In this episode of Chattinn Cyber Marc Schein interviews guests; Sherri Davidoff, CEO of LMG Security and author of the recently released book, “Data Breaches.” And Michael A. Kleinman, Special Counsel, Fried Frank. Sherri started working in cyber security before that was even a term. And Michael, on the other hand, comes from the legal world. A litigator, Michael started to see more and more clients needing counsel with regard to cyber and use privacy issues.
They begin their conversation digging into the issue of ransomware. Sherri explains what ransomware is and moves into how ransomware continues to evolve. She shares a story of a ransomware case that infiltrated a trucking company. This stranded the trucks and affected the retail industry at large.
They also discuss what kind of legal room the victims of a cyber attack actually have. It’s a complicated issue when business is disrupted—especially when they are contractually obligated to deliver. Sherri explains that businesses need to demand security reviews in their contracts, and the community as a whole needs to understand that transparency around security benefits everyone.
Michael talks briefly about notification laws and how they affect private data in contractual agreements. Sherri says that 75% of ransomware breaches take personal data. What you really need to do is figure out what they actually have before taking the next step of paying the ransomware.
- There is now ransomware as a service.
- The hacker economy is demanding more and more specialized roles.
- A cyber attack can actually cause a breach of contract.
- 92% of breaches come from third parties.
- There really aren’t standards for suppliers notifying when there’s a hack.
- Think about which suppliers have important access to your data.
- “The operational impact of a ransomware case, sometimes by design, often has this huge ripple effect—especially when who’s targeted is a key supplier.” – Sherri (6:00)
- “Once you start getting into a ransomware case, you start to realize how dependent even little things are.” – Sherri (9:35)
- “This issue of incidents arising out of third parties is not new.” – Michael (15:30)
- “You need to understand what the contracts actually say.” – Michael (18:20)
- “If your data is up there, YOU need to do an investigation.” – Sherri (20:36)
- “Reduce your access, and you reduce your risk.” – Sherri (21:30)
- “Today, ransomware is typically the tip of the iceberg. It’s the last thing you see after a long-range attack.” – Sherri (22:25)