In this episode of CHATTINN CYBER, Marc Schein interviews Sean Hoar, of Lewis Brisbois and chair of the Data Privacy & Cybersecurity Practice. He has extensive experience managing responses to digital crises and effectively marshaling resources to contain and remediate information security incidents. He served as the lead cyber attorney for the U.S. Attorney’s Office in Oregon, and he worked closely with the Computer Crime & Intellectual Property Section in Washington D.C. He holds the Certified Information Systems Security Professional (CISSP), the Global Information Security Professional (GISP), and the Certified Information Privacy Professional/United States (CIPP/US.
Sean served in the US Attorney’s Office for many years where he handled career cases that exposed him to the digital world of electronic surveillance. He believes that cyber hackers have evolved fast and have become more sophisticated over the years, leveraging the systems and applications. Sean explains that as long as cybercriminals are able to monetize data; ransom and other exploits are going to continue, the most dangerous of which right now is extortion. Sean explains how he advises his clients to give information to the FBI who gather evidence across the country and attribute each case to malicious actors, they hold them accountable, and criminally charge them.
Sean explains why security starts with setting up foundational basics in an organization. He also describes the criteria they use to ensure advanced cybersecurity for their clients: they make sure the internal teams understand what they’re supposed to do, and the external teams stay in touch with their obligations. Companies need to put cyber procedures in place to avoid financial consequences in the long run if they are not proactive. “But for me, it’s a matter of helping them really visualize what it will look like, and until they understand that, it’s going to be hard to get them to take action.”
Companies that carry cyber insurance are well educated and have immediate attention and deployment of resources they need to go from one side to the other, which limits the expense and the impact of the attack. Companies without insurance, on the other hand, struggle on who they should call because they don’t have the education and systems in place to go from one side to the other. They contact the wrong people which results in more confusion and expenses.
What You Will Learn:
- The danger of cyber ransom exploits and extortion in risking data privacy online.
- Why cybercrimes are only going to increase in the future and become more dangerous
- How Sean helps his clients visualize their cyber exposure procedure as a long-term financial investment.
- The difference between companies that carry cyber insurance and those who don’t.
- The tools that Sean created to deal with information security control assessments and response planning for the private sector.
- The power of building a stable effective team with the right attitude.