Learnings from the 2017 Incident Response Forum

Learnings from the 2017 Incident Response Forum

The highlights of the sessions are an interpretation by InfoArmor and not necessarily those of any government agencies or representatives.

The second annual (and only forum of its kind) Incident Response Forum held true to form by providing informative and interactive panel discussions without death by PowerPoint and it proved to be thought provoking with open and lively conversations.

Counsel as Quarterback

Speakers: David Fontaine, Luke Dembosky, Matthew Fitzsimmons, Kimberly Peretti and Ronald Yearwood

Synopsis: Kimberly stressed the importance of legal being involved from the onset of investigations, before it’s been validated as an official issue. She and the group went on to cite examples of information security team’s exhausting investigations, sans counsel, while not understanding the potential legal ramifications. Further discussed was the need for Incident Response Plans to incorporate a discussion about how the organization will engage law enforcement for various cyber issues. Ronald Yearwood, with the FBI, shared their organizations desire to be viewed as a partner to victim companies. Overall, there was strong group sentiment that culture should be open and IT should have confidence that an alert to legal was welcomed and wouldn’t result in job loss come Monday morning.

Managing Financial Firm Data Breaches

Speakers: Philip Khinda, Stephanie Avakian, Bradley Bennett, Justin Root

Synopsis: The SEC wants to ensure fair, full and accurate disclosure of events to all stakeholders. It’s imperative to understand your specific statutes and that just because you suffered a malware event does not necessarily mean you have a data breach, but should notify the SEC and partner with them throughout the process. M&A firms are becoming more of a target as the possibility exists to harness data to exploit the market. There was also a discussion that Individual liability of executives will be a big discussion in the coming year.

Managing Retail Data Breaches

Speakers: Bret Padres, Paul Luehr, Maneesha Mithal and Doug Meal

Synopsis: Retailers need to review their agreements with card processers to better understand their potential liability. The FTC has shown that their desire is to not bring action in matters where the affected party showed good will and met requirements but where policies and procedures are not followed. There was a substantial discussion of the potential conflict of interest under PCI (Payment Card Industry) standards where an organization suffering an event is required to engage a PFI (PCI Forensic Investigator) who reports their findings to the council. The MasterCard edict where the PFI is no longer allowed to share, or report, their findings to the organization suffering the event and paying the bill is going to cause issues as some reports don’t contain all necessary evidence. Mr. Meal went also shared that his clients are imminently innocent of any wrong doing.

Healthcare Data Breaches

Speakers: Edward McNicolas, Ted Kobus, Darren Lacey and Erik Rassmussen

Synopsis: Each of the participants shared their perspective of healthcare organizations being a prime target due to the massive amount of data aggregation and multitude of egress points of data. CISO’s have shared they are more concerned today with hackers vs. Regulators. The OCR (Office of Civil Rights) is increasing its relentless drive to push hard on investigations, penalties and fine. Mr. Kobus noted a change in what hackers were searching for as he has seen in increase in the value of identity information based on the type of data stolen to be sold.

Breaches Across Boarders

Speakers: David Fagan, Nicholas Oldham, Liisa Thomas, David Lashway and Stephen Reynolds

Synopsis: External counsel was touted as a must have when dealing with events across boarders as the complexity extends much further than reading the statutes vs. understanding the nuances of how to manage notice. Noteworthy, was a conversation about calibrating the risk of missing a notification deadline as opposed to notifying all regulators correctly and in unison. The Stored Communications Act needs congressional legislative clarity following the recent 2nd Circuit’s split decision. Liisa provided some insight into GDPR’s 72-hour notification statute, that it doesn’t need to be your biggest concern if your organization is working with law enforcement and that it will often delay your ability to notify with good reason.

National Security & Cyber Attacks

Speakers: Anthony Scaramucci, John Carlin, Major General Charles Dunlap, Susan Hennessey, Aaron Hughes and Ben Powell

Synopsis: The tone of the session was that Russia was our biggest national security risk, State Sponsored hacking of the public and private sector is on the rise as extortion is profitable and that organizations should perform IP assessments to secure/ encrypt data at rest. There is a substantial need for security standards of IoT devices. Most notable was the discussion and fact that there are more than 100 countries with their own cyber warfare divisions and the insider threat is as great as careless employees. Culture is a continual risk that requires serious attention.

CISO Spotlight on Incident Response

Speakers: Benjamin Eason, Ken Davidson, Mark Lohman and Joe Segreti

Synopsis: The group stressed the imperative for preparedness and table top exercises. When working through an investigation the group stressed the need of evidence collection as a full-time position and that it should be taken off the plate of the actual investigator to ensure data capture is complete. There was an additional discussion on the importance of including legal in the investigation as well as ensuring your organization creates a relationship with local and federal law enforcement.

Data Breach Risk Management, Remediation Best Practices and Cyber Insurance Issues

Speakers: Scott Godes, Steve Bunnell, Tara McGraw Swaminatha and Luke Tenery

Synopsis: One of your first calls should include your broker/ insurer. Best quote of the day cited from Rahm Emanuel “Never let a good crisis go to waste”. If your organization has suffered a minor event, it’s imperative to leverage the event to get everyone involved and prepared for the next because it’s likely to be bigger. Also discussed was the fact that bad actors often return for more, sometimes more than a year after their initial access to your systems. Training and table top exercises were discussed again as well as understanding how important documentation is. Scott shared how important it is for organizations to better understand how their current insurance policies will react or will not react to various types of cyber perils.


About InfoArmor, Inc.

InfoArmor provides industry-leading solutions for employee identity protection and advanced threat intelligence to help organizations protect their most valuable assets.  We combine an unparalleled global research network with big data analysis, actionable intelligence and customized service to meet clients’ dynamic security needs. From employee to enterprise, InfoArmor is redefining how organizations fight fraud and combat an ever-changing cyber threat landscape to mitigate risk on multiple levels. Today, more than 800 businesses and government agencies, including 70+ of the Fortune 500, use PrivacyArmor, the industry leading employee identity protection solution, or VigilanteATI, our award-winning advanced threat intelligence platform to improve their data security posture. For more information, visit InfoArmor.com or follow in Twitter at @InfoArmor.








Leave a Reply

Your email address will not be published. Required fields are marked *