Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, was a guest lecturer on this topic at Columbia University for the Executive Masters of Technology Management Program on November 21, 2020.
The document discusses network security and defines security as freedom from risk, danger, doubt or fear. It then discusses why security is needed to protect information and systems, who is vulnerable like banks and internet service providers, and common security attacks such as denial of service attacks, firewalls used as a countermeasure, and intrusion detection systems.
The Role of Contracts in Privacy, Cybersecurity, and Data BreachShawn Tuma
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, presented on this topic at the 2020 Texas Bar CLE's Making and Breaking Iron-Clad Contracts course in Austin, Texas on March 6, 2020.
Standardizing and Strengthening Security to Lower CostsOpenDNS
Your managed service includes anti-virus, an email filter and a firewall. So why do you still find yourself wasting resources on cleaning up and re-imaging infected customer endpoints? Learn how top MSPs are lowering costs, gaining efficiencies and fueling growth by leveraging cloud-delivered predictive security.
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourYasser Mohammed
1) The document outlines five steps to take when an organization experiences a "Zero Hour", which is when sensitive data is at risk due to a security breach or hack. The five steps are: understand your data and where it is stored; evaluate and update data security policies; plan your data breach response; check cyber liability insurance coverage; and assess information security representations to clients.
2) It stresses the importance of understanding what sensitive data an organization has, where it is located, and having updated security policies. It also recommends planning an internal response team and external partners to contact in the event of a breach.
3) Organizations should also check what cybersecurity incidents their insurance policies cover and ensure security claims to clients
The document discusses ethical hacking training provided by Cetpa Infotcch Pvt. Ltd. It explains the need for security as networks become more interconnected and vulnerable. It defines the difference between an ethical hacker and a regular hacker, with the former helping to improve security by finding weaknesses. The training covers topics like types of hackers, famous hackers, skills required, security elements, setting up an ethical hacking lab, understanding the victim, attack modes, hacking phases, system hacking techniques like password cracking and viruses, countermeasures, email hacking, phishing, keyloggers and tracing emails. It also lists Cetpa's office locations in Roorkee, Noida, Lucknow and Dehradun.
Making Threat Management More ManageableIBM Security
With significant breaches of personal and corporate data being announced on a near-regular cadence, there is even more value in understanding both how the dynamic attack chain really works, and what tools your organization can use to disrupt it. From break-in to exfiltration, follow along step-by-step to understand how easy it is for attackers to infiltrate your network and steal sensitive data. Learn what technologies you can use to combat these threats and contain the impact of a breach, and determine what protection strategy you should encompass to make threat management more manageable.
View the full on-demand webcast:http://securityintelligence.com/events/making-threat-management-manageable/#.VMvYyPMo6Mp
An Introduction to Information SecurityEvan Francen
A recent presentation given by FRSecure at the Action, Inc. Data Security Event on August 17th, 2011. This presentation was delivered by FRSecure president, Evan Francen CISSP CISM CCSK
The document discusses network security and defines security as freedom from risk, danger, doubt or fear. It then discusses why security is needed to protect information and systems, who is vulnerable like banks and internet service providers, and common security attacks such as denial of service attacks, firewalls used as a countermeasure, and intrusion detection systems.
The Role of Contracts in Privacy, Cybersecurity, and Data BreachShawn Tuma
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, presented on this topic at the 2020 Texas Bar CLE's Making and Breaking Iron-Clad Contracts course in Austin, Texas on March 6, 2020.
Standardizing and Strengthening Security to Lower CostsOpenDNS
Your managed service includes anti-virus, an email filter and a firewall. So why do you still find yourself wasting resources on cleaning up and re-imaging infected customer endpoints? Learn how top MSPs are lowering costs, gaining efficiencies and fueling growth by leveraging cloud-delivered predictive security.
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourYasser Mohammed
1) The document outlines five steps to take when an organization experiences a "Zero Hour", which is when sensitive data is at risk due to a security breach or hack. The five steps are: understand your data and where it is stored; evaluate and update data security policies; plan your data breach response; check cyber liability insurance coverage; and assess information security representations to clients.
2) It stresses the importance of understanding what sensitive data an organization has, where it is located, and having updated security policies. It also recommends planning an internal response team and external partners to contact in the event of a breach.
3) Organizations should also check what cybersecurity incidents their insurance policies cover and ensure security claims to clients
The document discusses ethical hacking training provided by Cetpa Infotcch Pvt. Ltd. It explains the need for security as networks become more interconnected and vulnerable. It defines the difference between an ethical hacker and a regular hacker, with the former helping to improve security by finding weaknesses. The training covers topics like types of hackers, famous hackers, skills required, security elements, setting up an ethical hacking lab, understanding the victim, attack modes, hacking phases, system hacking techniques like password cracking and viruses, countermeasures, email hacking, phishing, keyloggers and tracing emails. It also lists Cetpa's office locations in Roorkee, Noida, Lucknow and Dehradun.
Making Threat Management More ManageableIBM Security
With significant breaches of personal and corporate data being announced on a near-regular cadence, there is even more value in understanding both how the dynamic attack chain really works, and what tools your organization can use to disrupt it. From break-in to exfiltration, follow along step-by-step to understand how easy it is for attackers to infiltrate your network and steal sensitive data. Learn what technologies you can use to combat these threats and contain the impact of a breach, and determine what protection strategy you should encompass to make threat management more manageable.
View the full on-demand webcast:http://securityintelligence.com/events/making-threat-management-manageable/#.VMvYyPMo6Mp
An Introduction to Information SecurityEvan Francen
A recent presentation given by FRSecure at the Action, Inc. Data Security Event on August 17th, 2011. This presentation was delivered by FRSecure president, Evan Francen CISSP CISM CCSK
This document discusses advanced threat protection and FortiSandbox. It notes that prevention techniques sometimes fail, so detection and response tools are needed to reduce the time it takes to find, investigate, and remediate incidents. Sandboxing is introduced as an effective technique that runs suspicious objects in a contained virtual environment to analyze behavior and uncover threats. FortiSandbox is highlighted as a solution that integrates with FortiGate and other Fortinet products to provide detection, analysis, and sharing of threat intelligence across the network to improve security.
The document discusses CETPA's ethical hacking training. It covers why security is needed due to increased vulnerability from interconnected networks. It defines the difference between an ethical hacker and a regular hacker, with ethical hackers trying to find weaknesses to improve security versus hackers aiming to compromise systems. The document outlines the skills required to be an ethical hacker and discusses various hacking techniques like reconnaissance, scanning, exploitation and maintaining access. It also covers local and remote attacks as well as social engineering. Specific hacking methods like password cracking, viruses, Trojans and keyloggers are explained. The document provides information on setting up an ethical hacking lab and understanding the victim's systems and networks. It also discusses countermeasures to different attacks.
The document discusses an anatomy of a cyber attack and Cisco's cloud security solutions. It begins with an overview of the stages of a typical cyber attack from initial reconnaissance through wide-scale expansion. It then provides examples of Locky and Wannacry ransomware attacks and how Cisco Umbrella and Cloudlock can help prevent them. The document concludes by explaining how Cisco Umbrella provides secure internet access and Cisco Cloudlock provides visibility and control over cloud applications, users, accounts, and data.
The document discusses various common computer network attacks and exploits. It provides descriptions of denial of service attacks, distributed denial of service attacks, backdoors, spoofing, man-in-the-middle attacks, replay attacks, session hijacking, DNS poisoning, password guessing, software exploits, war dialing, war driving, buffer overflows, SYN floods, ICMP floods, UDP floods, smurfing, sniffing, ping of death attacks and more. It also discusses implementing network security through identifying assets, threats, risk assessment, security policies, technical implementation, auditing and continuous improvement.
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension Inc.
Duwayne Watson, a Cisco specialist from Ingram Micro, showcases various Data Security and Protection solutions such as: AMP, Umbrella, and CloudLock. These solutions can help your business remain compliant with PIPEDA legislation.
David Bianco - Enterprise Security Monitoringbsidesaugusta
The document discusses enterprise security monitoring and intel-driven detection. It outlines the benefits of aggregating data across an organization to improve visibility and detection capabilities. It then describes how indicators can be used for attribution, detection, profiling, and prediction of threats. Various detection options are evaluated like Snort, HIPS, and MIR for their ability to detect scenarios in the kill chain using available indicators.
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
Shawn Tuma, a professional "breach guide" (aka, breach quarterback, coach, privacy counsel, etc), is an attorney who has practiced in cyber law since 1999. His day job as Co-Chair of Spencer Fane LLP's Data Privacy and Cybersecurity Practice is leading companies through the cyber incident response and recovery process. In this presentation, he provides a virtual tabletop exercise explaining the lifecycle of responding to a typical ransomware attack through a detailed timeline.
The audio for this presentation, in podcast form, is here: https://www.secureworldexpo.com/resources/podcast-ransomware-attack-lifecycle
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Shawn Tuma
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, presented on this topic at the 2020 Dallas Baptist University Reimagine Technology Conference course in Dallas, Texas on November 18, 2020.
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
Spencer Fane LLP Cybersecurity and Data Privacy attorney Shawn Tuma delivered "The Legal Case for Cyber Risk Management Programs and What They Should Include" at the Texas Society of Certified Public Accountants' TSCPA CPE 2018 CPE Expo Conference on November 30, 2018, in Addison, Texas.
The document outlines 10 actions to take in the event of a ransomware cyber attack, in the following order:
1. Contact your IT department to alert them of the ransomware message and disconnect the affected computer from the network to prevent spreading.
2. Document all decisions made and actions taken to help investigators understand what occurred.
3. Notify your incident response team and senior leadership to engage your response plan and specialists.
4. Contact your insurance broker for guidance on recovery and claims processes.
5. Call your privacy attorney for guidance on data breach notification compliance.
6. Engage IT forensics to investigate the attack and assess damage.
7. Communicate with affected individuals about the attack details
Diagnosis SOC-Atrophy: What To Do When Your SOC Is SickPriyanka Aash
The document discusses diagnosing and treating a sick security operations center (SOC). It identifies common symptoms of a sick SOC including alert fatigue, high staff turnover, and long adversary dwell times. The document outlines steps to improve SOC maturity, such as eliminating alert fatigue through threat intelligence-led detection, implementing a living incident response plan, and continuous process improvement to reduce adversary dwell times. The goal is to evolve the SOC along a maturity curve to a healthy state characterized by intelligence-led approaches, continuous learning, and short dwell times.
Real World Cyber Risk. Understand it. Manage it.Shawn Tuma
Renaissance Executive Forums 2019 CEO Summit presentation by Shawn E. Tuma, Co-Chair, Data Privacy & Cybersecurity Group, Spencer Fane, LLP
March 7, 2019
Dallas, Texas
Aon Ransomware Response and Mitigation StrategiesCSNP
The document provides an overview of Aon's ransomware response and mitigation strategies based on their experiences responding to ransomware incidents for clients. It discusses trends they have seen in ransomware attacks, including common infection vectors and techniques used by attackers. The document also outlines Aon's incident response process, including forensic data collection and analysis, containment activities, and eradication strategies. Finally, it proposes a proactive mitigation strategy developed by Aon that includes establishing network baselines, understanding existing security controls, and developing a security reference architecture.
2022 Rea & Associates' Cybersecurity Conference Rea & Associates
The speaker discusses changes to the Cybersecurity Maturity Model Certification (CMMC) program over the past year, including changes to the CMMC model, rules, and the organization administering the program. Voluntary assessments are now taking place and the CMMC ecosystem of assessors, trainers, and consultants is developing. Remaining challenges include high costs of compliance, legal consequences, reciprocity between government agencies, and issues with cloud computing. The speaker stresses the importance of ethics and offers that help is available for organizations navigating CMMC requirements.
Recover your files from Ransomware - Ransomware Incident Response by TictacTicTac Data Recovery
In this presentation we explain how we can help you if you have been hit by Ransomware. We can handle any ransomware family and we can help you recovery your files and continue with your business as fast as possible. Also we can perform forensic investigations and protect your infrastructure from future incidents. https://tictaclabs.com https://tictac.gr
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
The cybersecurity landscape is rapidly evolving, with new threats and threat actors emerging, and traditional security operations centers (SOCs) need to be augmented accordingly. This session will detail the journey of du in building and continually enhancing its SOC, physically and philosophically, to best deal with attack detection (offensively and defensively) and response.
(Source: RSA Conference USA 2017)
The document summarizes key statistics about data loss incidents in 2013, including that over 2,000 incidents exposed over 800 million records. It outlines the typical stages companies go through after an incident and laws requiring preparation and response. The document provides a self-assessment for companies and best practices around security, forensics, communications, and international considerations for responding to a data breach. It emphasizes that companies should plan for an incident as regulatory requirements and costs can be significant for unprepared organizations.
Using Data Analytics to Find and Deter Procure to Pay FraudFraudBusters
FRN combines the high quality, authoritative anti-fraud and audit content from the leading providers, AuditNet ® LLC and White-Collar Crime 101 LLC/FraudAware.
The two entities designed FRN as the “go-to”, easy-to-use source of “how-to” fraud prevention, detection, audit and investigation templates, guidelines, policies, training programs (recorded no CPE and live with CPE) and articles from leading subject matter experts.
FRN is a continuously expanding and improving resource, offering auditors, fraud examiners, controllers, investigators and accountants a content-rich source of cutting-edge anti-fraud tools and techniques they will want to refer to again and again.
White-Collar Crime Fighter Newsletter Subscribe Now at No Cost!
FraudResourceNet has made the premier Anti-Fraud newsletter, White-Collar Crime Fighter freely available to all. All this is required is to complete the registration form with your work email address!
The widely read newsletter, White-Collar Crime Fighter brings you expert strategies and actionable advice from the most prominent experts in the fraud-fighting business. Every two months you'll learn about the latest frauds, scams and schemes... and the newest and most effective fraud-fighting tools, techniques and technologies to put to work immediately to protect your organization.
When it comes to fraud, knowledge of the countless schemes, how they work and red flags to look for will help keep you, your organization and your clients safe.
At FraudResourceNet we understand this and take great pride in providing our FREE White Collar Crime Fighter newsletter -- filled with exclusive articles and tips to provide the knowledge you need.
Make sure you stay informed. Sign up for White Collar Crime Fighter newsletter and we’ll keep you up-to-date on special promos, training opportunities, and other news and offers from FraudResourceNet!
Signing up is easy and FREE. If you have not already subscribed to our newsletter, please sign up to get started!
Sign up for the White Collar Crime Fighter Newsletter (a $99 value ... now completely FREE)
The document discusses software piracy, including how pirates obtain and distribute pirated software, the security methods used by software companies, and common targets of piracy. It notes that pirates try to crack security methods like disk identification and license activation in order to generate keys that allow unauthorized use of software. Pirates then make the cracked software available as torrent files online for others to download and copy illegally. The document also briefly outlines some legal punishments for software piracy.
COVID-19 free penetration tests by Pentest-Tools.comPentest-Tools.com
We offered companies free penetration tests so they could improve their security and better cope with the emerging cyberattacks.
The report covers top security issues we found and experts' recommendations to avoid attacks that disrupt businesses.
This document discusses advanced threat protection and FortiSandbox. It notes that prevention techniques sometimes fail, so detection and response tools are needed to reduce the time it takes to find, investigate, and remediate incidents. Sandboxing is introduced as an effective technique that runs suspicious objects in a contained virtual environment to analyze behavior and uncover threats. FortiSandbox is highlighted as a solution that integrates with FortiGate and other Fortinet products to provide detection, analysis, and sharing of threat intelligence across the network to improve security.
The document discusses CETPA's ethical hacking training. It covers why security is needed due to increased vulnerability from interconnected networks. It defines the difference between an ethical hacker and a regular hacker, with ethical hackers trying to find weaknesses to improve security versus hackers aiming to compromise systems. The document outlines the skills required to be an ethical hacker and discusses various hacking techniques like reconnaissance, scanning, exploitation and maintaining access. It also covers local and remote attacks as well as social engineering. Specific hacking methods like password cracking, viruses, Trojans and keyloggers are explained. The document provides information on setting up an ethical hacking lab and understanding the victim's systems and networks. It also discusses countermeasures to different attacks.
The document discusses an anatomy of a cyber attack and Cisco's cloud security solutions. It begins with an overview of the stages of a typical cyber attack from initial reconnaissance through wide-scale expansion. It then provides examples of Locky and Wannacry ransomware attacks and how Cisco Umbrella and Cloudlock can help prevent them. The document concludes by explaining how Cisco Umbrella provides secure internet access and Cisco Cloudlock provides visibility and control over cloud applications, users, accounts, and data.
The document discusses various common computer network attacks and exploits. It provides descriptions of denial of service attacks, distributed denial of service attacks, backdoors, spoofing, man-in-the-middle attacks, replay attacks, session hijacking, DNS poisoning, password guessing, software exploits, war dialing, war driving, buffer overflows, SYN floods, ICMP floods, UDP floods, smurfing, sniffing, ping of death attacks and more. It also discusses implementing network security through identifying assets, threats, risk assessment, security policies, technical implementation, auditing and continuous improvement.
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension Inc.
Duwayne Watson, a Cisco specialist from Ingram Micro, showcases various Data Security and Protection solutions such as: AMP, Umbrella, and CloudLock. These solutions can help your business remain compliant with PIPEDA legislation.
David Bianco - Enterprise Security Monitoringbsidesaugusta
The document discusses enterprise security monitoring and intel-driven detection. It outlines the benefits of aggregating data across an organization to improve visibility and detection capabilities. It then describes how indicators can be used for attribution, detection, profiling, and prediction of threats. Various detection options are evaluated like Snort, HIPS, and MIR for their ability to detect scenarios in the kill chain using available indicators.
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
Shawn Tuma, a professional "breach guide" (aka, breach quarterback, coach, privacy counsel, etc), is an attorney who has practiced in cyber law since 1999. His day job as Co-Chair of Spencer Fane LLP's Data Privacy and Cybersecurity Practice is leading companies through the cyber incident response and recovery process. In this presentation, he provides a virtual tabletop exercise explaining the lifecycle of responding to a typical ransomware attack through a detailed timeline.
The audio for this presentation, in podcast form, is here: https://www.secureworldexpo.com/resources/podcast-ransomware-attack-lifecycle
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Shawn Tuma
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, presented on this topic at the 2020 Dallas Baptist University Reimagine Technology Conference course in Dallas, Texas on November 18, 2020.
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
Spencer Fane LLP Cybersecurity and Data Privacy attorney Shawn Tuma delivered "The Legal Case for Cyber Risk Management Programs and What They Should Include" at the Texas Society of Certified Public Accountants' TSCPA CPE 2018 CPE Expo Conference on November 30, 2018, in Addison, Texas.
The document outlines 10 actions to take in the event of a ransomware cyber attack, in the following order:
1. Contact your IT department to alert them of the ransomware message and disconnect the affected computer from the network to prevent spreading.
2. Document all decisions made and actions taken to help investigators understand what occurred.
3. Notify your incident response team and senior leadership to engage your response plan and specialists.
4. Contact your insurance broker for guidance on recovery and claims processes.
5. Call your privacy attorney for guidance on data breach notification compliance.
6. Engage IT forensics to investigate the attack and assess damage.
7. Communicate with affected individuals about the attack details
Diagnosis SOC-Atrophy: What To Do When Your SOC Is SickPriyanka Aash
The document discusses diagnosing and treating a sick security operations center (SOC). It identifies common symptoms of a sick SOC including alert fatigue, high staff turnover, and long adversary dwell times. The document outlines steps to improve SOC maturity, such as eliminating alert fatigue through threat intelligence-led detection, implementing a living incident response plan, and continuous process improvement to reduce adversary dwell times. The goal is to evolve the SOC along a maturity curve to a healthy state characterized by intelligence-led approaches, continuous learning, and short dwell times.
Real World Cyber Risk. Understand it. Manage it.Shawn Tuma
Renaissance Executive Forums 2019 CEO Summit presentation by Shawn E. Tuma, Co-Chair, Data Privacy & Cybersecurity Group, Spencer Fane, LLP
March 7, 2019
Dallas, Texas
Aon Ransomware Response and Mitigation StrategiesCSNP
The document provides an overview of Aon's ransomware response and mitigation strategies based on their experiences responding to ransomware incidents for clients. It discusses trends they have seen in ransomware attacks, including common infection vectors and techniques used by attackers. The document also outlines Aon's incident response process, including forensic data collection and analysis, containment activities, and eradication strategies. Finally, it proposes a proactive mitigation strategy developed by Aon that includes establishing network baselines, understanding existing security controls, and developing a security reference architecture.
2022 Rea & Associates' Cybersecurity Conference Rea & Associates
The speaker discusses changes to the Cybersecurity Maturity Model Certification (CMMC) program over the past year, including changes to the CMMC model, rules, and the organization administering the program. Voluntary assessments are now taking place and the CMMC ecosystem of assessors, trainers, and consultants is developing. Remaining challenges include high costs of compliance, legal consequences, reciprocity between government agencies, and issues with cloud computing. The speaker stresses the importance of ethics and offers that help is available for organizations navigating CMMC requirements.
Recover your files from Ransomware - Ransomware Incident Response by TictacTicTac Data Recovery
In this presentation we explain how we can help you if you have been hit by Ransomware. We can handle any ransomware family and we can help you recovery your files and continue with your business as fast as possible. Also we can perform forensic investigations and protect your infrastructure from future incidents. https://tictaclabs.com https://tictac.gr
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
The cybersecurity landscape is rapidly evolving, with new threats and threat actors emerging, and traditional security operations centers (SOCs) need to be augmented accordingly. This session will detail the journey of du in building and continually enhancing its SOC, physically and philosophically, to best deal with attack detection (offensively and defensively) and response.
(Source: RSA Conference USA 2017)
The document summarizes key statistics about data loss incidents in 2013, including that over 2,000 incidents exposed over 800 million records. It outlines the typical stages companies go through after an incident and laws requiring preparation and response. The document provides a self-assessment for companies and best practices around security, forensics, communications, and international considerations for responding to a data breach. It emphasizes that companies should plan for an incident as regulatory requirements and costs can be significant for unprepared organizations.
Using Data Analytics to Find and Deter Procure to Pay FraudFraudBusters
FRN combines the high quality, authoritative anti-fraud and audit content from the leading providers, AuditNet ® LLC and White-Collar Crime 101 LLC/FraudAware.
The two entities designed FRN as the “go-to”, easy-to-use source of “how-to” fraud prevention, detection, audit and investigation templates, guidelines, policies, training programs (recorded no CPE and live with CPE) and articles from leading subject matter experts.
FRN is a continuously expanding and improving resource, offering auditors, fraud examiners, controllers, investigators and accountants a content-rich source of cutting-edge anti-fraud tools and techniques they will want to refer to again and again.
White-Collar Crime Fighter Newsletter Subscribe Now at No Cost!
FraudResourceNet has made the premier Anti-Fraud newsletter, White-Collar Crime Fighter freely available to all. All this is required is to complete the registration form with your work email address!
The widely read newsletter, White-Collar Crime Fighter brings you expert strategies and actionable advice from the most prominent experts in the fraud-fighting business. Every two months you'll learn about the latest frauds, scams and schemes... and the newest and most effective fraud-fighting tools, techniques and technologies to put to work immediately to protect your organization.
When it comes to fraud, knowledge of the countless schemes, how they work and red flags to look for will help keep you, your organization and your clients safe.
At FraudResourceNet we understand this and take great pride in providing our FREE White Collar Crime Fighter newsletter -- filled with exclusive articles and tips to provide the knowledge you need.
Make sure you stay informed. Sign up for White Collar Crime Fighter newsletter and we’ll keep you up-to-date on special promos, training opportunities, and other news and offers from FraudResourceNet!
Signing up is easy and FREE. If you have not already subscribed to our newsletter, please sign up to get started!
Sign up for the White Collar Crime Fighter Newsletter (a $99 value ... now completely FREE)
The document discusses software piracy, including how pirates obtain and distribute pirated software, the security methods used by software companies, and common targets of piracy. It notes that pirates try to crack security methods like disk identification and license activation in order to generate keys that allow unauthorized use of software. Pirates then make the cracked software available as torrent files online for others to download and copy illegally. The document also briefly outlines some legal punishments for software piracy.
COVID-19 free penetration tests by Pentest-Tools.comPentest-Tools.com
We offered companies free penetration tests so they could improve their security and better cope with the emerging cyberattacks.
The report covers top security issues we found and experts' recommendations to avoid attacks that disrupt businesses.
Forensics Readiness in the Company, how to prepare the company for forensics tracking of data breach or computer incidents by reducing costs and increasing efficiency. Forensics Readiness is a framework for corporate protection in order to be able to act in court and with insurance companies to document and detail the "deft"
Cyberattacks have been on the rise over the past few years. Thus, the security of their business has become a significant issue for accountants.
Here is all that you should know about the popular cyberattack, Ransomware, to keep your accounting work safe.
Copy of The Ongoing Threat of Ransomware on Small to Medium-SiAlleneMcclendon878
The document appears to be a survey assessing impediments to ransomware prevention for small businesses. It contains questions about preventative measures adopted, preparedness, barriers to prevention, security event log checking, weaknesses in detection, and measures being considered to prevent future attacks. Respondents indicate adopting training, backups, filters and secure storage. Identified challenges include limited resources, outdated documentation and keeping up with evolving threats.
It is clear that information security technology has advanced much faster than
the number of people who are knowledgeable to apply it. It is even clearer that with these advancements come more difficulties in keeping networks secure from intruders, viruses and other threats.
CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...Financial Poise
You’ve received the dreaded call that your company has just suffered a data breach – what do you do next? Who do you call for help? What notification obligations do you have?
With proper preparation, you can mitigate the damage caused by this unfortunate event and put your business in a position to recover. Your company may have already implemented its information security program and identified the responsible parties, including applicable outside experts, to be contacted in the event of a breach. However, now you must call up your incident response team to investigate the extent of the breach, evaluate the possible damage to your company, and determine whether you must notify your clients, customers, or the public of the breach. This webinar will help prepare you to take action when the worst happens.
Part of the webinar series:
CYBER SECURITY and DATA PRIVACY 2022
See more at https://www.financialpoise.com/webinars/
Similar to Incident Response Planning - Lifecycle of Responding to a Ransomware Attack (20)
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, was a guest lecturer on this topic at Southern Methodist University Digital Branding Class on October 27, 2020.
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, presented on this topic at the 2020 Northwestern State University's Fall Continuing Legal Education Conference on November 18, 2020.
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
Shawn Tuma delivered this presentation on April 9, 2019, at the Oklahoma State University 4th Annual Cyber Security Conference in Oklahoma City, Oklahoma.
In twenty years of practicing cyber law, Shawn Tuma has seen a multitude of cybersecurity and data breach cases that have helped him understand the real-world risks companies face and the practical things they can do to prioritize their resources and effectively manage cyber risk. In this presentation, he will share his experience on issues such as:
· Why cybersecurity is an overall business risk issue that must be properly managed to comply with laws and regulations
· Why strategic leadership is critical in cybersecurity
· Why teams are critical for cybersecurity and how to personalities and psychology can impact that team
· The most likely real-world risks that most companies face
· How to prioritize limited resources to effectively manage the most likely real-world risks
· What is reasonable cybersecurity
· How to develop, implement, and mature a cyber risk management program
· Why cyber insurance is a critical component of the cyber risk management process
The document provides a checklist of good cyber hygiene practices for companies. It recommends starting with a risk assessment and developing written cybersecurity policies covering data protection, monitoring, privacy, access limits, passwords, and BYOD. It also stresses training employees on policies, conducting phishing tests, using multi-factor authentication, antivirus software, access controls, updating software and backups. The checklist additionally includes recommendations for encrypting sensitive data, adequate logging, an incident response plan, third-party risk management, firewalls and cyber risk insurance.
This checklist outlines the steps a company should take in response to a cyber incident. It includes determining if the incident warrants escalation, documenting decisions, mitigating any ongoing compromise, engaging legal counsel, activating an incident response plan, notifying relevant parties such as insurers and business partners, investigating the scope of data compromised, assessing legal obligations, determining if law enforcement or public notification is required, and implementing measures to prevent future breaches. The checklist emphasizes having an incident response plan in place before a breach occurs to facilitate a coordinated response.
Cybersecurity: Cyber Risk Management for Lawyers and ClientsShawn Tuma
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled "Cybersecurity: Cyber Risk Management for Lawyers and Clients" at the Texas Bar CLE's 16th Annual Advanced Business Law Course on November 8, 2018.
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Shawn Tuma
Cybersecurity requires a strategic, team-based approach. Effective cybersecurity teams require an understanding of roles, personalities, and psychology. Strategic leadership is needed to develop both proactive security and reactive incident response teams. Tabletop exercises are important for assessing teams and allowing members to practice their roles. While cybersecurity lawyers cannot provide a "magic wand" of privilege, they can help by actively leading risk management programs and investigations to maximize potential privilege protections.
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
Everyone should now understand that no bank or financial institution is immune from cyber risk. Many are now ready to move forward with improving their cyber risk posture but do not know what to do next or how to prioritize their resources. Recognizing that cybersecurity is an overall business risk issue that must be properly managed to comply with many laws and regulations governing banks and financial institutions, this presentation will provide a strategy for how to better understand and manage such risks by:
(1) Providing an overview of the legal and regulatory framework;
(2) Examining the most likely real-world risks; and
(3) Providing strategies for how to manage such risks, including cyber insurance and the development and implementation of an appropriate cyber risk management program (which is not as difficult as it sounds).
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled Cybersecurity: Cyber Risk Management for Banks & Financial Institutions (and Attorneys Who Represent Them) at the Southwest Association of Bank Counsel 42nd Annual Convention on September 20, 2018 (formerly, Texas Association of Bank Counsel).
Something is Phishy: Cyber Scams and How to Avoid ThemShawn Tuma
Reginald A. Hirsch and Shawn E. Tuma presented this talk at the Annual Meeting of the State Bar of Texas for the Law Practice Management Section of the State Bar of Texas. The date of the talk was June 22, 2018, and the location was Houston, Texas.
Cybersecurity Fundamentals for Legal Professionals (and every other business)Shawn Tuma
Cybersecurity & Data Privacy attorney Shawn Tuma delivered this presentation to the Mid-Year Meeting of the State Bar of Oklahoma's Intellectual Property Law Section on June 2, 2018. For more information visit www.shawnetuma.com
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500Shawn Tuma
The document summarizes New York's Department of Financial Services cybersecurity regulations. It provides an overview of key dates for covered entities to comply with various aspects of the regulations, describes which businesses are considered covered entities and subject to the rules. It also summarizes several of the main components required by covered entities, including maintaining a cybersecurity program, designating a chief information security officer, conducting risk assessments, implementing controls like multi-factor authentication, and reporting cybersecurity events.
Effective cybersecurity for small and midsize businessesShawn Tuma
This presentation was delivered at the Center for American & International Law's Second Annual Cybersecurity & Data Privacy Law Conference on April 13, 2018, by Shawn Tuma, Cybersecurity & Data Privacy Attorney at Scheef & Stone.
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk SummitShawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma delivered this presentation at Misti's InfoSec World during the Privacy & Risk Summit on March 22, 2018, in Orlando, Florida.
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma presented this session to The American Institute of Architects' Large Firm Round Table on March 15, 2018. For more of Shawn Tuma's presentations please visit: https://shawnetuma.com/presentations/
"What Could Go Wrong?" - We're Glad You Asked!Shawn Tuma
Dallas cybersecurity and data privacy attorney Shawn Tuma delivered this presentation on social media law to Social Media Breakfast on February 22, 2018.
The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...Shawn Tuma
was delivered as a webinar to the State Bar of Texas Women and the Law Section on February 15, 2018, by Shawn Tuma, Cybersecurity & Data Privacy Attorney at Scheef & Stone.
Cybersecurity: How to Protect Your Firm from a Cyber AttackShawn Tuma
Cybersecurity attorney Shawn Tuma discusses the importance of cybersecurity for law firms. He notes that cybersecurity and privacy issues impact all law firms as clients demand adequate security and firms store sensitive data for multiple clients. While most breaches are from simple issues like weak passwords, law firms remain an attractive target. Tuma outlines 15 common cybersecurity best practices that firms should implement, such as risk assessments, security policies, workforce training, access controls, backups, and incident response plans. He emphasizes adopting a comprehensive cyber risk management program to protect firms from threats.
Recovering from a Cyber Attack was delivered on February 7, 2018, at the Texas Bar CLE Cybersecurity Workshop course by Todd Hindman, Global Director, Data Breach Response Services of ID Experts Corp. and Shawn Tuma, Cybersecurity & Data Privacy Attorney at Scheef & Stone.
The document discusses best practices for managing cybersecurity and data privacy risks from third party vendors. It recommends (1) conducting due diligence on third parties' security practices before engaging them, (2) using contracts to obligate third parties to comply with security standards and notify clients of incidents, and (3) periodically assessing third parties' security based on risk. Following these practices can help companies minimize risks from third parties as required by laws and frameworks.
The presentation deals with the concept of Right to Default Bail laid down under Section 167 of the Code of Criminal Procedure 1973 and Section 187 of Bharatiya Nagarik Suraksha Sanhita 2023.
Corporate Governance : Scope and Legal Frameworkdevaki57
CORPORATE GOVERNANCE
MEANING
Corporate Governance refers to the way in which companies are governed and to what purpose. It identifies who has power and accountability, and who makes decisions. It is, in essence, a toolkit that enables management and the board to deal more effectively with the challenges of running a company.
A Critical Study of ICC Prosecutor's Move on GAZA WarNilendra Kumar
ICC Prosecutor Karim Khan's proposal to its judges seeking permission to prosecute Israeli leaders and Hamas commanders for crimes against the law of war has serious ramifications and calls deep scrutiny.
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
1. Spencer Fane LLP | spencerfane.com 1
Incident Response Planning
Shawn E. Tuma
Co-Chair, Data Privacy & Cybersecurity Practice
Spencer Fane LLP
Lifecycle of Responding to a Ransomware Attack
Technology and the Law
November 21, 2020
Columbia University Executive Master of Technology Management
2. Spencer Fane LLP | spencerfane.com 2
Bricker Beverages – the dreaded call
You are CIO of Bricker Beverages.
It’s Friday night at 8:00 PM. You get a panicked call from one of
your team leads, who has been receiving alerts that a large
number of files are being corrupted.
What do you do?
3. Spencer Fane LLP | spencerfane.com 3
Ransomware Timeline
Hour 1
Initial
Discovery
Basic Intel
Activate IR
Plan & IR Team
Triage Security
+ Backups
Do Not Wipe
Drives
Start
Preserving
Evidence
Do Not
Communicate
with TA
4. Spencer Fane LLP | spencerfane.com 4
The dreaded diagnosis
Your team’s investigation discloses alien file extensions that
belong to a form of zero-day ransomware, so that publicly
available encryption keys won’t decrypt the data.
Folks in your distribution network are calling – they can’t
access the portals for placing orders.
What do you do?
5. Spencer Fane LLP | spencerfane.com 5
Ransomware Timeline
Hour 1
Initial
Discovery
Basic Intel
Activate IR
Plan & IR
Team
Triage Security
+ Backups
Do Not Wipe
Drives
Start
Preserving
Evidence
Do Not
Communicate
with TA
< 12 Hours
Notify
Insurance
Carrier
Engage
Security
Experts
Engage Data
Recovery
Experts
Report to Law
Enforcement
Notify
Employees
Notify Key
Business
Partners
Begin Data
Recovery +
Restoration
Confirm Not
Obvious
“Breach
6. Spencer Fane LLP | spencerfane.com 6
The demand for payment
Your CFO receives an email explaining the ransom demand
(which is in the amount of 2/3 of your insurance coverage and
the size of one quarter’s revenues. The CFO is promised that
upon receipt of payment, the decryption keys can be access
via links provided in the email.
Law enforcement is not familiar with the reputation of the
Threat Actor.
What do you do?
7. Spencer Fane LLP | spencerfane.com 7
Ransomware Timeline
Hour 1
Initial
Discovery
Basic Intel
Activate IR
Plan & IR
Team
Triage Security
+ Backups
Do Not Wipe
Drives
Start
Preserving
Evidence
Do Not
Communicate
with TA
< 12 Hours
Notify
Insurance
Carrier
Engage
Security
Experts
Engage Data
Recovery
Experts
Report to Law
Enforcement
Notify
Employees
Notify Key
Business
Partners
Begin Data
Recovery +
Restoration
Confirm Not
Obvious
“Breach”
12 – 72+
Hours
Implement
Interim
Security
Negotiate with
Threat Actor
OFAC
Clearance
Carrier
Approval for
Payment
Begin
Forensics
Plan for PR
and Potential
Notification
8. Spencer Fane LLP | spencerfane.com 8
The payment
The insurer has approved payment of the negotiated ransom.
The Threat Actor has demanded Bitcoin and your negotiator
advises that the Threat Actor does not appear on the sanctions
list. The negotiator arranges payment.
What do you need to anticipate?
What do you need to do?
9. Spencer Fane LLP | spencerfane.com 9
Ransomware Timeline
Hour 1
Initial
Discovery
Basic Intel
Activate IR
Plan & IR
Team
Triage Security
+ Backups
Do Not Wipe
Drives
Start
Preserving
Evidence
Do Not
Communicate
with TA
< 12 Hours
Notify
Insurance
Carrier
Engage
Security
Experts
Engage Data
Recovery
Experts
Report to Law
Enforcement
Notify
Employees
Notify Key
Business
Partners
Begin Data
Recovery +
Restoration
Confirm Not
Obvious
“Breach”
12 – 72+
Hours
Implement
Interim
Security
Negotiate with
Threat Actor
OFAC
Clearance
Carrier
Approval for
Payment
Begin
Forensics
Plan for PR
and Potential
Notification
+8 Hours
Confirm Proof
of Life
Payment
Transaction
Obtain
Decryptor
Test Decryptor
10. Spencer Fane LLP | spencerfane.com 10
The aftermath
Bricker Beverages Facebook account is active. The Threat
Actor has posted an announcement that Bricker Beverages
was ransomed and that its data is in the possession of the
Threat Actor. Sophia and Diana Bricker are getting calls from
the media. Consumers are contacting Bricker via Facebook
messenger, Instagram, and Bricker’s website, asking if their
information has been leaked. Some demand that their data be
deleted. Negative tweets are appearing on Twitter.
What do you need to do?
11. Spencer Fane LLP | spencerfane.com 11
Ransomware Timeline
Hour 1
Initial
Discovery
Basic Intel
Activate IR
Plan & IR
Team
Triage Security
+ Backups
Do Not Wipe
Drives
Start
Preserving
Evidence
Do Not
Communicate
with TA
< 12 Hours
Notify
Insurance
Carrier
Engage
Security
Experts
Engage Data
Recovery
Experts
Report to Law
Enforcement
Notify
Employees
Notify Key
Business
Partners
Begin Data
Recovery +
Restoration
Confirm Not
Obvious
“Breach”
12 – 72+
Hours
Implement
Interim
Security
Negotiate with
Threat Actor
OFAC
Clearance
Carrier
Approval for
Payment
Begin
Forensics
Plan for PR
and Potential
Notification
+8 Hours
Confirm Proof
of Life
Payment
Transaction
Obtain
Decryptor
Test Decryptor
+12 – 72+
Hours
Begin Data
Decryption
Process
Follow-up with
TA if Problems
Obtain Interim
Signals from
Forensics
12. Spencer Fane LLP | spencerfane.com 12
The breach
The forensics team confirms that data has been exfiltrated. It
has not been published by the Threat Actor.
What do you need to do?
13. Spencer Fane LLP | spencerfane.com 13
Ransomware Timeline
Hour 1
Initial
Discovery
Basic Intel
Activate IR
Plan & IR
Team
Triage Security
+ Backups
Do Not Wipe
Drives
Start
Preserving
Evidence
Do Not
Communicate
with TA
< 12 Hours
Notify
Insurance
Carrier
Engage
Security
Experts
Engage Data
Recovery
Experts
Report to Law
Enforcement
Notify
Employees
Notify Key
Business
Partners
Begin Data
Recovery +
Restoration
Confirm Not
Obvious
“Breach”
12 – 72+
Hours
Implement
Interim
Security
Negotiate with
Threat Actor
OFAC
Clearance
Carrier
Approval for
Payment
Begin
Forensics
Plan for PR
and Potential
Notification
+8 Hours
Confirm Proof
of Life
Payment
Transaction
Obtain
Decryptor
Test Decryptor
+12 – 72+
Hours
Begin Data
Decryption
Process
Follow-up with
TA if Problems
Obtain Interim
Signals from
Forensics
< 2 – 4+
Weeks
Restoration of
Operations
After Action
Review
Implement
Additional
Security
Complete
Forensics &
Obtain Report
Determine
Incident or
Breach
Notifications &
Reporting if
Breach
14. Spencer Fane LLP | spencerfane.com 14
Can you relax?
Bricker’s network files have been decrypted and restored. Its
systems are operational again.
What do you need to anticipate?
What do you need to do?
15. Spencer Fane LLP | spencerfane.com 15
Ransomware Timeline
Hour 1
Initial
Discovery
Basic Intel
Activate IR
Plan & IR
Team
Triage Security
+ Backups
Do Not Wipe
Drives
Start
Preserving
Evidence
Do Not
Communicate
with TA
< 12 Hours
Notify
Insurance
Carrier
Engage
Security
Experts
Engage Data
Recovery
Experts
Report to Law
Enforcement
Notify
Employees
Notify Key
Business
Partners
Begin Data
Recovery +
Restoration
Confirm Not
Obvious
“Breach”
12 – 72+
Hours
Implement
Interim
Security
Negotiate with
Threat Actor
OFAC
Clearance
Carrier
Approval for
Payment
Begin
Forensics
Plan for PR
and Potential
Notification
+8 Hours
Confirm Proof
of Life
Payment
Transaction
Obtain
Decryptor
Test Decryptor
+12 – 72+
Hours
Begin Data
Decryption
Process
Follow-up with
TA if Problems
Obtain Interim
Signals from
Forensics
< 2 – 4+
Weeks
Restoration of
Operations
After Action
Review
Implement
Additional
Security
Complete
Forensics &
Obtain Report
Determine
Incident or
Breach
Notifications &
Reporting if
Breach
1 – 48 +
Months
Individual
Notification
Escalations
Business
Partner
Escalations
Regulatory
Investigations
Litigation
16. Spencer Fane LLP | spencerfane.com 16
Initial
Discovery
Basic Intel +
Activate IR
Plan & Team
Triage Security
+ Backups
Security
Experts
Data Recovery
+ Restoration
Forensic
Examination
Incident or
Breach?
After Action
Review
Most
Common
Causes
Ransomware Lifecycle
19. Spencer Fane LLP | spencerfane.com 19
Most Common Causes & Solutions
• This is random – scanning web for Internet facing RDP access
• Virtual Private Network (VPN) with Multifactor Authentication (MFA)RDP Access
• Email phishing tool
• Workforce training and simulated phishingPhishing
• Install patches timely
• No unsupported software
Unpatched /
Outdated Software
• Multifactor Authentication (MFA)
• Longer passphrasesPasswords
• 3-2-1 Backup Process
• Something comparable – you may end up with only your offline backup
Backups, Backups,
Backups!
20. Spencer Fane LLP | spencerfane.com 20
Most Common Causes
Source: https://www.coveware.com/blog/q3-2020-ransomware-marketplace-report
22. Spencer Fane LLP | spencerfane.com 22
Company Size Distribution
Source: https://www.coveware.com/blog/q3-2020-ransomware-marketplace-report
23. Spencer Fane LLP | spencerfane.com 23
Incident Response Considerations from a
Breach Coach
As we sit here today:
1. Have you collectively brainstormed to think about your greatest cyber risks?
2. Do you have an Incident Response Plan (IRP)?
3. Do you know when to activate the IRP?
4. Does each member of the Security Incident Response Team (SIRT) understand his or her role and responsibility under
the IRP?
5. Do you have redundancies for those roles and responsibilities?
6. Do you know who is the “head coach” and, what if that person is unavailable?
7. Do you know what external parties are needed under the IRP?
8. Do you have easy access to all internal and external parties’ contact information, with redundancies, including personal
cell numbers?
9. Do you have relationships already established with those third parties?
10. Do you have those third parties pre-approved under your cyber insurance policy?
11. Do you have your insurance policy, policy number, and claims contact information handy?
12. How will you access all of this information if your network is down?
13. Have you practiced a mock scenario to test your preparedness? What about if your “head coach” is unavailable?
14. Have you performed After Action Reviews (AAR) and revised your IRP for lessons learned?
24. Spencer Fane LLP | spencerfane.com 24
Shawn Tuma
Co-Chair, Cybersecurity & Data Privacy
Spencer Fane LLP
972.324.0317
stuma@spencerfane.com
• 20+ Years of Cyber Law Experience
• Practitioner Editor, Bloomberg BNA – Texas
Cybersecurity & Data Privacy Law
• Council Member, Southern Methodist University
Cybersecurity Advisory
• Board of Advisors, North Texas Cyber Forensics Lab
• Policy Council, National Technology Security Coalition
• Board of Advisors, Cyber Future Foundation
• Cybersecurity & Data Privacy Law Trailblazers, National
Law Journal (2016)
• SuperLawyers Top 100 Lawyers in Dallas (2016)
• SuperLawyers 2015-20
• Best Lawyers in Dallas 2014-20, D Magazine
• Chair-Elect, Computer & Technology Section, State Bar of
Texas
• Privacy and Data Security Committee of the State Bar of
Texas
• College of the State Bar of Texas
• Board of Directors, Collin County Bench Bar Conference
• Past Chair, Civil Litigation & Appellate Section, Collin
County Bar Association
• Information Security Committee of the Section on Science
& Technology Committee of the American Bar Association
• North Texas Crime Commission, Cybercrime Committee &
Infragard (FBI)
• International Association of Privacy Professionals (IAPP)