Attention:
Card image cap

Ransomware Attacks - CISO and Other Personal Liability Pitfalls


Level: Intermediate
Runtime: 51 minutes
Recorded Date: January 18, 2024
Click here to share this program
Printer-Friendly Version
Closed Caption

Agenda

  • CISO’s Role in Incident Response
  • CISO Challenges
  • Governmental Entity CISOs
  • How Can CISOs Protect Themselves?
  • The SEC and CISO Liability
  • Incident Response Preparedness
  • Takeaways

For NY - Difficulty Level: Both newly admitted and experienced attorneys

Description

In this panel from the annual ""Incident Response Forum Ransomware"" event, cybersecurity law experts discuss ransomware attacks and personal liability issues. The panel stresses the importance of involving legal counsel early on to mitigate risks. CISOs may face individual liability for data security incidents, requiring understanding and protection. Collaboration between legal counsel, CISOs, and executives during ransomware attacks is crucial to avoid blame and manage incidents effectively. Executives must be actively involved in decision-making, understand legal liability, and learn from past cases like Uber and SolarWinds. The SEC's case against SolarWinds raise questions about preventing state-sponsored attacks and individual accountability. Cybersecurity professionals face liability risks due to communication pitfalls and resource constraints. Cooperation with law enforcement is encouraged. CISOs must focus on timely reporting, stakeholder involvement, and clear communication to protect against personal liability during ransomware incidents, emphasizing that cybersecurity is a collective responsibility.

Provided By

Card image cap Securities Docket
Card image cap

Panelists

Card image cap

Edward R. McNicholas

Partner
Ropes & Gray

Edward R. McNicholas is a co-leader of Ropes & Gray privacy & cybersecurity practice. He represents technologically sophisticated clients facing complex data, privacy, and cybersecurity issues in litigation, investigative, and counseling matters. His clients include financial institutions, technology companies, insurance companies, branded pharma companies, healthcare providers, and e-commerce and other retailers. Ed has significant experience with investigations and class action litigation related to cybersecurity incidents, as well as enforcement actions by the FTC, state Attorneys General, the SEC, OCR, Data Protection Authorities outside of the U.S., and other government agencies. He leads internal investigation and litigation matters that frequently involve complex, multi-jurisdictional, and multi-national litigation issues, particularly federal court jurisdictional and constitutional concerns related to the First and Fourth Amendments. Ed has experience dealing with Internet and information law matters involving data breaches, ransomware, online brand protection, trade secrets, social media, e-commerce, and national security issues. Ed also advises clients on the full range of federal, state and foreign privacy and data security requirements including in the areas of financial privacy, health care privacy, communications privacy, ad-tech, cybersecurity, and national security. Ed’s counseling practice also includes other areas of technology law, such as electronic surveillance, cloud computing, the Internet of Things, trade secrets, online advertising, social media and big data/data science. He frequently helps companies design global data governance programs to allow for efficient data transfers across corporate entities governed by multiple privacy regimes, such as US privacy laws, including the Gramm Leach Bliley Act, HIPAA, and the California Consumer Privacy Act (CCPA), as well as the EU’s General Data Protection Regulation (GDPR) and the various privacy and cybersecurity regimes in China and across Asia. Ed previously served as an Associate Counsel to President Clinton. In that capacity, he advised senior White House staff regarding various Independent Counsel, congressional and grand jury investigations. Ed has developed unique experience representing clients in the midst of media-driven legal challenges. His crisis management skills are particularly useful in coordinating the swirl of complex litigation, congressional hearings, and federal and state investigations that can follow from major privacy and cybersecurity incidents. Ed is a frequent commentator on privacy, data security, and information law issues and has written extensively on various information law and civil liberties topics for a variety of publications. He is the lead editor of the PLI treatise, Cybersecurity: A Practical Guide to the Law of Cyber Risk.

Card image cap

Timothy Howard

Partner
Freshfields Bruckhaus Deringer

Tim Howard is a partner in the New York office, where his practice focuses on white collar and government regulatory investigations, with special attention to cybersecurity, data breaches, and cryptocurrency. Tim is an accomplished trial lawyer and investigator, having managed significant white-collar cases across a wide range of disciplines, including securities and investment fraud, tax fraud, Foreign Corrupt Practices Act (FCPA) violations, cyber intrusions, health care fraud, consumer fraud, and government contracting fraud. At Freshfields, Tim has advised a variety of clients on complex cross-border data breach incidents including managing incident response, forensic investigation and engagement with US and international regulators, DOJ and SEC white collar investigations, and advising companies on artificial intelligence, ephemeral messaging, cyber governance, and other data security risks.
Tim joined Freshfields from the United States Attorney’s Office for the Southern District of New York, where he spent nearly 12 years in varied roles, most recently as Chief of the Complex Frauds and Cybercrime Unit. At SDNY, Tim tried and supervised 17 trials to verdict. Tim also spent a year on detail to the Department of Justice's National Security Division, where he served as National Coordinator for the National Security Cyber Specialist Network, through which he coordinated the national program of investigations into nation state-sponsored cyberattacks across all 94 U.S. Attorney's Offices.

Card image cap

John Carlin

Partner
Paul Weiss

John P. Carlin is co-head of Paul Weiss’s Cybersecurity & Data Protection practice and a deeply accomplished litigator who advises industry-leading organizations on matters involving privacy and cybersecurity, crisis management, Committee on Foreign Investment in the United States (CFIUS), sanctions and export control, white collar defense and internal investigations. He has served as a top-level official in both Republican and Democratic administrations, including as the Acting Deputy Attorney General of the United States, as the top national security official for the U.S. Department of Justice, as the Chief of Staff of the FBI and as an experienced Assistant United States Attorney. Mr. Carlin has been featured or cited as a leading authority on cyber and economic espionage matters by numerous major media outlets, including The New York Times, The Washington Post, The Wall Street Journal, The Los Angeles Times, USA Today, CBS’s 60 Minutes, NBC’s Meet the Press, PBS’s Newshour, ABC’s Nightline and Good Morning America, NPR, CNN and Vanity Fair, among others.
Appointed Acting Deputy Attorney General and then Principal Associate Deputy Attorney General to Deputy Attorney General Lisa Monaco (January 2021-July 2022), John occupied “one of the most powerful and under-the-radar posts in the Justice Department,” according to The New York Times, advising on major prosecutions, such as the January 6 investigation, and other top DOJ priorities, including FBI oversight, cryptocurrency theft and investigations of actors known to have helped Russia evade sanctions. He also played a pivotal role in instituting the DOJ’s current approach to cybersecurity, national security and corporate criminal enforcement.

Card image cap

Jennifer Beckage

Partner
The Beckage Firm

Jennifer A. Beckage, Esq., CIPP/US, CIPP/E is a former tech business owner, former public company executive over tech products, recognized for the last six years as one of the Top 50 Data Breach Lawyers in the US, a Best Lawyer in America?, multiple year recipient of SuperLawyer? designation for technology and litigation, and counsel to some of the globe’s largest organizations, brands, not-for-profits, celebrities, high-net-worth individuals, and Fortune 100 companies. As noted in a recent feature on her in SuperLawyers, Beckage's career trajectory is a testament to reinvention and innovation, which she leverages to help her clients also reinvent and innovate within their own organizations. Law firm founder Beckage focuses her law practice on innovation and technology, with a recognized focus on data security and privacy and incident response. Throughout her legal career, she has responded to numerous headline-making, national and international cybersecurity incidents and counseled organizations of all sizes. Beckage is a frequent contributor to the global conversation surrounding crisis response, speaking at several legal and cybersecurity industry events. She also is interviewed by global media on topics related to technology, crisis response, and data security. Beckage is a Certified Information Privacy Professional, United States (CIPP/US) and Certified Information Privacy Professional, Europe (CIPP/E). She also received MIT "Artificial Intelligence: Implications for Business Strategy" Certification in 2020. Prior to her legal career, Beckage owned and led technology companies, one of which she helped lead to the sale to a publicly traded company. That telecommunications company retained her as an executive overseeing cutting-edge technical products and services and operations.

Card image cap

David Aaron

Senior Counsel
Perkins Coie

David Aaron is a former federal prosecutor with the U.S. Department of Justice (DOJ), National Security Division and a former Manhattan Assistant District Attorney. His experience includes investigating and litigating cases involving Espionage Act violations, malicious cyber activity such as data breaches and destructive attacks, economic espionage, insider threats, undisclosed foreign government influence, and export control violations.
In addition to the Espionage Act and Economic Espionage Act, David possesses deep knowledge of the Computer Fraud and Abuse Act (CFAA), Electronic Communication Privacy Act (ECPA), and related data security and privacy authorities including the Foreign Intelligence Surveillance Act (FISA). David has substantial experience working with the Federal Bureau of Investigation (FBI), the U.S. Department of Defense (DoD), and the U.S. Intelligence Community.
While serving as a national security attorney, David advised senior leadership on security threats and developed and implemented data privacy compliance programs.
Among other distinctions, David was the recipient of multiple Assistant Attorney General’s Awards and two Attorney General’s Awards for Distinguished Service. He holds a Certified Information Privacy Professional/United States (CIPP/US) certification, was a fellow in Advanced Cyber Studies at the Center for Strategic and International Studies and in the Center for Biosecurity’s Emerging Leaders in Biosecurity Initiative, and earned a master’s degree in cybersecurity from Brown University, where he received the Master’s Award for Professional Excellence.


Card image cap

Similar Courses

Card image cap
64 minutes
"I Am Not a Cat" Proceedings in a Virtual World
Besides becoming a pop-culture catchphrase, how has the shift to a virtual environment impacted proceedings over the last year, and what changes do you believe are here to stay? Our panel of experts will examine some of the greatest challenges, faux pas, and successes in virtual proceedings over the course of this transformative time.

Women, Influence & Power in Law Conference

$65

Add to Cart
Card image cap
63 minutes
2021: The Year of the ELM
Panelists will clarify what constitutes an ELM platform, examine its unique and compelling capabilities, and discuss its strategic and tactical advantages, particularly those stemming from data-driven insights and machine-driven decision making. Attendees will gain a clear understanding of the significance of the emergence of ELM solutions, what firms and law departments can achieve with ELM platform, and practical and ethical considerations related to adopting an ELM solution.

Legalweek

$65

Add to Cart
Card image cap
118 minutes
A Comprehensive Guide on Non-Fungible Tokens (NFTs): Managing Potentials and Perils
In this program, a panel of thought leaders and practitioners assembled by The Knowledge Group will discuss the recent trends and significant challenges surrounding NFTs and the associated legal landscape, including helpful insights to avoid potential risks.">In this program, a panel of thought leaders and practitioners assembled by The Knowledge Group will discuss the recent trends and significant challenges surrounding NFTs and the associated legal landscape, including helpful insights to avoid potential risks.

The Knowledge Group

$165

Add to Cart
Card image cap
85 minutes
A Practical Guide in Drafting Data Privacy and Security Agreements: Mitigating Data Security Breach Risks
Listen as experienced data security attorneys Kenneth Dort (Faegre Drinker Biddle & Reath LLP) and Melissa Krasnow (VLP Law Group LLP) provide a comprehensive discussion of the latest trends, developments, and critical issues surrounding data privacy and security agreements. They will, among other things, offer practical tips and strategies for drafting these provisions in light of recent developments and the current legal landscape.

The Knowledge Group

$115

Add to Cart
Previous Next