SlideShare a Scribd company logo

How to excel in handling your next cyber incident

Download as PPTX, PDF
Dan Michaluk
Dan Michaluk

cyber incident response basics presentation to non-technical audiences in Canada

Law
1 of 23
Presented By When it happens, will you be ready? How to excel in handling your next cyber incident Dan Michaluk March 2, 2020
Not just any Saturday 2 You just had sat down with a real page turner when you got the call. Campbell from IT went into the office after receiving a couple calls from staff who were not able to access e-mail or files from the file share. Campbell says that the e-mail server, file server and a number of other key servers are inaccessible. All he can see is a text file that contains a cryptic note about e-mailing a protonmail address to get access to the data. Campbell asks you what to do.
Not just any Saturday 3 What do you do: A. Tell Campbell to send an e-mail to the address and ask what needs to be done to restore access. B. Tell Campbell to do what he can to contain the incident, call the privacy commissioner to report a cyber attack and take their advice. C. Tell Campbell to do what he can to contain the incident and call the Board chair to give them a heads up that there’s been an attack. D. Tell Campbell to do what he can to contain the incident and call your insurer for a referral to expert help.
Agenda o Events, incidents “and breaches” o The incident response process o Incident response tips o The incident response plan How to excel in handling your next cyber incident 4
Events, incidents and “breaches”
o A security event is a possible problem that should be assessed o An security incident is a confirmed problem that needs to be managed through the incident response process • Cyber attack • A misconfiguration • An errant communication o A “breach” is a legal concept that relates to unauthorized access to information or loss, theft… Learn and use this helpful nomenclature Events, incidents and “breaches” 6
The incident response process
o Quickly re-establish baseline data security • Confidentiality (stop leakage and exposure) • Integrity (get bad actors out) • Availability (restore services) o To appropriately manage the legal risks of the incident, especially those arising out of data exposure o To foster leaning and security program improvement The objects The incident response process 8
o Stop the incident from getting worse o May involve • Disconnecting from the internet • Fixing a misconfiguration • Changing a password to a compromised account o Steps are taken immediately with available resources o Should not entail overwriting data to restore services, which can cause loss of evidence Step 1a – Contain (first few hours) The incident response process 9
o Don’t • Call the police • Call the privacy commissioner • Call the board chair o Do • Consult a lawyer • Who will retain one or more experts to help Step 1b – Get help (first few hours) The incident response process 10
o In a malware event this can become difficult quickly without expert guidance, with evidence being destroyed and more information being stolen o Can involve • Negotiating a ransom payment and the retrieval of decryption keys • Restoration coaching by expert • Installation of endpoint mentoring software tools to watch for signs of persistence Step 2 – Restore and secure (days two to four) The incident response process 11
o Starts with the gathering of digital evidence o Evidence is analyzed to answer two key questions: • How did this happen? • What data was exposed and how? o Not search for things you want to find, but there will often be a duty to conduct a duly diligent investigation o If the expert determines there has been no exposure, you will rest heavily on that conclusion in taking no father action Step 3a – Investigate (days four to…) The incident response process 12
o Mitigate all the harms and potential harms arising out of the incident, including reputational harms and harms to people o We do this primarily by communication • Media releases • Notification to affected individuals • Credit monitoring offerings • Reporting to law enforcement or sharing threat information o Keys to success • Timing – How fast is your “clock speed”? • Accuracy – Don’t misrepresent or take risks on making affirmative statements when you don’t know. Step 3b – Mitigate (days four to…) The incident response process 13
o Investigation is complete o Mitigation steps taken o Final remedial plan developed with an implementation plan • Take the “how” from the investigation report… • …and apply the “5 whys” • Develop a meaningful list of changes to address the root and next level causes o Assess your incident response process too! Step 4 – Learn and move on The incident response process 14
Incident response tips
o Use a small cross-functional team with the necessary experts who keeps the matter confidential o All communications outside the zone of confidence are approved o If a lawyer leads, communications to/from the lawyer will be privileged • Lawyer instructs experts for well-defined purpose that links to privilege • Substantive issues all brought to the lawyer for consideration • Communications between team members who are not lawyers are limited to what is factual and administrative Internal communication and privilege Incident response tips 16
o Don’t say “we value your privacy.” Show it. o Consider apologizing, but not profusely o Convey the facts that will be meaningful to those affected • What was exposed • For how long • To whom o Include a list of meaningful remedial measures o Beware of legal requirements for what must go in a notification letter Notifying and communicating Incident response tips 17
o Notification is generally based on exposure of personal information, not a security incident alone • Though an incident alone may lead you to engage in the sharing of threat information o There may be a statutory duty to notify (and report) o Or there may be another reason to notify • There’s a real potential for significant harm • The incident is known • The incident is likely to become known o Many organizations notify reactively, too quickly and without good reason When to notify Incident response tips 18
The incident response plan
o An “IRP” applies to all forms of security incidents o It is premised on the idea that incidents will occur and can be anticipated o It structures the response to save time and support optimal decision-making • Identifies the key processes and decisions • Puts information at hand • Provides decision-making authority Your response process should be embedded in a PLAN The incident response plan 20
o Frame out the process o Identify responsibilities o Append • Contact information for 24/7 contact • Pre-retained experts • Playbooks for certain expected scenarios o Create playbooks by running scenario based exercises What to put in the plan The incident response plan 21
Questions? Questions?
For more information, contact: The information contained herein is of a general nature and is not intended to constitute legal advice, a complete statement of the law, or an opinion on any subject. No one should act upon it or refrain from acting without a thorough examination of the law after the facts of a specific situation are considered. You are urged to consult your legal adviser in cases of specific questions or concerns. BLG does not warrant or guarantee the accuracy, currency or completeness of this presentation. No part of this presentation may be reproduced without prior written permission of Borden Ladner Gervais LLP. © 2020 Borden Ladner Gervais LLP. Borden Ladner Gervais is an Ontario Limited Liability Partnership. Thank You Dan Michaluk Partner 416.367.6097 dmichaluk@blg.com

Recommended

The internet as a corporate security resource
The internet as a corporate security resourceThe internet as a corporate security resource
The internet as a corporate security resourceDan Michaluk
 
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Dan Michaluk
 
Cyber, secrecy and the public body
Cyber, secrecy and the public bodyCyber, secrecy and the public body
Cyber, secrecy and the public bodyDan Michaluk
 
The pandemic and privacy
The pandemic and privacyThe pandemic and privacy
The pandemic and privacyDan Michaluk
 
Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice Dan Michaluk
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk GovernanceDan Michaluk
 
Building Cyber Resilience: No Safe Harbor
Building Cyber Resilience: No Safe HarborBuilding Cyber Resilience: No Safe Harbor
Building Cyber Resilience: No Safe HarborAdvanced Technology Consulting (ATC)
 
One hour cyber july 2013
One hour cyber july 2013One hour cyber july 2013
One hour cyber july 2013Dan Michaluk
 

Recommended

The internet as a corporate security resource
The internet as a corporate security resourceThe internet as a corporate security resource
The internet as a corporate security resourceDan Michaluk
 
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Dan Michaluk
 
Cyber, secrecy and the public body
Cyber, secrecy and the public bodyCyber, secrecy and the public body
Cyber, secrecy and the public bodyDan Michaluk
 
The pandemic and privacy
The pandemic and privacyThe pandemic and privacy
The pandemic and privacyDan Michaluk
 
Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice Dan Michaluk
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk GovernanceDan Michaluk
 
Building Cyber Resilience: No Safe Harbor
Building Cyber Resilience: No Safe HarborBuilding Cyber Resilience: No Safe Harbor
Building Cyber Resilience: No Safe HarborAdvanced Technology Consulting (ATC)
 
One hour cyber july 2013
One hour cyber july 2013One hour cyber july 2013
One hour cyber july 2013Dan Michaluk
 
Cyber class action claims at an inflection point
Cyber class action claims at an inflection pointCyber class action claims at an inflection point
Cyber class action claims at an inflection pointDan Michaluk
 
The Current State of FOI
The Current State of FOIThe Current State of FOI
The Current State of FOIDan Michaluk
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachJim Brashear
 
Aprio cybersecurity and board information
Aprio cybersecurity and board informationAprio cybersecurity and board information
Aprio cybersecurity and board informationAprio
 
How to manage a data breach
How to manage a data breachHow to manage a data breach
How to manage a data breachDan Michaluk
 
Cyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCapri Insurance
 
Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Dan Michaluk
 
Studentsat Risk Managingon Campus Violence
Studentsat Risk Managingon Campus ViolenceStudentsat Risk Managingon Campus Violence
Studentsat Risk Managingon Campus ViolenceDan Michaluk
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyTechSoup Canada
 
Cas cyber prez
Cas cyber prezCas cyber prez
Cas cyber prezDan Michaluk
 
Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Dan Michaluk
 
Cybersecurity and data loss - It's not just about lost USB keys today
Cybersecurity and data loss - It's not just about lost USB keys todayCybersecurity and data loss - It's not just about lost USB keys today
Cybersecurity and data loss - It's not just about lost USB keys todayDan Michaluk
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2TechSoup Canada
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for CybersecurityShawn Tuma
 
New York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsNew York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsShawn Tuma
 
Cyber Risks
Cyber RisksCyber Risks
Cyber RisksRickWaldman
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Next Dimension Inc.
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability PresentationSean Graham
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber riskStephen Cobb
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityStephen Cobb
 
Critical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityCritical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityDan Michaluk
 
Cybersecurity and the regulator, what you need to know
Cybersecurity and the regulator, what you need to knowCybersecurity and the regulator, what you need to know
Cybersecurity and the regulator, what you need to knowCordium
 

More Related Content

What's hot

Cyber class action claims at an inflection point
Cyber class action claims at an inflection pointCyber class action claims at an inflection point
Cyber class action claims at an inflection pointDan Michaluk
 
The Current State of FOI
The Current State of FOIThe Current State of FOI
The Current State of FOIDan Michaluk
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachJim Brashear
 
Aprio cybersecurity and board information
Aprio cybersecurity and board informationAprio cybersecurity and board information
Aprio cybersecurity and board informationAprio
 
How to manage a data breach
How to manage a data breachHow to manage a data breach
How to manage a data breachDan Michaluk
 
Cyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCapri Insurance
 
Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Dan Michaluk
 
Studentsat Risk Managingon Campus Violence
Studentsat Risk Managingon Campus ViolenceStudentsat Risk Managingon Campus Violence
Studentsat Risk Managingon Campus ViolenceDan Michaluk
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyTechSoup Canada
 
Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Dan Michaluk
 
Cybersecurity and data loss - It's not just about lost USB keys today
Cybersecurity and data loss - It's not just about lost USB keys todayCybersecurity and data loss - It's not just about lost USB keys today
Cybersecurity and data loss - It's not just about lost USB keys todayDan Michaluk
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2TechSoup Canada
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for CybersecurityShawn Tuma
 
New York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsNew York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsShawn Tuma
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Next Dimension Inc.
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability PresentationSean Graham
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber riskStephen Cobb
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityStephen Cobb
 

What's hot (20)

Cyber class action claims at an inflection point
Cyber class action claims at an inflection pointCyber class action claims at an inflection point
Cyber class action claims at an inflection point
 
The Current State of FOI
The Current State of FOIThe Current State of FOI
The Current State of FOI
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
 
Aprio cybersecurity and board information
Aprio cybersecurity and board informationAprio cybersecurity and board information
Aprio cybersecurity and board information
 
How to manage a data breach
How to manage a data breachHow to manage a data breach
How to manage a data breach
 
Cyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutions
 
Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Cyber legal update oct 7 2015
Cyber legal update oct 7 2015
 
Studentsat Risk Managingon Campus Violence
Studentsat Risk Managingon Campus ViolenceStudentsat Risk Managingon Campus Violence
Studentsat Risk Managingon Campus Violence
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacy
 
Cas cyber prez
Cas cyber prezCas cyber prez
Cas cyber prez
 
Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016
 
Cybersecurity and data loss - It's not just about lost USB keys today
Cybersecurity and data loss - It's not just about lost USB keys todayCybersecurity and data loss - It's not just about lost USB keys today
Cybersecurity and data loss - It's not just about lost USB keys today
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
 
New York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsNew York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity Regulations
 
Cyber Risks
Cyber RisksCyber Risks
Cyber Risks
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability Presentation
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise Security
 

Similar to How to excel in handling your next cyber incident

Critical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityCritical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityDan Michaluk
 
Cybersecurity and the regulator, what you need to know
Cybersecurity and the regulator, what you need to knowCybersecurity and the regulator, what you need to know
Cybersecurity and the regulator, what you need to knowCordium
 
Role of a breach coach
Role of a breach coachRole of a breach coach
Role of a breach coachDan Michaluk
 
Data Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachData Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachFinancial Poise
 
SIA Tas Safety Symposium 2017: Workplace incident response options, alternati...
SIA Tas Safety Symposium 2017: Workplace incident response options, alternati...SIA Tas Safety Symposium 2017: Workplace incident response options, alternati...
SIA Tas Safety Symposium 2017: Workplace incident response options, alternati...Penelope Toth
 
The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)Kroll
 
Incident ResponseAs a security professional, you will.docx
Incident ResponseAs a security professional, you will.docx Incident ResponseAs a security professional, you will.docx
Incident ResponseAs a security professional, you will.docxMARRY7
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team SportQuarles & Brady
 
2022 Rea & Associates' Cybersecurity Conference
2022 Rea & Associates' Cybersecurity Conference 2022 Rea & Associates' Cybersecurity Conference
2022 Rea & Associates' Cybersecurity Conference Rea & Associates
 
Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideCybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideJoAnna Cheshire
 
GlobalCollect Data Breach Factsheet
GlobalCollect Data Breach FactsheetGlobalCollect Data Breach Factsheet
GlobalCollect Data Breach FactsheetIngenico ePayments
 
CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...
CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...
CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...Financial Poise
 
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoMark John Lado, MIT
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...- Mark - Fullbright
 
Experion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsExperion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsPeter Henley
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitKevin Duffey
 
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Joe Bartolo
 
Law Firm Security: How to Protect Your Client Data and Stay Compliant
Law Firm Security: How to Protect Your Client Data and Stay CompliantLaw Firm Security: How to Protect Your Client Data and Stay Compliant
Law Firm Security: How to Protect Your Client Data and Stay CompliantClio - Cloud-Based Legal Technology
 

Similar to How to excel in handling your next cyber incident (20)

Critical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityCritical Issues in School Board Cyber Security
Critical Issues in School Board Cyber Security
 
Cybersecurity and the regulator, what you need to know
Cybersecurity and the regulator, what you need to knowCybersecurity and the regulator, what you need to know
Cybersecurity and the regulator, what you need to know
 
Role of a breach coach
Role of a breach coachRole of a breach coach
Role of a breach coach
 
Data Breach Response: Before and After the Breach
Data Breach Response: Before and After the BreachData Breach Response: Before and After the Breach
Data Breach Response: Before and After the Breach
 
SIA Tas Safety Symposium 2017: Workplace incident response options, alternati...
SIA Tas Safety Symposium 2017: Workplace incident response options, alternati...SIA Tas Safety Symposium 2017: Workplace incident response options, alternati...
SIA Tas Safety Symposium 2017: Workplace incident response options, alternati...
 
The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)
 
Incident ResponseAs a security professional, you will.docx
Incident ResponseAs a security professional, you will.docx Incident ResponseAs a security professional, you will.docx
Incident ResponseAs a security professional, you will.docx
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team Sport
 
2022 Rea & Associates' Cybersecurity Conference
2022 Rea & Associates' Cybersecurity Conference 2022 Rea & Associates' Cybersecurity Conference
2022 Rea & Associates' Cybersecurity Conference
 
Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideCybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guide
 
GlobalCollect Data Breach Factsheet
GlobalCollect Data Breach FactsheetGlobalCollect Data Breach Factsheet
GlobalCollect Data Breach Factsheet
 
CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...
CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...
CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...
 
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John Lado
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...
 
Experion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsExperion Data Breach Response Excerpts
Experion Data Breach Response Excerpts
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal Toolkit
 
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
 
What to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breachWhat to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breach
 
Law Firm Security: How to Protect Your Client Data and Stay Compliant
Law Firm Security: How to Protect Your Client Data and Stay CompliantLaw Firm Security: How to Protect Your Client Data and Stay Compliant
Law Firm Security: How to Protect Your Client Data and Stay Compliant
 

More from Dan Michaluk

Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxEcno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxDan Michaluk
 
Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)Dan Michaluk
 
Higher Education Sexual Violence Presentation
Higher Education Sexual Violence PresentationHigher Education Sexual Violence Presentation
Higher Education Sexual Violence PresentationDan Michaluk
 
Union access to information
Union access to informationUnion access to information
Union access to informationDan Michaluk
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsDan Michaluk
 
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy UpdateAdvocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy UpdateDan Michaluk
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam ComplianceDan Michaluk
 
PHIPA for school boards
PHIPA for school boardsPHIPA for school boards
PHIPA for school boardsDan Michaluk
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam ComplianceDan Michaluk
 
Finding internet evidence
Finding internet evidenceFinding internet evidence
Finding internet evidenceDan Michaluk
 
Sexual Assault in Higher Education - Law Policy and Practice
Sexual Assault in Higher Education - Law Policy and PracticeSexual Assault in Higher Education - Law Policy and Practice
Sexual Assault in Higher Education - Law Policy and PracticeDan Michaluk
 
Student Conduct Investigations - Examining Evidence and Determining Credibiliity
Student Conduct Investigations - Examining Evidence and Determining CredibiliityStudent Conduct Investigations - Examining Evidence and Determining Credibiliity
Student Conduct Investigations - Examining Evidence and Determining CredibiliityDan Michaluk
 
Privacy and breaches in health care - a legal update
Privacy and breaches in health care - a legal updatePrivacy and breaches in health care - a legal update
Privacy and breaches in health care - a legal updateDan Michaluk
 
Cacuss 2015 sexual violence
Cacuss 2015 sexual violenceCacuss 2015 sexual violence
Cacuss 2015 sexual violenceDan Michaluk
 
Responding to Data Breaches
Responding to Data BreachesResponding to Data Breaches
Responding to Data BreachesDan Michaluk
 

More from Dan Michaluk (15)

Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxEcno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
 
Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)
 
Higher Education Sexual Violence Presentation
Higher Education Sexual Violence PresentationHigher Education Sexual Violence Presentation
Higher Education Sexual Violence Presentation
 
Union access to information
Union access to informationUnion access to information
Union access to information
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analytics
 
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy UpdateAdvocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
 
PHIPA for school boards
PHIPA for school boardsPHIPA for school boards
PHIPA for school boards
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
 
Finding internet evidence
Finding internet evidenceFinding internet evidence
Finding internet evidence
 
Sexual Assault in Higher Education - Law Policy and Practice
Sexual Assault in Higher Education - Law Policy and PracticeSexual Assault in Higher Education - Law Policy and Practice
Sexual Assault in Higher Education - Law Policy and Practice
 
Student Conduct Investigations - Examining Evidence and Determining Credibiliity
Student Conduct Investigations - Examining Evidence and Determining CredibiliityStudent Conduct Investigations - Examining Evidence and Determining Credibiliity
Student Conduct Investigations - Examining Evidence and Determining Credibiliity
 
Privacy and breaches in health care - a legal update
Privacy and breaches in health care - a legal updatePrivacy and breaches in health care - a legal update
Privacy and breaches in health care - a legal update
 
Cacuss 2015 sexual violence
Cacuss 2015 sexual violenceCacuss 2015 sexual violence
Cacuss 2015 sexual violence
 
Responding to Data Breaches
Responding to Data BreachesResponding to Data Breaches
Responding to Data Breaches
 

Recently uploaded

Transferable and Non-Transferable Property.pptx
Transferable and Non-Transferable Property.pptxTransferable and Non-Transferable Property.pptx
Transferable and Non-Transferable Property.pptx2020000445musaib
 
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...Finlaw Associates
 
pnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptx
pnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptxpnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptx
pnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptxPSSPRO12
 
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual serviceanilsa9823
 
INVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptxINVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptxnyabatejosphat1
 
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxCOPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxRRR Chambers
 
一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书E LSS
 
Relationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdfRelationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdfKelechi48
 
THE FACTORIES ACT,1948 (2).pptx labour
THE FACTORIES ACT,1948 (2).pptx labourTHE FACTORIES ACT,1948 (2).pptx labour
THE FACTORIES ACT,1948 (2).pptx labourBhavikaGholap1
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsAurora Consulting
 
Shubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptxShubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptxShubham Wadhonkar
 
Chp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .pptChp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .pptzainabbkhaleeq123
 
一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书 一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书SS A
 
PowerPoint - Legal Citation Form 1 - Case Law.pptx
PowerPoint - Legal Citation Form 1 - Case Law.pptxPowerPoint - Legal Citation Form 1 - Case Law.pptx
PowerPoint - Legal Citation Form 1 - Case Law.pptxca2or2tx
 
The doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statuteThe doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statuteDeepikaK245113
 
Municipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptx
Municipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptxMunicipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptx
Municipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptxSHIVAMGUPTA671167
 
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptxPamelaAbegailMonsant2
 
Essentials of a Valid Transfer.pptxmmmmmm
Essentials of a Valid Transfer.pptxmmmmmmEssentials of a Valid Transfer.pptxmmmmmm
Essentials of a Valid Transfer.pptxmmmmmm2020000445musaib
 

Recently uploaded (20)

Transferable and Non-Transferable Property.pptx
Transferable and Non-Transferable Property.pptxTransferable and Non-Transferable Property.pptx
Transferable and Non-Transferable Property.pptx
 
Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...
Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...
Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...
 
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
 
pnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptx
pnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptxpnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptx
pnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptx
 
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual service
 
INVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptxINVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptx
 
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxCOPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
 
一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书
 
Relationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdfRelationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdf
 
Russian Call Girls Rohini Sector 6 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...
Russian Call Girls Rohini Sector 6 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...Russian Call Girls Rohini Sector 6 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...
Russian Call Girls Rohini Sector 6 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...
 
THE FACTORIES ACT,1948 (2).pptx labour
THE FACTORIES ACT,1948 (2).pptx labourTHE FACTORIES ACT,1948 (2).pptx labour
THE FACTORIES ACT,1948 (2).pptx labour
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction Fails
 
Shubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptxShubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptx
 
Chp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .pptChp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .ppt
 
一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书 一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书
 
PowerPoint - Legal Citation Form 1 - Case Law.pptx
PowerPoint - Legal Citation Form 1 - Case Law.pptxPowerPoint - Legal Citation Form 1 - Case Law.pptx
PowerPoint - Legal Citation Form 1 - Case Law.pptx
 
The doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statuteThe doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statute
 
Municipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptx
Municipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptxMunicipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptx
Municipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptx
 
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
 
Essentials of a Valid Transfer.pptxmmmmmm
Essentials of a Valid Transfer.pptxmmmmmmEssentials of a Valid Transfer.pptxmmmmmm
Essentials of a Valid Transfer.pptxmmmmmm
 

How to excel in handling your next cyber incident

  • 1. Presented By When it happens, will you be ready? How to excel in handling your next cyber incident Dan Michaluk March 2, 2020
  • 2. Not just any Saturday 2 You just had sat down with a real page turner when you got the call. Campbell from IT went into the office after receiving a couple calls from staff who were not able to access e-mail or files from the file share. Campbell says that the e-mail server, file server and a number of other key servers are inaccessible. All he can see is a text file that contains a cryptic note about e-mailing a protonmail address to get access to the data. Campbell asks you what to do.
  • 3. Not just any Saturday 3 What do you do: A. Tell Campbell to send an e-mail to the address and ask what needs to be done to restore access. B. Tell Campbell to do what he can to contain the incident, call the privacy commissioner to report a cyber attack and take their advice. C. Tell Campbell to do what he can to contain the incident and call the Board chair to give them a heads up that there’s been an attack. D. Tell Campbell to do what he can to contain the incident and call your insurer for a referral to expert help.
  • 4. Agenda o Events, incidents “and breaches” o The incident response process o Incident response tips o The incident response plan How to excel in handling your next cyber incident 4
  • 6. o A security event is a possible problem that should be assessed o An security incident is a confirmed problem that needs to be managed through the incident response process • Cyber attack • A misconfiguration • An errant communication o A “breach” is a legal concept that relates to unauthorized access to information or loss, theft… Learn and use this helpful nomenclature Events, incidents and “breaches” 6
  • 8. o Quickly re-establish baseline data security • Confidentiality (stop leakage and exposure) • Integrity (get bad actors out) • Availability (restore services) o To appropriately manage the legal risks of the incident, especially those arising out of data exposure o To foster leaning and security program improvement The objects The incident response process 8
  • 9. o Stop the incident from getting worse o May involve • Disconnecting from the internet • Fixing a misconfiguration • Changing a password to a compromised account o Steps are taken immediately with available resources o Should not entail overwriting data to restore services, which can cause loss of evidence Step 1a – Contain (first few hours) The incident response process 9
  • 10. o Don’t • Call the police • Call the privacy commissioner • Call the board chair o Do • Consult a lawyer • Who will retain one or more experts to help Step 1b – Get help (first few hours) The incident response process 10
  • 11. o In a malware event this can become difficult quickly without expert guidance, with evidence being destroyed and more information being stolen o Can involve • Negotiating a ransom payment and the retrieval of decryption keys • Restoration coaching by expert • Installation of endpoint mentoring software tools to watch for signs of persistence Step 2 – Restore and secure (days two to four) The incident response process 11
  • 12. o Starts with the gathering of digital evidence o Evidence is analyzed to answer two key questions: • How did this happen? • What data was exposed and how? o Not search for things you want to find, but there will often be a duty to conduct a duly diligent investigation o If the expert determines there has been no exposure, you will rest heavily on that conclusion in taking no father action Step 3a – Investigate (days four to…) The incident response process 12
  • 13. o Mitigate all the harms and potential harms arising out of the incident, including reputational harms and harms to people o We do this primarily by communication • Media releases • Notification to affected individuals • Credit monitoring offerings • Reporting to law enforcement or sharing threat information o Keys to success • Timing – How fast is your “clock speed”? • Accuracy – Don’t misrepresent or take risks on making affirmative statements when you don’t know. Step 3b – Mitigate (days four to…) The incident response process 13
  • 14. o Investigation is complete o Mitigation steps taken o Final remedial plan developed with an implementation plan • Take the “how” from the investigation report… • …and apply the “5 whys” • Develop a meaningful list of changes to address the root and next level causes o Assess your incident response process too! Step 4 – Learn and move on The incident response process 14
  • 16. o Use a small cross-functional team with the necessary experts who keeps the matter confidential o All communications outside the zone of confidence are approved o If a lawyer leads, communications to/from the lawyer will be privileged • Lawyer instructs experts for well-defined purpose that links to privilege • Substantive issues all brought to the lawyer for consideration • Communications between team members who are not lawyers are limited to what is factual and administrative Internal communication and privilege Incident response tips 16
  • 17. o Don’t say “we value your privacy.” Show it. o Consider apologizing, but not profusely o Convey the facts that will be meaningful to those affected • What was exposed • For how long • To whom o Include a list of meaningful remedial measures o Beware of legal requirements for what must go in a notification letter Notifying and communicating Incident response tips 17
  • 18. o Notification is generally based on exposure of personal information, not a security incident alone • Though an incident alone may lead you to engage in the sharing of threat information o There may be a statutory duty to notify (and report) o Or there may be another reason to notify • There’s a real potential for significant harm • The incident is known • The incident is likely to become known o Many organizations notify reactively, too quickly and without good reason When to notify Incident response tips 18
  • 20. o An “IRP” applies to all forms of security incidents o It is premised on the idea that incidents will occur and can be anticipated o It structures the response to save time and support optimal decision-making • Identifies the key processes and decisions • Puts information at hand • Provides decision-making authority Your response process should be embedded in a PLAN The incident response plan 20
  • 21. o Frame out the process o Identify responsibilities o Append • Contact information for 24/7 contact • Pre-retained experts • Playbooks for certain expected scenarios o Create playbooks by running scenario based exercises What to put in the plan The incident response plan 21
  • 23. For more information, contact: The information contained herein is of a general nature and is not intended to constitute legal advice, a complete statement of the law, or an opinion on any subject. No one should act upon it or refrain from acting without a thorough examination of the law after the facts of a specific situation are considered. You are urged to consult your legal adviser in cases of specific questions or concerns. BLG does not warrant or guarantee the accuracy, currency or completeness of this presentation. No part of this presentation may be reproduced without prior written permission of Borden Ladner Gervais LLP. © 2020 Borden Ladner Gervais LLP. Borden Ladner Gervais is an Ontario Limited Liability Partnership. Thank You Dan Michaluk Partner 416.367.6097 dmichaluk@blg.com

Editor's Notes

  1. Dan Michaluk Privacy and data security lawyer at BLG Cyber incident response … Important topic now Not if but when Readiness is important … Not going to make you an IR expert here Objectives -know what to do right away -encourage you to get ready and get help when you need it -encourage you to learn more
  2. Start with a sceanrio
  3. We’ll address the answer in a moment
  4. Here’s the agenda I’ve left some cushion for questions so feel free to ask I’ll watch the timing as we go
  5. Topic 1 of 4
  6. I think language matters And clients struggle with it All security problems first present as some vague sign of trouble I don’t think I sent that e-mail Why don’t I have access to this service Some will call it a breach at that point…. Others will be smart enough to call it a potential breach There is some helpful language endorsed by the National Institute of Science and Technology Event – many, many events Incident – these are what get escalated and formally managed NIST doesn’t use the term “breach” Developed into a legal term used in Canadian privacy law Much narrower, typically can’t be discovered without significant investigation Unauthorized access to personal information Loss or theft of personal information
  7. Part 2 of 4 Walk you through the incident response process This is my own …. -you’ll see different models -NIST model -Also SANS Incident -Those models start with preparation -I’m going to jump right on -My interpretation of the process -It’s similar and valid
  8. Three facets of data security – or attributes of secure data Get it back to “situation normal” … Then clean up the mess … Then reflect and learn Four steps -contain and get help -restore and secure -investigate and mitigate -learn and move on
  9. STEP 1 – CONTAIN AND GET HELP -broken into a and b because they can happen simultaneously -both should happen in the first few hours … -contain… IT issue -most IT teams will have enough knowledge to contain
  10. MOST PEOPLE WILL CALL TO GET HELP -don’t know who to call -pitch to call a lawyer experience in cyber response -or your insurer, who will certainly connect you with a lawyer experienced in cyber response -will slow you down and stop you from doing things you can’t undue -delete evidence that you may need -talk to third-parties too before you know what to say -talk to third-parties and say things that are damaging -report to the privacy commissioner is not privileged… can’t never take it back -now I’m working with that as the starting point
  11. -incident response experts do 100s of these every quarter -versus your IT staff WRONG WAY -people who don’t get help tend to stall out here -it’s hard to do network restoration – malware is “polymorphic” and persistent -two risks….. -destroying evidence -failing to secure the network RIGHT WAY -secure and restore network under watchful eye of an expert -benefits = safe & speedy -special options -paying ransom -installation of endpoint monitoring
  12. -gather digital evidence at the same time as securing the network -log data -some full forensic images of devices Two questions -not so much why… why comes at end -forensics should give you the mechanics of the intrusion -and hopefully what data was exposed and how
  13. My own view – meet those objectives with the minimal amount of text
  14. Use the process in this slide deck and add a little meat to the bones Contain and seek help -who’s responsible for it -and what if that person isn’t available -what can they do without seeking approval -what shouldn’t they do without seeking approval -who to call – at what number