Attention:
Card image cap

Ransomware Attacks - The SEC, NYDFS and Other Regulatory Trends


Level: Intermediate
Runtime: 45 minutes
Recorded Date: January 18, 2024
Click here to share this program
Printer-Friendly Version
Closed Caption

Agenda

        • Cyber Breach
                - SEC New Rules
                - NYDFS New Rules
        • Operational Resilience
        • Communication after a Cyber Breach
        • Reporting to the FBI
        • Defining Materiality
        • Advice for Firms
        • Complying with Risk Assessment
        • CISO Liability

For NY - Difficulty Level: Both newly admitted and experienced attorneys

Description

In this panel from the annual "Incident Response Forum Ransomware" event, cybersecurity law experts discuss how the rise of ransomware attacks has spurred regulatory bodies such as the SEC and NYDFS to intensify their scrutiny. This has in turn necessitated swift and transparent reporting of data breaches by corporations and organizations, and the need for stringent adherence to legal requirements.

Cybersecurity experts discuss sector-specific trends in industries such as finance, retail, and healthcare, underlining the imperative for compliance. The panel examines how legal professionals can play a pivotal role by conducting thorough risk assessments to establish privilege and mitigate regulatory risks effectively. Amidst evolving threats, clear and balanced communication is key for stakeholders, ensuring informed decision-making and maintaining trust in the face of cyber crises.

Provided By

Card image cap Securities Docket
Card image cap

Panelists

Card image cap

Sara Sendek

Managing Director
FTI Consulting

Sara Sendek is a Managing Director in the Cybersecurity & Data Privacy Communications practice and a cybersecurity communications expert with more than 15 years of experience in strategic communications and media relations.

Ms. Sendek provides communications counsel on cyber incident response and preparedness measures and has worked on some of the largest cyber incidents in recent years. She has experience navigating a variety of complex cyber incidents involving data theft and extortion, nation-state actors and advanced persistent threats (“APTs”), insider threats and more.

Ms. Sendek previously served as the director of public affairs for the Cybersecurity & Infrastructure Security Agency (“CISA”). In this role, Ms. Sendek oversaw CISA’s media relations operation, played a key role in the 2020 election security efforts, and was a lead in the federal government response efforts to the SolarWinds compromise.

Ms. Sendek also served as the former White House director of rapid response during the Bush Administration and, more recently, spent time on the Aspen Institute’s Commission on Information Disorder. She currently serves as a member of the United States Secret Service’s Cyber Investigations Advisory Board.

Card image cap

Erez Leibermann

Partner
Debevoise & Plimpoton LLP

Erez Liebermann is a litigation partner and a member of the firm’s Data Strategy & Security Group. His practice focuses on advising major businesses on a wide range of complex, high-impact cyber incident response matters and on data-related regulatory requirements.

With decades of experience in data issues as a litigator, federal prosecutor and senior in-house counsel at a global financial services company, combined with technical training as an aerospace engineer, Mr. Liebermann regularly advises clients at the C-suite and board level on building strategies to reduce their data-related regulatory and reputational risks, and on navigating high-profile investigations following cyber incidents. He is also widely acknowledged as a leading cybersecurity and data privacy professional and is ranked among the leading lawyers by Chambers Global (2024), Chambers USA (2023) and The Legal 500 (2023). Clients note that he is “very talented” and “one of the most intelligent attorneys, [and] very practical and great to work with.”

Prior to joining Debevoise, Mr. Liebermann co-chaired the U.S. cybersecurity and privacy practice of another international law firm where he advised companies on a broad range of data privacy and cybersecurity issues. Before that, Mr. Liebermann served as Chief Counsel of Cybersecurity & Privacy at Prudential, where he led the company’s legal, regulatory and investigative matters on cyber, privacy, data science and artificial intelligence, including advising the company’s senior management and board. In addition to his role as counsel, Mr. Liebermann built and managed Prudential’s global technical incident response, threat intelligence and threat hunting team.

Before that, Mr. Liebermann spent 10 years investigating and prosecuting global cyber and white-collar crimes as Deputy Chief of the Criminal Division of the U.S. Attorney’s Office for the District of New Jersey. He also served as Chief of the Computer Hacking and Intellectual Property Section, and National Security Cyber Specialist where he led groundbreaking cyber prosecutions, including the largest credit card hacking case charged to date, US v. Vladimir Drinkman et al., relating to hacks into 7-Eleven, JC Penney, Heartland Payment Systems, Hannaford Brothers, Visa, Jet Blue, and others. He also prosecuted a group of individuals for leading a stock pump and dump scheme facilitated by a global botnet. He received the Attorney General’s Distinguished Service Award for the Drinkman prosecution. His cases are featured in numerous television shows and the WSJ podcast, Hack Me If You Can.

In 2023, Mr. Liebermann was appointed by the Chief Justice of the New Jersey Supreme Court to serve on the Court’s AI Committee and is Vice Chair of the Association of Law Insurance Counsel’s Data and Technology Section. He is also on the Department of Treasury’s Cybersecurity Public Affairs Committee. He was formerly a member of the New York State Cybersecurity Advisory Board and was on the Cybersecurity and Policy Committees of the Financial Services Sector Coordinating Counsel. He is an Adjunct Professor at the University of Texas School of Law – Austin, teaching Cyber Incident Response, and a Fellow for the NYU Tandem’s Cybersecurity program.

Earlier in his career, Mr. Liebermann served as a law clerk to Chief Justice Deborah Portiz of the New Jersey Supreme Court and U.S. District Court Judge Faith Hochberg in Newark.

Mr. Liebermann received his J.D. from Columbia Law School in 1999 and his B.S. in aerospace engineering from the University of Virginia in 1996.

Card image cap

Eric Gyasi

Counsel
Baker & Hostetler LLP

Eric B. Gyasi provides proactive and strategic guidance to help clients address cybersecurity enterprise risk management, and he leads clients through the response to security incidents. Eric is uniquely qualified to help clients navigate the legal and business risk issues at the intersection of incident response and cybersecurity regulatory enforcement due to his legal acumen paired with his crisis communications and digital forensics background. A strategic thinker valued for his business-minded judgment, Eric advises boards of directors regarding the duty of oversight related to cybersecurity and the executive management team on compliance with complex regulatory requirements in a risk-informed manner.

Eric shepherds clients through cybersecurity incidents including network breaches, ransomware attacks, wire transfer fraud, business email compromises, financial crimes, corporate espionage and state-sponsored critical infrastructure intrusions. He leads and manages digital forensic investigations; develops and implements tailored cyber incident response strategies; prepares and drafts regulatory, government and shareholder disclosures; and crafts crisis communication strategies.

Eric is an active and engaged thought leader in the cybersecurity and data privacy industry. Designated as a Certified Information Privacy Professional (CIPP/US) by the International Association of Privacy Professionals (IAPP), he is frequently called upon to present seminars and CLEs to industry groups on evolving cybersecurity issues and other key digital forensic issues. He is a member of the Sedona Conference and a contributing author to Working Group 11 – Data Security and Privacy Liability.

Card image cap

David Navetta, Esq.

Partner
Cooley LLP

David Navetta is a prominent leader in privacy, information security and technology law. He has extensive experience counseling clients on novel and cutting-edge data protection issues, including data breach response, cybersecurity risk management, consumer and employee privacy, incident response planning and preparedness, technology transactions, vendor management, board of director advice and consultation, regulatory investigations, litigation and due diligence in corporate transactions. David serves as a "breach coach" on an approved panel for numerous cyber insurance carriers and companies, and he has helped some of the world’s leading corporations to effectively respond to complex data security breaches and protect their enterprise. David’s clients range from startups to large Fortune 500 multinationals across a range of industries, including e-commerce, consumer products, name-brand traditional brick-and-mortar, hotels and hospitality, social media, technology, professional services, healthcare, financial institutions and energy.

David has served as a leader and integral member of a Chambers USA-ranked law firm he co-founded. He is known for his leadership and extensive experience in privacy and data protection law and is recognized by Chambers USA as a leading lawyer for privacy & data security from 2020 – 2023, by Legal 500 USA as a leading lawyer for international litigation and data protection & privacy from 2016 – 2020, as well as by WWL: Data in the area of Information Technology and Data Privacy & Protection. He is also a Certified Information Privacy Professional (CIPP/US) through the International Association of Privacy Professionals.

David’s diverse legal experiences over his career have provided him with a unique perspective and pragmatic approach to enterprise security, including serving as the former US co-chair of Norton Rose Fulbright’s data protection, privacy and cybersecurity practice group; his own entrepreneurial endeavor co-founding InfoLawGroup LLP; former assistant general counsel for AIG’s eBusiness Risk Solutions Group in New York for over three years; former co-chair of the American Bar Association's Information Security Committee and former chairman of the organization’s Contracting & Risk Management Working Group; and former co-chair of PCI’s Legal Risk and Liability Working Group.

David speaks and writes frequently concerning technology, privacy and data security legal issues, and is frequently cited as an expert in the press and otherwise.


Card image cap

Similar Courses

Card image cap
85 minutes
A Practical Guide in Drafting Data Privacy and Security Agreements: Mitigating Data Security Breach Risks
Listen as experienced data security attorneys Kenneth Dort (Faegre Drinker Biddle & Reath LLP) and Melissa Krasnow (VLP Law Group LLP) provide a comprehensive discussion of the latest trends, developments, and critical issues surrounding data privacy and security agreements. They will, among other things, offer practical tips and strategies for drafting these provisions in light of recent developments and the current legal landscape.

The Knowledge Group

$115

Add to Cart
Card image cap
49 minutes
A.I. and Cyber-Incident Response: The Latest Network Defenses, Monitoring and Countermeasures
AI is being increasingly used in cybersecurity, creating new challenges for incident responders, but also offering opportunities for quicker identification and security issue prevention. As such, it is crucial for CISOs to embrace AI for defense against bad actors while also considering the legal and security implications of its usage.

Securities Docket

$75

Add to Cart
Card image cap
58 minutes
Accounting Fraud & SEC Investigations: Recent Enforcement Initiatives and Compliance Issues
As the SEC’s enforcement activities continue to ramp up and the regulatory landscape remains uncertain, businesses must stay updated and be well-versed on any grounds that would result in potential liability risks. Join experienced regulatory and compliance practitioners as they provide a comprehensive discussion on the recent SEC enforcement actions and considerations for fostering an ethical culture and reducing compliance risks. Speakers, among other things, will also offer best practices and effective compliance strategies amidst the ever-changing legal landscape.

The Knowledge Group

$75

Add to Cart
Card image cap
61 minutes
Act Like a Lawyer, Think Like a Cyber Professional
Our expert panelists will cover topics such as legal and regulatory frameworks for cybersecurity, data protection laws, incident response planning, and risk management. Participants will leave with a better understanding of the legal and technical considerations involved in cybersecurity, enabling them to make informed decisions that protect their organizations from cyber threats.

Women, Influence & Power in Law Conference

$65

Add to Cart
Previous Next