Nota Bene Episode 114: The New Global Business of Cyberattack, from Ransomware to a Now-Ubiquitous State of Breach with Kari Rollins
Cyberattacks have become big business, from the standpoint of both the attackers and attorneys pursuing liability compensation from corporate attack victims. Threat actors range well beyond hacker cults of old, now including sophisticated state actors, large businesses organized for the very purpose of cyber breach and theft, and complex threat networks that aggregate information formerly treated as innocuous. Ransomware is changing the state of cyber insurance, and both National and State regulations across the globe are entering the field to govern the conduct of business victims in this climate, both in terms of ransom payments themselves, and subsequent obligations to persons whose information goes out the pipes. Breaches, in short, are now a ubiquitous part of the multinational business landscape, and failing to test system vulnerability can present existential risk to any global business organization. We’re joined by attorney and cybersecurity expert Kari Rollins to discuss what companies can, and in some cases must, do to prepare for a potential cyberattack.
Kari M. Rollins is a partner in the Intellectual Property Practice Group and an Office Managing Partner of the Sheppard Mullin New York office. Kari focuses on data privacy and data security, and complex commercial litigation matters. She has successfully represented clients in the financial services, audit and accounting, retail and fashion, food services, hospitality, manufacturing, and technology industries before state and federal courts, as well as in front of state attorneys general, federal regulators, and U.S. and international commercial arbitration forums.
What We Discussed in This Episode:
- What are 5 truisms companies should understand when evaluating cybersecurity or data breach risks?
- Are there certain types of businesses that are at greater risk for attacks?
- How can you best understand and abide by your security and privacy obligations as a business?
- Regardless of the systems in place, how can companies account for human error?
- Why training, auditing, and compliance with cybersecurity standards should be part of any incident response plan?
- What are some of industry-specific audit and compliance obligations?
- How can you prepare your “cybersecurity story”?
- Can there be more than one threat actor involved in an attack?
- What are several preparedness steps to avoid modern developments in ransomware?
- For companies that are attacked, how can they make proper payment in order while avoiding further attacks?