Cybersecurity And Technology – Advancing Through Changes With Stu Panensky

In this episode of CHATTINNCYBER, Marc Schein interviews Stu Panensky, an experienced Privacy business attorney and commercial litigator. Stu’s law firm FisherBroyles has been established in 22 cities today. The world’s first and largest nontraditional law firm stands apart from the rest for two reasons- neither does it have any brick and mortar space nor any inexperienced associate lawyers.

Today, Stu narrates his story of being an expert practitioner in #cyberlaw. He started his cyber journey a jersey boy from the northeast. Stu did not go to law school to master cyber law. He cites two incidents that introduced him to the world of technology –

  • The first was when one of Stu’s senior colleagues decided to do a book on insurance coverage for technology. It allowed Stu to learn about the history of insuring technology assets and the issues that came along with it.
  • Stu worked as an architect and engineer liability lawyer, where he had to handle claims of technology and algorithms. He found this very interesting and challenging. Thus, cyber tech had become his area of focus.

Stu also talks about the changes in cyber and tech in the past decade. Earlier, only a few people knew about the cyber world, and even then, it needed explanation. But now, after ten years, everyone is aware of cyber insurance, thanks to news and media. The concept has become popular and far more sophisticated than how it used to be.

Stu chats about the challenges faced by higher education leadership teams understanding cyber risks – data, technology, and the nature of schools being the pain points in the work from home scenario today.

A privacy standpoint is necessary at higher levels of education. Schools need to audit and see whether the policies in their student handbook match with what they are delivering.

Tune in to learn from one of the industry’s most sought-after leaders, Stu Panensky, today!

Highlights: 

“The cyber insurance industry has a particular focus on cyber insurance and the issues are well known. And so it’s become a business peril.”

“I think almost every ransomware case we had in 2020 involves data exfiltration. It didn’t used to be like that at all. The extortions themselves are far larger now.”

“We love corporate privacy here at FisherBroyles, we have a really deep bench of corporate privacy lawyers. So we do all the website compliance, the terms and conditions, the privacy policies, we do the employee handbooks, the proactive corporate privacy, governance type of work.”

“Every case is different, and that’s why this is such an awesome practice because it really is sort of a new one every time; even in the business email compromise, which is probably the most routine matter that we get. Every system is different.”

“I think schools need to audit and see whether the policies in their student handbook match with what you are technically and technologically able to deliver.”

“It really has to do with the unique nature of FisherBroyles. FisherBroyles is the world’s first and largest nontraditional law firm. We’re in 22 cities in the US, we’re in London, and we’re growing.”

 

Time-Stamps: 

[00:56] – Stu shares his story of becoming a cyber insurance lawyer

[04:07] – How cyber insurance evolved during the past decade.

[08:26] – The cases cyber insurance deals with.

[11:30] – Challenges faced by higher education around the field of cyber risk.

[18:37] – Stu talks about FisherBroyles

 

Connect with Stu: 

Website: https://www.fisherbroyles.com/

LinkedIn: https://www.linkedin.com/in/stu-panensky-713b149

 

 

How Ransomware gangs lead Cyber Attacks : Understanding Cybersecurity with Thomas Brittain

In this episode of CHATTINN CYBER, Marc Schein interviews Thomas Brittain. He is the Associate Managing Director with the Cyber Risk practice of Kroll, a division of Duff & Phelps, based in St. Louis. He has over 14 years of information security experience advising organizations on secure configurations, risk reduction, incident response, and tackling tough security challenges. Thomas’ expertise ranges from incident response and security assessments to building and leading security programs. He is a Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), and a GIAC Certified Incident Handler.

Thomas shares his story of going from a military professional to chairing the Associate Managing Director role in one of the most prestigious IR firms in New York City. The foundation and training in the military certainly influenced Thomas’ drive. In the military, you don’t have an option to fail. You are to find a path forward, no matter what. Thomas shares carrying this perspective in his career and life.

To those looking forward to joining cybersecurity, Thomas gives away a few tips –

  • ●  Get a home lab setup – If you want to get into cybersecurity, you will have to experiment with different apps and software.
  • ●  Learn – Several sites give free education about these topics. INE and TryHackMe are examples. It would be best if you learned the basics first. There are YouTube videos you can learn from, which include videos of Professor Messer.
  • ●  Make sure you really want to work in this field. You’ll need to challenge yourself, think outside the box sometimes, and be ready to adapt to changes.Thomas then shares his views on an executive order passed by President Joe Biden on implementing new policies to improve national cybersecurity. The biggest concern in the order remains to be funding.

    We also learn about ransomware gangs, where they’re generally located, how they’re funded, and what their ransom demands are most often. Most of these gangs are located in the eastern European region and are funded by the ransom payments they have received. In 2020, their ransom demands went up to 60 million dollars even. Ransomware gangs today have started becoming more strategic.

Thomas also talks about the possible recruitment strategies for ransom gangs. He elaborates on the ransomware gang REvil, the one behind the Kaseya attack of 2021, and their attacking strategy. One of the most extensive techniques or tactics with this threat actor group is exploiting internet-connected vulnerable systems and managed security provider platforms like RMM tools (similar to Kaseya). Thomas further details the Kaseya attack, explaining why 1500 globally were put at risk – all simultaneously.

Towards the close of the conversation, Thomas explains the process of procurement of cryptocurrency by organizations – you have first to establish an account and then transfer funds to the wallet. After that, you procure your cryptocurrency, like Bitcoin.

Thomas has led an extensive discussion on ransomware gangs, cyber-attacks, and bitcoins today. There’s a lot you would take away from this episode!

Quotes:

“I think in this career field of cyber security, everybody has to be the CEO of their own career. Nobody’s going to give it to you on a silver platter.”

“This is not just a career field in which you’re going to come in, you’re going to get a great salary, and you’re going to do the job. If you don’t thoroughly enjoy it, if you don’t have the ability to think outside the box and really try to take on new challenges, this may not be the right career field for you.”

“Learn the basics first; how does a computer work? How does networking work? There are a lot of sites like, INE or TryHackMe that provide some level of foundation. There are other avenues like Professor Messer on YouTube that offer free videos to get that background or education.”

“I like to look at this as a chess game. So for every move, we make the advances, and then we make a counter move; constantly adapting to the things that we’re doing. And so we have to be ready to adapt.”