Cybersecurity and Ransomware Attacks: Best Practices

Formerly a Pentagon special counsel and chief cyber counsel to the U.S. Cyberspace Solarium Commission, Mr. Simon regularly assists clients as the lead investigator and crisis manager for high-stakes, cross-border incidents involving cyberattacks, data breaches and extortion, and AI, and handles related internal investigations and regulatory defense.

Mr. Simon has dealt with some of the most significant cyber incidents on an international scale. His experience includes advising victims of state-sponsored cyber activity, ransomware and other cyber extortion attacks, as well as breaches of health information, sensitive government information, intellectual property and personal data. Dual qualified to practice in the U.S. and the EU, he often represents global companies in connection with cyber incidents requiring analysis of breach reporting obligations under U.S. and EU law, including the EU General Data Protection Regulation (GDPR) and investigations by European data protection authorities. He has counseled companies on major cyber incidents and incident preparedness across virtually every industry, including financial, health care, energy, chemical, defense and aerospace, telecommunications and hospitality.

Mr. Simon is known as a go-to cyber and privacy counsel to leading global private equity sponsors and their portfolio companies, stepping in to serve as cyber counsel and incident commander when portfolio companies face ransomware or other disruptive cyberattacks. He frequently counsels boards, C-level executives and other management as they address cyber vulnerabilities and breaches, and manage associated legal, regulatory and reputational consequences. In recent years, Mr. Simon has convened regular roundtables with CISOs, CIOs and CTOs from leading global private equity firms and their portfolio companies to assess trends and risk management strategies concerning cybersecurity, AI and privacy. With years of experience working in data protection privacy compliance, Mr. Simon often advises clients on complex regulatory issues involving the collection, storage, use, transfer and sharing of personal and other sensitive data. He counsels clients on data governance and privacy compliance with HIPAA, ECPA, CCPA/CPRA, EU GDPR and a range of EU laws governing data protection and technology supply chain risk management. Mr. Simon is widely known for his experience regarding the legal and policy issues at the intersection of cybersecurity, privacy, AI and national security. In addition, he has significant experience with the evolving cybersecurity and privacy legal framework applicable to the internet of things (IoT) and product cybersecurity, operational technology (OT) and industrial control systems (ICS).

He has been recognized by Chambers USA for his “global, holistic view of the cybersecurity world,” The National Law Journal as a Cybersecurity & Data Privacy Trailblazer, The Legal 500 for his “extensive experience of cyber incidents and investigations” and Cybersecurity Docket as a member of the Incident Response 40, a collection of some of the “best and brightest” incident response attorneys in the country.

Scott Lindlaw is a Partner in the Washington, DC office. He advises clients on a wide range of crisis and positioning issues, including responding to and preparing for cyber-incidents. He also supports companies engaged in intellectual property and commercial litigation, antitrust matters and disputes with the government.

Scott is an attorney and veteran journalist. Before joining the firm, he practiced cybersecurity and intellectual property law at the firm Orrick, Herrington & Sutcliffe LLP.

For the last two years, Scott has been named to Business Insider's ""Top Public Relations Experts CEOs Scramble to Hire in a Crisis.""
Prior to his legal career, Scott was a reporter for The Associated Press for 16 years. He served for four years as an AP White House correspondent, covering President George W. Bush's first term; covered the statehouses in Providence, Rhode Island, and Sacramento, California; was part of a team nominated for a Pulitzer Prize for disaster coverage; and reported on the criminal and civil trials of O.J. Simpson.

Scott serves on the board of directors of the First Amendment Coalition, a nonprofit public interest organization dedicated to advancing free speech and more open and accountable government.
He earned his J.D. and his master's degree in journalism at the University of California, Berkeley and received a B.A. in English with a minor in public policy from the State University of New York at Buffalo.

Tony Kim represents clients across the full spectrum of advisory and enforcement matters implicating cybersecurity, data privacy, and consumer protection issues. Mr. Kim helps companies navigate crises to avoid legal, risk, and reputational landmines. He also defends clients in regulatory investigations and enforcement actions by the Federal Trade Commission (FTC) and State Attorneys General, as well as in consumer class actions.

Mr. Kim partners with stakeholders in legal, IT/infoSec, product, growth, engineering, marketing, investor relations, communications, the c-suite, and the board/audit committee across governance, compliance, and crisis management contexts.

Kate Hanniford is a partner on Alston & Bird’s Technology and Privacy, Cyber & Data Strategy teams. She focuses her practice on cybersecurity and privacy compliance and enforcement. Kate has provided advice on a range of cybersecurity topics, including compliance with various cybersecurity standards, managing cyber risk at all levels of the enterprise, cybersecurity governance, and responding appropriately to security incidents. She also actively monitors cybersecurity-related legislative and regulatory developments at the state and federal levels to provide advice on potential impacts.

Kate also assists securities-industry clients with compliance with SEC and FINRA rules and standards, including SEC (OCIE) examination preparation and enforcement matters as well as Reg SCI and cybersecurity preparedness. She is well-versed in the scale and complexity of incident response in highly regulated industries, having handled incident response for public issuer, broker-dealer, and investment adviser data security and privacy incidents as well as some of the largest healthcare breaches in recent years. The Best Lawyers in America? regularly recognizes Kate on its “Ones to Watch” list in the area of Technology Law.