3 Takeaways From NYSBA's 2019 Tech Summit
Hackers' Black Friday sales, the truth about smart speaker evidence, and how the phone is your best cybersecurity asset: Here's a wrap-up of the best insights from the first day of the New York State Bar Association 2019 Tech Summit.
September 20, 2019 at 11:07 AM
6 minute read
|
The first day of the New York State Bar Association 2019 Tech Summit included sessions on topics that spanned the gambit from the ways cybercriminals operate, simple solutions that firms can use to protect themselves from cyberthreats, and how to approach new forms of digital evidence.
While several sessions aimed to educate attorneys on today's tech and regulatory landscape, there were also many insights that would surprise even the most well-versed tech lawyer. Here are three highlights from the day one of the conference:
|High-Tech Threats, Low-Tech Solutions
From ransomware to deep fakes, cyberthreats are becoming more sophisticated and targeted. But speakers at the "Cybersecurity — Law Firm Hackers: Just Because You're Cyber-Paranoid, Doesn't Mean the Hackers Aren't Out to Get You!" session noted that protecting against these threats can be a simple, low-tech affair.
The solution comes down to relying more on manual authentication for digital communications. John Bandler, founder of the cybersecurity consulting firm Bandler Group, noted, "91% of all infections or cybercrime start with an email." And those emails are usually tied to things such as login credentials or wire transfers. "For anyone involved anywhere in the transfer of funds or the relaying of transfer instruction … you really need to know about that fraud," Bandler said.
Thankfully, confirming that an email or wire transfer is sent from, or goes to, the right party isn't a highly technical affair, but it does require some work. "Just the simple act of inconveniencing yourself to pick up the phone can solve an enormous amount of the problems" around wire transfer fraud and phishing scams, said Joseph DeMarco, a partner at DeVore & DeMarco.
|Cyberattacks Inc.
Cybercriminals attacking businesses around the country may know a few things about how their targets operate. And that's not just because they did their research. It's also because they have firsthand experience.
"They are … organized like a company and they operate like a business," said Deborah Snyder, New York state's chief information security officer, at the "Mega Trends and Cyber Predictions 2020 & Beyond — Perspective for Lawyers and Law Firms" session.
She noted that hackers who steal access credentials from targets are not always the ones exploiting that stolen information. "Generally speaking, what you'll see is the commoditization of access, so one group or one department within an organization will come after and phish your credentials. And they will sell them on the open dark market. … They even have Black Friday sales."
But it's not just stolen credentials that these cybercriminal businesses are selling. They're also offering hacking tool kits for which they provide ongoing support. "They're supporting phishing-as-a-service, malware-as-a-service, ransomware-as-a-service, [and] rent-a-bot [services] as though they were a product company supporting [its own software]," Snyder added.
The fact that cybercriminal businesses are able to build and maintain these types of businesses speaks to just how profitable, and successful, their attacks still are, and by extension how much more law firms and companies need to do to fully protect themselves.
"Even though [we are] shifting the dial in terms of awareness and the risk posed by cyberattacks … at the end of the day many people are still at the very low end of the maturity scale with regard to their [security] and understanding the impact on their reputation, products and bottom line," Snyder said.
|What Attorneys Need to Hear About Smart Speaker Data
A smart speaker that is potentially always listening can seem like a gold mine for those looking for concrete evidence for or against a claim. But legal professionals at the "Hey Siri, Hey Alexa … Is This Admissible?" panel noted that obtaining and using this evidence in court isn't always so clear-cut.
U.S. Magistrate Judge Lisa Margaret Smith from the U.S. District Court for the Southern District of New York noted that like other recordings, smart speaker content may be hard to decipher. "From my years as an assistant U.S. attorney, I reviewed hundreds, probably thousands, of surreptitious recordings that were made by informants in cases and I can assure you that … if there are other conversations around you, you can hear only a tiny bit of what is being said. If you want to use—affirmatively or defensively for your client—a conversation … you may have challenges in identifying what was being said and by whom."
While quality control can be an issue, some may take heart in the fact that the owner of a smart speaker devices may not always be able to fight against a requested search.
Shawndra Jones, senior counsel in the employment, labor and workforce management practice at Epstein Becker & Green, noted that in the 2018 New Hampshire v. Verrill case, a state court ruled that the defendant "didn't have standing to object to that motion to search." She explained, "This might have been [about] a request that this defendant made to Alexa, but the defendant didn't have standing because it was on Amazon's servers."
Still, going through tech companies to obtain smart speaker data is no walk in the park. Jones noted the tech companies that maintain such data can object to motions to search under privacy and First Amendment grounds, as Amazon did in the 2017 Arkansas v. Bates case.
Smith said such "privacy concerns are really fairly important to consider, and they are the kinds of arguments that are very attractive to judges, especially if you're talking about a third party whose voice may be on these recording devices."
Still, despite these privacy issues, Smith believes smart speaker data will be more prominent in courts in the years to come. "I think that starting to introduce this information in criminal cases is the tip of the iceberg, and using them in civil cases is going to be the norm not many years down the road," she said.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250