. Cybercrime has become an active issue in the last 4-5 years targeting SMEs, the economic impact is alarming, which is why security companies are growing as fast as they can.

Joe explains the difference between organizations that have insurance against cybercrime and those who do not.  He also explains how they track cryptocurrency dealers to understand their behavior and know how to negotiate.

“There is one group that refines its people, processes, and technology every day and other groups that are in business just not in the cybersecurity business.”

Arete doesn’t want to negotiate with criminals and works closely with the FBI and the likes although joe admits the ransom problem is a huge issue and how they follow the set guidelines. Joe explains, “The important thing here is that enforcement, government, and industry work together to develop set of standards that really end in the best fit for these companies that’re being victimized not exacerbating the issue.”

On politics 2020, Joe terms the voting issue as just a way to pull people apart and make them less decisive and compares it to cyberattacks on US companies.

Relevant Links:

Website: https://areteir.com/

LinkedIn: https://www.linkedin.com/in/joe-mann-5654969b

 

 

 

“National Cybersecurity” Insights from the U.S. Solarium Commission and more with Cory Simpson

In this episode of CHATTINN CYBER, Marc Schein interviews Cory Simpson, Senior Director and Lead for the U.S. Cyberspace Solarium Commission, Homeland Security Professor at Clemson University & Managing Director at Ankura, with more than 15 years of experience as a U.S. Army officer, federal prosecutor, national security lawyer and strategist.

Cory reports the findings of the U.S. Cyberspace Solarium Commission, an independent, bipartisan, and multisector commission, in which he acted as Senior Director until July. The commission, named for the Solarium Project set up by President Eisenhower, was comprised of fourteen members, including two senators and four house representatives, six internationally recognized experts in cybersecurity, and the FBI director. Together, these members developed legislative proposals as recommendations for Congress. Including Layered Cyber Deterrence

The two goals of the commission were creating a grand strategy for cybersecurity and identifying the policies needed to achieve that strategy. From ensuring secure democratic elections to supply chain security, the commission covered both public and private cybersecurity challenges, including the current COVID-19 pandemic. Of the more than eighty recommendations for both the executive and legislative branches, 29 recommendations involving legislation are already poised to become law.

The Solarium Commission, AI Commission, and the Commission on National Service informed legislators that if we don’t have people to implement these strategies, they’re not going to work. Cybersecurity at a national security level is all of our responsibility, not just the government’s responsibility.

Additionally, Cory dives deep on specific recommendations, including creating a public/private relationship, perhaps scaling a model currently in place in the UK. Beyond the borders of the U.S., he explains digital trade zones should encompass all of the western democracies.

Cory wraps up with some insights into election security, we have security at odds with access. If you want a secure system you limit access which is the opposite of what we are doing when we want Americans to vote. In addition, Cory covers the challenge of an anonymous vote and the importance of a paper-based backbone to voting. Tune in to hear the advantages the U.S. democracy carries in its decentralized system!

 

 

 

From Hacktivists to Million-Dollar Ransoms, John Mullen Has Seen it All in Data Breaches – Hear His Legal Perspective on Cybersecurity

In this episode of CHATTINN CYBER, Marc interviews John Mullen, Managing Partner of Mullen Coughlin, the leading and largest privacy law firm solely dedicated to privacy and cybersecurity law in the U.S.  Focused on providing tailored data privacy and incident response services, John’s firm handles breach response, pre-breach planning and compliance, regulatory investigation and management, and privacy litigation defense under the umbrella of cyber insurance.

John’s friend Mark Greisiger of NetDiligence coined the term “Data Breach Coach” to describe what John and his firm do for companies in helping them during a data breach crisis under an insurance policy. In addition to the services John’s firm provides these companies, they also assist as part of a suite of services provided by insurance in the event of a data breach.

Estimating that the firm handles a third of all breaches in the country under the umbrella of insurance, John is uniquely qualified to share the details of the industry, as well as the evolution of cybersecurity hacks from the early days. It is a story of “hacktivists,” nation states, and rogue employees breaching security to the current-day situation in which bad players leverage ransomware to demand six figures at least – some up to millions of dollars –  from companies.

John expands on their post-breach response, including business interruption, as well as their pre-breach counseling and its limitations. In describing the future of data breaches, he explains that cybersecurity is a niche area that is growing in both law and insurance, both of which don’t have areas of growth outside of this industry. Listen to hear all of this, as well as what John has to say about his firm’s relationship with the FBI.

 

 

Distinct Field, Ubiquitous Influence: Cybersecurity and Insurance with Robert Chesler

Today, Marc sits down with prominent insurance lawyer Robert Chesler to discuss the unique yet expansive role that cybersecurity plays in the insurance sector. Drawing from his expansive industry and legal experience, Chesler shares his insight on the current relationship between cybersecruity and insurance claims and how the growing field of cyber-law can learn from the success of other law sectors. Chesler also pulls from current and recent cases to illustrate how insurance companies may evolve on their choices with regarding to filling employee claims.

A trailblazer of insurance coverage litigation for policy holders, Robert Chesler is a shareholder with Anderson Kill and a member of their Cyber Insurance Recovery group. Chesler has seen and participated in the birth of modern insurance law since the 1980’s and is now actively overseeing new areas of coverage such as cyber and privacy insurance. He has represented huge industry clients such as GE, Chrysler, and Unilever as well as many small businesses in pro-bono cases. A prolific author, Robert regularly publishes articles in widespread journals and websites that perk the ears of industry voices and which establish him as a thought leader in his own right. Rob holds his Bar Admissions in New Jersey and received his JD from Harvard Law School. He also holds a Ph.D. from Princeton University.

 

Gauging Today’s Cyber needs and Projecting Tomorrow’s with Michelle Schaap

On this episode of CHATTIN CYBER, our host sits down with Michelle Schaap to explore the ever-evolving landscape and intersectionality of the cybersecurity field. Schaap currently serves as an Attorney concentrating in Cybersecurity, Construction and Technology Law at Cheisa Shahinian & Giantomasi PC (CSG), where she has advised on privacy & data security practices for over two decades. Michelle specializes on cyber preparedness and IT disaster recovery planning as well as structuring commercial transactions and negotiating project agreements. A diverse strategist with over thirty years of practice, Ms. Schaap has also honed her skills in renewable energy projects, software industry development.

After receiving degrees from Cornell University and Rutgers Law School, Ms. Schaap started her career at a law firm that gave her the opportunity to be on rotation and gain a large breath of experience across multiple specialties. Eventually focusing on Land Use law, she credits this with allowing her “to learn what her client’s immediate needs were and potentially long-terms needs” in order to prepare for the future. In practicing general law internationally and at large corporations like Toys R Us, she developed proficiency in many of the aspects that cyber law touches including HR, supply trains, upstream obligations, and more.

In this interview, Michelle uses this vast experience to predict the developments in the field over the next decade. She warns that cyber response has yet to catch up with state-of-the-art software, and suggests that some of the most effective and cost-efficient methods of cyber security have existed long before those technologies came on to the scene. Tune in as she explores how to gauge what level of security is right for your business and a few fast tips to bring your business and personal security up to speed. Catch up on all this and more on this episode of CHATTINN CYBER with Marc Schein!