Navigating Cybersecurity Contracts: Insights from Ken Rashbaum

Podcast: Play in new window | Download (Duration: 20:11 — 27.7MB)

Subscribe: RSS

Summary

In this episode of Chattinn Cyber, Marc Schein welcomes back Ken Rashbaum, a partner at Barton LLP and a professor at Fordham Law School. Ken, a well-respected privacy attorney, shares his journey from being a trial lawyer and prosecutor to becoming a leading figure in data protection and cybersecurity. He discusses how his early work in healthcare law, particularly with the introduction of HIPAA, paved the way for his focus on privacy and cybersecurity on a global scale.

Their chat shifts to the current landscape of data protection regulations in the U.S. Ken explains the fragmented nature of these laws, which primarily exist at the state level, with only limited federal regulations in healthcare and children’s information. He expresses skepticism about significant changes in federal regulation following the recent presidential election, highlighting the philosophical divide between the two major political parties regarding privacy legislation. Ken emphasizes that voters are increasingly concerned about the privacy and security of their personal information, which complicates the regulatory landscape.

Marc and Ken then delve into the importance of cybersecurity provisions in contracts, particularly for midsize businesses. Ken argues that simply stating compliance with applicable laws is insufficient due to the evolving nature of cybersecurity regulations. He advocates for more detailed cybersecurity requirements in contracts to provide clarity and certainty for all parties involved. Ken also addresses the challenges small and mid-sized businesses face when negotiating contracts with larger corporations, suggesting that they assess risks and consider mitigation strategies, such as implementing multi-factor authentication.

The discussion also touches on the implications of the General Data Protection Regulation (GDPR) for businesses that may not operate in Europe but have customers there. Ken advises that companies should be aware of their obligations under GDPR if they market to EU residents, as the global nature of the internet makes it difficult to avoid these regulations. He stresses the importance of transparency and understanding the data protection implications of using artificial intelligence in business agreements, given the rapid development of AI technology.

Finally, Ken highlights the need for continuous learning in the field of cybersecurity and data protection, urging professionals to stay updated on current changes and adapt to the evolving needs of businesses. He concludes by encouraging open communication and collaboration between legal advisors and businesses to ensure that contracts are tailored to meet the specific needs and risks of each party. The episode wraps up with Ken sharing his contact information and resources for listeners seeking further guidance on these critical issues.

Key Points

Fragmented Data Protection Regulations: Ken explains the current state of data protection laws in the U.S., highlighting the lack of comprehensive federal regulations outside of healthcare and children’s information. He notes that most regulations exist at the state level, leading to a complex and inconsistent legal landscape.
Importance of Detailed Cybersecurity Provisions in Contracts: The conversation emphasizes that simply stating compliance with applicable laws in contracts is insufficient. Ken advocates for including specific cybersecurity requirements to provide clarity and certainty for all parties involved, especially given the evolving nature of cybersecurity regulations.
Challenges for Midsize Businesses: Ken discusses the difficulties that small and midsize businesses face when negotiating contracts with larger corporations. He suggests that these businesses assess their risks and consider mitigation strategies, such as implementing cybersecurity measures like multi-factor authentication.
Implications of GDPR: The podcast addresses the relevance of the General Data Protection Regulation (GDPR) for businesses that may not operate in Europe but have customers there. Ken advises that companies should be aware of their obligations under GDPR if they market to EU residents, as the global nature of the internet makes compliance necessary.
Continuous Learning and Adaptation: Ken stresses the importance of continuous learning in the field of cybersecurity and data protection. He encourages professionals to stay updated on current changes and to maintain open communication with businesses to tailor contracts to their specific needs and risks.

Key Quotes

On the State of Data Protection Laws: “We only have national data protection law in the U.S. in healthcare, for public companies, and children’s information. Everything else is at the state level, and the states very much want to keep that prerogative.”
On Cybersecurity Provisions in Contracts: “When you say parties are going to meet applicable law, a good response to that question is, what does that even mean? The law is all over the place… it differs from state to state, from country to country, from industry to industry.”
On GDPR Compliance: “Generally speaking, they are subject to the GDPR if they are marketing to customers who are residents of the European Union… any time you throw up a website, you are basically marketing globally.”
On Continuous Learning in Cybersecurity: “Working in this space requires a dedication to continuous learning… too many advisors think that they are, you know, like Moses with tablets coming down from Mount Sinai. You really have to keep up with current changes.”

About Our Guest

Kenneth N. Rashbaum is a distinguished legal expert specializing in privacy, cybersecurity, and e-discovery, advising multinational corporations, financial services, and life sciences organizations on the complexities of electronic information management. With extensive experience in information governance, he ensures compliance with federal, state, and international laws while navigating the legal and regulatory challenges of e-commerce. Ken is adept at preparing and negotiating technology contracts, including service level and license agreements, and provides guidance on privacy and cyber liability insurance applications. He leads assessments and remediation initiatives for data breaches, develops social media compliance policies, and represents clients in federal and state investigations. An internationally recognized thought leader in electronic discovery, Ken has served as national e-discovery counsel for major pharmaceutical companies and has contributed to legislative efforts in New Jersey regarding privacy and cybersecurity laws. He is also an Adjunct Professor of Law at Fordham University School of Law and has previously taught at Hofstra University. Prior to joining Barton, Ken was a senior litigation partner at Sedgwick LLP, where he co-chaired the E-Discovery, Compliance, and Data Management Practice Groups.

Follow Our Guest

LinkedIn | Website

About Our Host

National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums.

Follow Our Host

Website | LinkedIn

December 10, 2024November 22, 2024

Navigating Cyber Threats: Insights from New York’s Cybersecurity Advisory Board

Podcast: Play in new window | Download ()

Subscribe: RSS

Summary

In this episode of Chattinn Cyber, Marc Schein is chattin’ with Jeremy Shockett, a prominent figure in cybersecurity and former co-chair of the New York State Cyber Security Advisory Board. Mark introduces Jeremy, emphasizing his extensive background, including his previous role as a prosecutor. This introduction sets the stage for a discussion centered on cybersecurity practices, particularly the significance of tabletop and red team exercises in enhancing organizational preparedness against cyber threats.

Jeremy shares his professional journey, detailing his transition from a 24-year career as a prosecutor to his appointment by the governor of New York as the deputy secretary for public safety, where he oversees cybersecurity initiatives. He elaborates on the role of the New York State Cyber Security Advisory Board, which comprises leaders from both public and private sectors. This board advises the governor on cybersecurity policies and plays a crucial role in responding to real-time threats, highlighting the collaborative effort required to address cybersecurity challenges effectively.

The discussion then delves into the differences between tabletop exercises and red team exercises. Jeremy explains that tabletop exercises are hypothetical scenarios where participants discuss responses to simulated threats, helping organizations identify decision-making processes and vulnerabilities. In contrast, red team exercises involve actual simulated attacks conducted by hired experts to test an organization’s defenses in real-time. This distinction underscores the unique purposes and methodologies of each exercise type, emphasizing their importance in a comprehensive cybersecurity strategy.

Jeremy offers practical recommendations for conducting these exercises, advising organizations to start with tabletop exercises to establish decision-making frameworks and identify vulnerabilities before progressing to red team exercises. He outlines key takeaways from both types of exercises, such as understanding strategic decision-making, clarifying roles and responsibilities, and evaluating communication strategies. For red team exercises, he highlights the importance of identifying specific vulnerabilities and assessing the effectiveness of social engineering defenses, providing valuable insights for organizations looking to strengthen their cybersecurity posture.

The conversation concludes with Jeremy sharing a memorable experience from a tabletop exercise where he played the role of the governor. He emphasizes the importance of asking critical questions that challenge the status quo and drive effective responses to threats. Reflecting on his career transition from Miami to New York, Jeremy expresses gratitude for the opportunities he has encountered, reinforcing the value of preparedness and collaboration in the ever-evolving field of cybersecurity.

Key Points

Importance of Preparedness: The discussion emphasizes the necessity of conducting both tabletop and red team exercises to prepare organizations for potential cyber threats. These exercises help identify vulnerabilities and establish effective response strategies.
Differences Between Exercise Types: Jeremy clearly distinguishes between tabletop exercises, which are discussion-based and focus on hypothetical scenarios, and red team exercises, which involve real-time simulated attacks. Understanding these differences is crucial for organizations to implement effective cybersecurity training.
Sequential Approach to Exercises: Jeremy recommends that organizations conduct tabletop exercises first to develop decision-making processes and identify weaknesses before moving on to red team exercises. This sequential approach enhances the effectiveness of the overall cybersecurity strategy.
Key Takeaways from Exercises: The conversation highlights critical insights gained from both types of exercises, such as understanding roles and responsibilities, evaluating communication strategies, and identifying specific vulnerabilities in defenses. These takeaways are essential for improving organizational resilience.
Leadership and Inquiry: Jeremy shares a personal anecdote about a tabletop exercise where he played the role of the governor, underscoring the importance of leadership and asking challenging questions. This approach fosters a culture of inquiry that can lead to more effective crisis management and decision-making in cybersecurity scenarios.

Key Quotes

“Part of public safety is cybersecurity. And part of that job is to be the co-chair of the Cybersecurity Advisory Board.”
“A tabletop exercise is a hypothetical. It’s a pretend threat… you work through in a systematic way how the entity… is going to respond to it.”
“My advice would be the tabletop exercise goes first. You get a real sense of who should be making decisions.”
“You get to learn about your communication strategy… how do you deal with your clients? How do you deal with maybe the press?”
“You can ask a question. Why can’t we fix this within an hour? The people of the state of New York need… fill in the blank.”

About Our Guest

Jeremy Shockett is a shareholder at Anderson Kill’s New York office, where he co-chairs the White Collar Defense group and is a member of the Corporate and Commercial Litigation practice. With extensive experience representing individuals and corporations before various federal agencies, including the DOJ and SEC, Jeremy has a strong background in pre-trial investigations and court proceedings. He previously served as the Deputy Secretary for Public Safety in New York, overseeing public safety and homeland security initiatives, and co-chaired the New York State Cybersecurity Advisory Board. His prior roles include Chief of the Trial Division at the Bronx County District Attorney’s Office, where he led over 200 prosecutors, and Special Assistant U.S. Attorney in the Organized Crime and Gangs Section. Jeremy is also an accomplished lecturer and trainer, having taught law enforcement and legal professionals both domestically and internationally. Outside of his professional pursuits, he has a passion for poker, which he enjoys discussing.

Follow Our Guest

LinkedIn | Website

About Our Host

Follow Our Host

Website | LinkedIn

November 13, 2024November 8, 2024

Unmasking Cyber Threats: The Rise of Spoofing and Phishing with Gideon Hazam

Podcast: Play in new window | Download (Duration: 10:36 — 14.6MB)

Subscribe: RSS

Summary

In this episode of Chattinn Cyber, Marc Schein is chattin’ with Gideon Hazam, a renowned expert in spoofing. The discussion revolves around the challenges faced by organizations in detecting and protecting against phishing attacks on their brands.

Gideon explains that his company spent six months meeting with Chief Information Security Officers (CISOs) from various industries to understand their main challenges related to phishing attacks. They identified three major challenges: detecting phishing attacks quickly, identifying the users exposed to these attacks, and finding ways to protect them.

To address these challenges, Gideon’s company developed a platform that has gained popularity and is now being implemented across sectors and organizations worldwide. The platform helps organizations detect phishing attacks on their customers quickly, identify the users at risk, and implement measures to protect them.

He then goes on to explain the connection between spoofing and phishing. Phishing is the platform used to conduct a cyber takeover, where attackers create fake websites to harvest credentials or steal money. Spoofing, on the other hand, is the technique used to generate these phishing attacks. It involves using spoofing tools to create fake websites or clone existing ones.

The conversation then delves into the susceptibility of different industries to spoofing attacks. Gideon explains that any organization with an online presence and customer interaction is a potential target for hackers. However, industries related to finance and money are particularly vulnerable due to the potential for financial manipulation and theft.

The discussion also touches upon the lifecycle of a phishing attack. It starts with building the phishing site, which is then detected and ideally taken down. However, the exposure window remains until the site is successfully removed. Even after takedown, the harvested credentials can still be exploited, posing a continued threat to organizations.

Gideon predicts that spoofing attacks will become more prevalent in the corporate world due to the increasing reliance on online activities and the availability of numerous spoofing tools in the market. He emphasizes the need for authentication solutions to ensure users are visiting legitimate websites and not falling victim to imposter sites.

The conversation provides valuable insights into the challenges posed by spoofing and phishing attacks, the connection between the two, and the need for robust authentication measures to protect against these threats. The discussion highlights the importance of detecting attacks quickly, identifying at-risk users, and implementing effective protection measures to safeguard organizations and their customers.

Key Points

Organizations face three major challenges when it comes to phishing attacks on their brands: detecting attacks quickly, identifying exposed users, and protecting them.
Spoofing is the technique used to generate phishing attacks, where attackers create fake websites or clone existing ones.
Any organization with an online presence and customer interaction is a potential target for spoofing attacks, with industries related to finance being particularly vulnerable.
The lifecycle of a phishing attack involves building the phishing site, detecting it, and ideally taking it down. However, even after takedown, the harvested credentials can still be exploited.
The prevalence of spoofing attacks is expected to increase due to the growing reliance on online activities and the availability of easy-to-use spoofing tools in the market.

Key Quotes

“Phishing is basically the platform to conduct a counter takeover in one hand. I will build a phishing site in order to harvest as many credentials as possible of any anyone. And secondly, I can use phishing to steal money. Simple as that.”
“The interesting part is that any firm, any organization that has online presence, which require interaction between end user and customer is a target for the hackers, because if they can use their tools to harvest credentials, that would anywhere on each industry or niche…”
“Detection and takedown … are the two major points. But takedown may take days may take weeks. Sometimes it takes even longer. And until the point that this site is down, the customers, the end users are still exposed.”
“The more online activities become, the more spoofing attack will be there. Because this is a huge surface for attackers to exploit … The number of … spoofing tools [that] exist today in the market is numerous.”

About Our Guest

Gideon Hazam is an accomplished senior sales and business professional with a wealth of experience in business operations, development, and strategic sales, complemented by strong technology and managerial skills. As the co-founder and Chief Operation & Security Officer of Memcyco, he leads the charge in addressing a critical cyber blind spot: brand impersonation attacks that jeopardize both companies and their customers. With a unique ability to analyze complex business challenges and devise effective strategies, Gideon emphasizes the importance of protecting users from the rising tide of phishing and social engineering attacks. His extensive background in corporate development and global sales, combined with a collaborative and creative leadership style, positions him as a key player in the cybersecurity landscape. Passionate about safeguarding consumers in an evolving threat environment, Gideon is eager to engage in discussions about enhancing online protection measures against the ever-growing onslaught of cyber threats.

Follow Our Guest:

About Our Host

Follow Our Host:

Website | LinkedIn

October 29, 2024October 29, 2024

Promises and Pitfalls: The Intersection of AI and Insurance with Marshall Gilinsky

Podcast: Play in new window | Download (Duration: 13:04 — 18.0MB)

Subscribe: RSS

Summary

In this episode of Chattinn Cyber, Marc Schein is chattin’ with Marshall Gilinsky, a partner at Anderson Kill, PC, focusing on the impact of artificial intelligence across various industries, particularly in insurance.

Marshall shares his background and explains how his interest in AI developed over time. He expresses his fascination with the technology, emphasizing its potential benefits and risks. Marshall believes that AI has the capacity to revolutionize numerous tasks and industries, but he also stresses the importance of understanding and regulating AI to ensure its safe and productive use.

The discussion then shifts to instances of AI misuse, where Marshall recounts a case involving a lawyer who relied solely on AI to draft legal briefs. This reliance led to significant failures and embarrassment for the lawyer, highlighting the need for caution and responsible use of AI to prevent similar mishaps in the future.

Mark inquires about the implications of AI for the insurance industry and seeks advice for policyholders. Marshall explains that while AI is a powerful new tool, it can both enhance and harm insurance operations. He notes that current insurance policies lack specific provisions for AI-related claims, advising policyholders to remain vigilant about potential risks associated with AI technologies.

The conversation progresses to the topic of AI regulations and future predictions. Marshall discusses the ongoing efforts by regulators to understand and ensure the safe development of AI. He emphasizes the necessity of balancing business interests with the protection of policyholders and investors. Although he acknowledges the challenges in making accurate predictions about AI’s future, he remains hopeful for conscientious engineering practices that prioritize safety and responsibility.

In closing, Mark thanks Marshall for his valuable insights and expresses interest in continuing the dialogue. Marshall appreciates the opportunity to discuss AI and mentions his ongoing learning and exploration in this rapidly evolving field. Overall, the episode underscores the importance of understanding and managing the risks and benefits associated with AI, particularly within the insurance sector.

Key Points

Fascination with AI: Marshall expresses a deep interest in AI, highlighting its transformative potential across various industries. He emphasizes the need to understand both the benefits and risks associated with AI technologies.
Cases of Misuse: The discussion includes real-world examples of AI misuse, such as a lawyer who relied solely on AI for drafting legal briefs, which resulted in failure. This underscores the importance of caution and responsible use of AI.
Impact on Insurance: AI is described as a double-edged sword in the insurance industry. While it can enhance operations, it also poses risks. Marshall notes that current insurance policies often lack specific provisions for AI-related claims, urging policyholders to be aware of these potential risks.
Need for Regulation: The conversation highlights the ongoing efforts by regulators to understand AI and ensure its safe development. Marshall stresses the importance of balancing business interests with the protection of policyholders and investors.
Challenges in Prediction: Marshall acknowledges the difficulty in making accurate predictions about the future of AI. However, he expresses hope for responsible engineering practices that prioritize safety and ethical considerations.
Continuous Learning: Ongoing education and exploration in the field of AI is important and reflects the rapidly evolving nature of the technology and its implications.
Responsible Use: The conversation reinforces the need for a cautious approach to AI, advocating for responsible use to mitigate risks and maximize benefits in various applications, particularly in sensitive areas like insurance.

Key Quotes

On Fascination with AI: “The potential for benefits to society from… using AI in all sorts of tasks across the world, economic, personal, etc., are mind boggling. While at the same time the potential for harm is of great concern.”
On Misuse of AI: “There was a lawyer, who… relied exclusively on AI to draft some briefs. The chat bot basically wove the brief out of whole cloth, making up the facts and the law… It ends up being a magnificent failure.”
On the Impact of AI in Insurance: “It just seems at this point to present as a new type of thing that can go wrong and lead to a very common sort of insurance problem.”
On Regulation: “Everyone’s kind of learning together… businesses are trying to develop these tools in a way that enhances their operations and their profitability, and regulators are out there trying to make sure that it’s done in a way that’s safe.”
On Predictions for AI’s Future: “I think there’s a lot of conscientious engineers out there that are trying to do things in a way that’s safe and productive… But we live in a capitalistic marketplace where there’s strong incentives to build the biggest, baddest, most productive thing you can.”
On Continuous Learning: “I’m constantly talking to people to find out new things that are happening… because there’s constantly new things that are emerging all the time.”

About Our Guest

Marshall Gilinsky is a shareholder at Anderson Kill’s Boston office, specializing in Insurance Recovery and Commercial Litigation. He co-chairs the firm’s Sexual Harassment and Abuse Insurance Recovery Group and the Sports, Media, and Entertainment Group, while also being a member of the Banking and Lending Group and the Restaurant, Retail & Hospitality Group. With over 20 years of experience representing policyholders, Marshall has recovered hundreds of millions of dollars through successful litigation of complex insurance claims, including those related to high-profile events like 9/11, Hurricane Katrina, and Superstorm Sandy. He also assists clients with captive insurance companies, focusing on resolving coverage disputes with reinsurers. Known for his deep understanding of clients’ businesses and insurance programs, Marshall frequently writes and lectures on insurance topics and is often quoted in major media outlets, including The New York Times and CNN.

Follow Our Guest:

LinkedIn | Anderson Kill

About Our Host

Follow Our Host:

Website | LinkedIn

October 15, 2024October 15, 2024

Navigating the Cyber Landscape: Insights from Christiaan Durdaller

Podcast: Play in new window | Download (Duration: 19:51 — 27.3MB)

Subscribe: RSS

Summary

In this episode, Marc Schein is chattin’ with Christiaan Durdaller, a cyber expert and founder of an innovative wholesale brokerage in the cyber market. Christiaan chats about his journey into the cyber industry, highlighting the rise of cyber awareness in recent years due to high-profile data breaches.

Christiaan explains the difference between retail brokers and wholesale brokers. Retail brokers work directly with clients, while wholesale brokers partner with retail brokers to provide market access and expertise. Christiaan emphasizes the importance of collaboration and problem-solving in the wholesale brokerage industry.

The conversation then shifts to the success of Christiaan’s brokerage, which has consistently won awards in the cyber community. Christiaan attributes this success to the firm’s dedication to product development, innovation, and expertise in cyber insurance claims.

The chat also touches on a major merger that Christiaan’s brokerage is undergoing. Christiaan explains that the merger aims to combine the best aspects of both companies and create a unified team with a focus on collaboration and providing the best resources and services to clients.

Christiaan discusses some unique products offered by his brokerage, including a cyber access facility and a crime 360 facility. These products address specific risks in the marketplace and provide clients with broader coverage and higher limits. The chat concludes with a discussion on the current state of the cyber insurance market. Christiaan notes that the market is currently in a softening phase, with renewal rates decreasing and coverage broadening. However, he also highlights the rising attritional losses, non-breach privacy litigation, and the impact of systemic risks on the market.

Overall, this episode provides insights into Christiaan Durdaller’s journey in the cyber industry, the success of his brokerage, and the current trends and challenges in the cyber insurance market.

Key Quotes

“I was working at a law firm at the time, personal lines, insurance, defense, and looked at Cyber and said, this is interesting. This is something worth investing in. Not a lot of people are investing in it today. It’s a Fortune 50, Fortune 100 product, generally speaking. Let’s figure out a way to create change. It was really exciting for me and it’s been exciting since.”
“There are a lot of folks out there with claims experts and talent, but very few that have the expertise of a cyber dedicated wholesale broken claims unit. It’s something we’re super proud of.”
“We want to make larger limits available to them and make it available to them quick. We’ve got a lot of clients out there, as an example, who are in a class of business who can only procure 2 million or 3 million on a primary basis in limits. And you know, we’ve got to get support for them to build what their contracts require, to build what the risk models are saying that they should carry.”
“Change is coming … It’s only a matter of time.”

Key Takeaways

Importance of Collaboration in Wholesale Brokerage. Christiaan emphasizes the importance of collaboration between wholesale brokers and retail brokers to provide market access, expertise, and solutions to clients. This collaborative approach helps address the specific needs of clients in the cyber insurance market.
Merger and Unified Team. The merger discussed in the conversation aims to combine the strengths of two companies and create a unified team. This unified team will focus on collaboration, providing the best resources, and delivering consistent services to clients.
Market Trends and Challenges. The conversation touches upon the current state of the cyber insurance market, including the softening market conditions, broadening coverage, rising attritional losses, and the impact of systemic risks. These trends pose challenges and opportunities for insurers and require adaptation and innovation in product offerings and risk management strategies.
Innovation and Product Development. Christiaan emphasizes the importance of innovation and product development in the cyber insurance market. He discusses the unique products offered by his brokerage, such as the cyber access facility and the crime 360 facility, which address specific risks and provide broader coverage options. This highlights the need for continuous innovation and the development of tailored solutions to meet the evolving needs of clients in the cyber insurance industry.

About Our Guest

As President and CEO of INSUREtrust’s, Christiaan focuses on their Cyber Secure Platform, products, and overarching strategy. As a key part of their leadership team, Christiaan strategizes to help ensure that INSUREtrust products, services, and solutions stay ahead of the market and competition. His team was recognized internationally by Zywave as the 2017, 2019, 2020, 2021, 2022 and 2023 Cyber Brokering Team of the Year. In 2018, Christiaan was recognized by the industry as the Cyber Risk Industry Person of the Year (USA) and 2020, 2021 and 2022 saw Christiaan recognized by Insurance Business America as a Top Specialist Broker. Since 2021, Christiaan has been a part of the Forbes Business Council due to his forward-thinking leadership within the cyber space.

Follow Our Guest:

About Our Host

Follow Our Host:

Website | LinkedIn

September 11, 2024September 10, 2024

Privacy vs. Security: Navigating the Challenges of Cyber Risk with Ben Goodman

Podcast: Play in new window | Download (Duration: 13:35 — 18.7MB)

Subscribe: RSS

Summary

In this episode of Chattinn Cyber, Marc Schein is chattin’ with Ben Goodman, the founder and CEO of CyRisk, about the evolution of cybersecurity and the growing concern of privacy in the industry. Ben shares his background in technology and his experience working with companies to improve their security and compliance.

They discuss the increasing importance of privacy in the cyber risk landscape, with privacy settlements surpassing security settlements in recent years. Ben emphasizes the need for organizations to focus on pre-incident planning, training, and preparation to mitigate privacy risks effectively.

When discussing how carriers are handling privacy risks, he notes that carriers are still figuring out how to underwrite the risk in a soft market. He highlights the challenge of carriers not having access to comprehensive data and organizations themselves often being unaware of their own exposures. He suggests that carriers should focus on differentiating themselves and finding ways to underwrite privacy risks effectively.

They also touch on the different industries and technologies that are more susceptible to privacy exposures. Regulated industries, such as healthcare, are under scrutiny and face regulatory actions and fines. Advertising and marketing technologies also pose significant risks, and organizations should take steps to mitigate these risks.

Ben explains how CyRisk helps policyholders with privacy issues through their platform. They offer real-time detection of exposures, analysis of policyholders’ active policies for compliance, and provide detailed reports with recommendations. CyRisk’s privacy attorneys contribute to building out the platform and offering solid advice to policyholders.

Looking ahead, Ben predicts that privacy risks will continue to be a significant issue. He mentions the increasing use of micro-targeting AI and the potential challenges it poses in terms of privacy and bias. Governments and regulators will need to keep up with these developments to protect individuals’ privacy.

Overall, the interview covers various aspects of privacy risks in the cyber risk landscape and provides insights into how organizations and carriers can address these challenges.

Key Takeaways

Privacy is becoming a major concern in the cyber risk landscape, with privacy settlements surpassing security settlements. Organizations need to prioritize pre-incident planning, training, and preparation to effectively mitigate privacy risks.
Carriers are still grappling with how to underwrite privacy risks in a soft market. Differentiation is challenging, and the lack of comprehensive data and organizations’ limited awareness of their own exposures pose difficulties.
Certain industries, such as healthcare, are under scrutiny and face regulatory actions and fines due to privacy breaches. Advertising and marketing technologies also present significant risks that organizations should address.
CyRisk offers a platform that helps policyholders with privacy issues. It provides real-time detection of exposures, compliance analysis of active policies, and detailed reports with recommendations. Privacy attorneys contribute to the platform, offering solid advice to policyholders.
The use of micro-targeting AI poses challenges in terms of privacy and bias. Governments and regulators will need to keep up with these developments to protect individuals’ privacy. Privacy risks are expected to remain a significant issue in the future.

Key Quotes

“The confluence of privacy risk in cyber insurance and the associated cyber risk… there’s the data leakage part of it, there’s real data breach exposure with this privacy risk.”

“Last year, 2022 privacy settlements actually exceeded security settlements by about 180 million.”

“The more that organizations could do from a pre-incident perspective, from a planning and training and preparation, I think the better off they are.”

“A lot of carriers don’t really see the data. They don’t know how to get that data… relying on questionnaires only goes so far.”

“Regulated industries are clearly under a microscope… they’ve already shown that they’re taking action not just with investigations, but with fines and penalties, millions and millions of dollars.”

About Our Guest

Ben Goodman is the Founder and CEO of CyRisk Inc., a leading cybersecurity and risk management company. Prior to founding CyRisk Inc. in July 2018, Ben also founded and served as Chairman of 4A Security & Compliance, a company focused on helping organizations achieve security and compliance.

In addition to his entrepreneurial ventures, Ben is also a faculty member at Drexel University’s LeBow College of Business, where he shares his expertise and knowledge with aspiring professionals in the field of cybersecurity. With a passion for solving complex technology problems and managing security and compliance components, Ben has dedicated his career to helping organizations navigate the ever-changing landscape of cyber risk.

Ben’s extensive experience and deep understanding of the industry have made him a sought-after expert in the field. He has been featured in various podcasts, conferences, and industry events, where he shares his insights on topics such as privacy, data breaches, and the future of cybersecurity. Through his work at CyRisk Inc. and his contributions to academia, Ben continues to make significant contributions to the field of cyber risk management.

Follow Our Guest:

About Our Host

Follow Our Host:

Website | LinkedIn

July 31, 2024July 31, 2024

Navigating Ransomware and Cybersecurity: Insights from Cryptocurrency Expert John Morrissey

Podcast: Play in new window | Download (Duration: 8:53 — 12.2MB)

Subscribe: RSS

Summary

In this episode of Chattinn Cyber, Mark Schein chats with John Morrissey, Cryptocurrency Operating Compliance Director for Arete, focusing on various aspects of the cryptocurrency industry and the challenges associated with ransomware attacks. John explains how he ended up in his current role, combining his cybersecurity background with his passion for trading and investing. He discusses the volatility of the cryptocurrency market and the impact it has on ransom demands. He also highlights the increasing scrutiny and compliance requirements imposed by organizations like OFAC when it comes to making ransom payments. John emphasizes the importance of taking cybersecurity seriously and investing in the right tools and processes to protect organizations from cyber threats.

John shares his journey of how he becomes the Cryptocurrency Operating Compliance Director for Arete. He mentions that he met Joe Mann, the founder of Arete, while working in the Virginia DC area. John became Arete’s first client when he ran a DFIR (Digital Forensics and Incident Response) services organization. With his background in cybersecurity and his passion for trading and investing, John found a perfect fit in his current role, where he manages crypto relationships and helps clients navigate the complexities of the market.

The conversation then shifts to the concept of crypto puzzles and the volatility of the cryptocurrency market. John explains that crypto is the most volatile asset in the world, and its value can fluctuate significantly in response to market conditions. He gives an example of how Bitcoin’s value dropped from $69,000 to $16,000 during a market crash. John highlights the challenges of working with a new industry that lacks regulation and dealing with assets that are highly volatile. He emphasizes the need to understand how all these factors fit together.

The discussion then turns to ransomware attacks and the changing demands of adversaries. John mentions that during previous market crashes, ransom demands were often made in Bitcoin. However, after the crash, there has been a shift towards demanding cash instead of Bitcoin. He notes that the ransoms are increasing year over year, with some groups demanding even higher amounts. John also mentions the increasing scrutiny and compliance requirements imposed by organizations like OFAC (Office of Foreign Assets Control) when it comes to making ransom payments. He explains the steps Arete takes to ensure compliance, including analyzing threat actor wallets, conducting blockchain analysis, and verifying the absence of sanctions.

Mark asks John how Arete can help in situations involving ransomware attacks. John explains that Arete is a full-service organization specializing in digital forensics and incident response (DFIR). They offer assistance from the moment a hack is discovered, providing a 24/7 phone number and email for immediate response. Arete’s team helps clients through the entire process, from triage to recovery, and even offers guidance on planning and prevention. If necessary, Arete can also assist with the process of making ransom payments.

In conclusion, the conversation between Mark Schein and John covers various aspects of the cryptocurrency industry and the challenges associated with ransomware attacks. John shares his background and how he ended up in his current role. He discusses the volatility of the cryptocurrency market and the impact it has on ransom demands. He also highlights the increasing scrutiny and compliance requirements imposed by organizations like OFAC. John emphasizes the importance of taking cybersecurity seriously and investing in the right tools and processes to protect organizations from cyber threats. Arete’s role in assisting clients with ransomware attacks is also discussed, highlighting their full-service approach and expertise in digital forensics and incident response.

Key Takeaways

Cryptocurrency prices and demand for ransom payments in crypto vs fiat currency fluctuate a lot based on market conditions. When crypto prices crashed, ransom demands shifted to be mostly in cash rather than bitcoin.
Ransom amounts continue to rise steadily, with increases of 20-30% year-over-year being common.
OFAC regulations and government scrutiny are making ransom payments more difficult with requirements to verify the ransomware group is not sanctioned.
Arete offers comprehensive incident response services including forensics, monitoring, planning, and facilitating ransom payments if needed. They have a 24/7 hotline to call for immediate assistance.
It’s important for organizations to take cybersecurity seriously and invest in good tools and processes to avoid becoming victims of ransomware. Arete recommends deploying technology like SentinelOne for prevention and detection.

Key Quotes

1:25 – “So it’s great taking some cybersecurity background and melding it with my market background. I became the crypto operations and compliance director at Arete.”
4:03 – “But after it crashed, we actually saw very few pure bitcoin ransoms, and most of them in cash. So whether it’s the psychology of it or just they wanted some consistency outside of the volatility, but today, 95 or more percent of the ransoms are all in pure cash versus bitcoin.”
5:32 – “So we actually take it upon ourselves to look at really every cyber indicator compromise. You always take a threat actor wallet and throw it on the effect sanction list … But we do a lot of analysis on the blockchain of prior transactions that the threat actor might have done.”
6:47 – “We have an Arete 911 phone number. You can just do a Google search of ‘Arete 911’ and find us. So we have a phone number that’s 24/7, we have an email that’s 24/7. Once we receive your email or call, we will be on the phone with you within half an hour to help script that.”
8:33 – “But there’s a lot of great. Yeah, a lot. But there’s a lot of great process and a lot of great technology out there to help you. But I think just take cyber seriously and, or if not, you know, you’ll find yourself in trouble one day.”

ABOUT OUR GUEST:

John Morrissey is a seasoned Technology Sales and Services leader with a strong focus on Customer Success. With extensive experience in assisting National Defense, Civilian Agencies, and Commercial Enterprises, John specializes in successfully implementing cutting-edge technologies such as Analytics, Big Data, Machine Learning, Cyber Security, Fraud, Risk, eDiscovery, and Investigative technology. Throughout his career, John has demonstrated a remarkable ability to build and grow organizations, delivering high-end consulting and enterprise solutions. He is a results-oriented leader with a proven track record of overcoming complex business challenges and making critical decisions with experience, good judgment, a strong work ethic, and unwavering integrity. With a keen vision, determination, and exceptional skills, John is adept at driving increased revenue and profitability for organizations.

FOLLOW OUR GUEST:

LINKEDIN

ABOUT OUR HOST:

FOLLOW OUR HOST:

WEBSITE | LINKEDIN

July 31, 2024July 31, 2024

Optimizing IT Asset Management for Cybersecurity: Collaboration and Compliance with Jeremy Boerger

Podcast: Play in new window | Download (Duration: 9:47 — 13.5MB)

Subscribe: RSS

Summary

In this episode Marc Schein is chattin’ with Jeremy Boerger, an IT Asset Management (ITAM) expert. Jeremy recounts his entry into ITAM during the Y2K era, where he was tasked with managing compliance systems for a manufacturing firm. This experience sparked his interest in ITAM, which revolves around optimizing an organization’s hardware and software investments for maximum value. He emphasizes ITAM’s focus on cost-consciousness and usability, highlighting its role in efficient product and service utilization.

The discussion dives deeper into the essence of ITAM, explaining its significance in the cybersecurity realm. Jeremy stresses the importance of collaboration between ITAM and cybersecurity teams, citing industry standards like those recommended by NIST and the Department of Defense. He suggests that ITAM’s asset management functions, such as inventory tracking and usage monitoring, are integral to bolstering organizational security measures.

Jeremy acknowledges the historical challenges in establishing ITAM best practices but mentions ISO/IEC 19770 as a leading framework. He also links ITAM’s principles to new cybersecurity regulations, particularly those proposed by the SEC. These regulations emphasize managing end-of-life assets, data disposal, and leveraging returns from decommissioned hardware and software, areas where ITAM plays a crucial role.

As the conversation wraps up, Marc and Jeremy discuss avenues for further engagement and collaboration. Jeremy directs interested parties to his website and LinkedIn profile, where he shares insights on ITAM and cybersecurity integration. The dialogue underscores the evolving landscape of ITAM, its symbiotic relationship with cybersecurity practices, and the potential for synergistic collaboration to enhance organizational resilience and security posture.

Key Takeaways

IT Asset Management (ITAM) helps organizations manage their hardware and software assets to get the most value and utility out of them. It helps control costs and track assets.
ITAM and cybersecurity should work together. Knowing what devices and software are in the environment helps cybersecurity track potential threats.
Best practices for ITAM can be found in ISO standards, ITIL, and NIST frameworks. Organizations like the ISO are bringing ITAM and cybersecurity together.
The SEC is encouraging more asset management to track hardware, software, and data, especially at end of life. This helps control cyber risks.
ITAM can notify cybersecurity when hardware and software changes, so they can update their threat models. Collaboration between the teams is important.

Key Quotes

00:51 – “If you remember back in Y2K, back at the turn of the century […] I had been brought into a small manufacturing firm to help with their Y2K results, a lot of it being swapping out old systems for compliance systems and the like.”
03:35 – “What I have seen from the other side of the fence is that cybersecurity professionals tend to look at their work in […] silo [as a] very separate activity when there’s all of this wonderful data and technique and knowledge that probably doesn’t get tapped into as well as it should have.”
06:09 – “Where is the hardware and software and most importantly, the data that is sitting inside that hardware and software? What do you do with it at the end of its lifecycle? And that’s been typically something that cybersecurity folks don’t really pay much attention to.”
06:37 – “Well, asset management is very concerned about that endgame because there’s money to be had. There are services to be had. If you’re not going to reuse that device or reissue those licenses, then what kind of return cash can you bring into the organization to then fund another investiture?”
“But I also encourage folks to reach out on LinkedIn as well. We’ve got a very active newsletter community speak on a great length about some of the new initiatives, licensing schemes, threat, and even techniques on how to mitigate some of these asset concerns that then do bleed into cybersecurity and service management.” (08:24)

About Our Guest

Jeremy Boerger helps companies build and rehabilitate their IT asset management (ITAM) practices, both hardware and software asset management (SAM), recovering almost 10% of the IT department’s budget. In 2017, he founded Boerger Consulting, LLC, to better help business leaders and decision-makers fully realize the promises a properly-functioning ITAM and SAM programs can deliver. He tours the country, speaking at numerous conventions and symposiums. He is also the author of Rethinking Information Technology Asset Management,” available through Amazon, Apple Books, B&N, or wherever you prefer to purchase your eBooks and paperbacks.

FOLLOW OUR GUEST:

WEBSITE | LINKEDIN

ABOUT OUR HOST:

FOLLOW OUR HOST:

WEBSITE | LINKEDIN

July 31, 2024July 31, 2024

Automation and AI in Cybersecurity: Enhancing Response Capabilities with Billy Gouveia

Podcast: Play in new window | Download (Duration: 14:05 — 19.4MB)

Subscribe: RSS

Summary

In this episode of #ChattinnCyber, Billy Gouveia, the CEO of Surefire, a prominent cybersecurity firm stops by to chat. Billy chats about quantifying the costs associated with data breaches. He shares what it was like growing up in Boston and becoming the CEO of a renowned cybersecurity company.

Billy acknowledges the significance of #cybersecurity in today’s world, stating that the work being done in the field will have a lasting impact on future generations. He highlights the exponential growth of the tech industry, which is enabled by cybersecurity, and emphasizes the importance of addressing issues such as IP theft and the normalization of cybercrime.

Billy explains that he recognized structural disincentives for current market participants to embrace technology in a different way. He wanted to reframe the role of incident response experts and leverage technology to provide better outcomes for clients. By automating workflows and utilizing technology effectively, Surefire aims to provide faster outcomes, reduce costs, and make clients’ lives better during cyber events. The conversation then delves into the role of automation and #artificialintelligence (AI) in incident response. Billy clarifies that while AI has a role to play in automation, the current focus is more on automation itself. He discusses the advancements in technology and tools for detection, containment, forensic investigations, and restoration.

Billy emphasizes the importance of talent in the field and how automation can streamline processes, allowing experts to focus on guiding clients through business decisions. Billy tells our listeners about cybersecurity controls that provide the best return on investment (ROI). He suggests starting with endpoint detection and response capability, along with multi-factor authentication (MFA) and backups. He explains that the prioritization of controls may vary depending on the nature of the business, such as protecting intellectual property or ensuring uptime.

The discussion then shifts to the challenges of MFA bypass techniques, where threat actors find ways to bypass or degrade MFA controls. Billy explains examples such as MFA fatigue and token theft, highlighting the need for multiple controls and a thoughtful approach to cybersecurity.

In conclusion, Billy reflects on the dynamic and challenging nature of the cybersecurity domain. He emphasizes the importance of seeking guidance from experts like Marsh McLennan Agency #MMA to navigate the complexities of cybersecurity.

Key Takeaways

The Significance of Cybersecurity: Billy Gouveia emphasizes that cybersecurity is among the defining issues of our time, with the work being done in the field expected to impact future generations. The tech industry, enabled by cybersecurity, is a trillion-dollar industry, but it also faces challenges such as IP theft and the normalization of cybercrime.
Reframing the Role of Incident Response: Surefire aims to reframe the role of incident response experts by leveraging technology and automation to provide better outcomes for clients. By automating workflows and utilizing tools effectively, they can provide faster responses, reduce costs, and improve clients’ experiences during cyber events.
Automation vs. Artificial Intelligence: While artificial intelligence (AI) has a role to play in automation, the current focus in incident response is more on automation itself. Automation can streamline processes and allow experts to focus on guiding clients through business decisions. AI’s role in incident response is expected to grow over time.
Prioritizing Cybersecurity Controls: When it comes to cybersecurity controls, Billy suggests starting with endpoint detection and response capability, multi-factor authentication (MFA), and backups. The prioritization of controls may vary depending on the nature of the business, such as protecting intellectual property or ensuring uptime.
Evolving Cybersecurity Challenges: Threat actors are constantly finding ways to bypass or degrade cybersecurity controls. MFA bypass techniques, such as MFA fatigue and token theft, pose challenges. It is crucial to have multiple controls in place and to stay vigilant in adapting to evolving cybersecurity threats.

Key Quotes

“In many ways, cyber is among the defining issues of our time… The stuff we work on now will affect our kids and our grandkids.”
“…if we have automation putting the puzzle together, then what our team can do is focus more on helping the client orient to the picture the puzzle creates, and then guiding our clients through a set of business decisions.”
“I’m hopeful AI can make the offense-defense matchup a lot more symmetric… Maybe AI can close that.”
“Having a response take three days in duration versus three weeks makes their lives better, reduces business interruption.”
“Four or five years of a hard insurance market has done more to improve security controls than 20 years of security professionals howling at black hat or RSA or any of the security conferences.”

About Our Guest

Billy Gouveia is the CEO and Founder of Surefire Cyber, one of the most well-known cybersecurity firms in the country. With over 20 years of experience in cyber, intelligence, and technology, Billy has become a respected figure in the field. His passion for addressing the challenges of cybersecurity and his belief in the importance of technology in incident response led him to establish Surefire Cyber. Billy’s expertise lies in reframing the role of incident response experts and leveraging technology to provide better outcomes for clients. He is dedicated to helping organizations navigate the ever-changing cyber landscape and is committed to making a positive impact in the field of cybersecurity.

Follow Our Guest

LinkedIn | Surefire Cyber

About Our Host:

Follow Our Host:

WEBSITE | LINKEDIN

June 11, 2024June 11, 2024

Dark Web IQ: Disrupting Cybercrime with Kevin Sherry

Podcast: Play in new window | Download (Duration: 22:28 — 30.9MB)

Subscribe: RSS

Summary

In this episode Marc Schein is chattin’ with Kevin Sherry, the founder of DarkWeb IQ, a pioneering offensive cybercrime prevention firm. Kevin shares his unconventional journey from a hedge fund trader and entrepreneur to a leader in the cyber insurance industry, eventually leading to the inception of DarkWeb IQ. Kevin’s entrepreneurial spirit and proactive approach to spotting opportunities in the evolving insurance landscape laid the foundation for his innovative venture.
Kevin details the origins of DarkWeb IQ, emphasizing his belief in the necessity for a new approach to cybersecurity. In 2020, amid the chaos of the pandemic, the cyber insurance market faced unprecedented challenges due to a surge in ransomware attacks. As market panic ensued, Kevin, leading a team at Everest, realized the need for a radical solution to protect against mounting losses. His sleepless nights and relentless pursuit of answers culminated in the idea of infiltrating and disrupting the cybercriminal supply chain, a concept that formed the core of DarkWeb IQ’s mission.

DarkWeb IQ’s approach diverges from traditional defensive security measures. Instead of merely implementing preventive controls, the firm actively engages with the criminal underground to disrupt cybercrime operations. Kevin recounts how the cybercriminal ecosystem, similar to a supply chain, can be infiltrated and dismantled by targeting its vulnerable links. Despite initial assumptions that such methods were already in use, Kevin was surprised to find significant gaps in the existing threat intelligence efforts, paving the way for DarkWeb IQ’s unique offensive strategy.

Kevin’s firm has intercepted over 800 attacks in two years, employing various methods from direct interventions to collaborations with vendors and government agencies. These interventions range from alerting companies about immediate threats to helping software vendors secure their tools against misuse. Kevin explains how his team’s efforts not only protect individual clients but also contribute to broader societal benefits, such as safeguarding critical infrastructure like hospitals and water treatment facilities.

Reflecting on lessons learned, Kevin highlights the importance of focusing on the basics of cybersecurity. Many attacks exploit simple vulnerabilities, often overlooked despite significant investments in security tools. He advocates for a pragmatic approach where companies prioritize understanding and addressing the most common attack vectors rather than being overwhelmed by compliance checklists. Kevin also stresses the value of proactive vulnerability scanning for insurers, while cautioning against the pitfalls of alert fatigue caused by overemphasis on less critical vulnerabilities.

As the conversation concludes, Kevin expresses his pride in the public-private partnership model that DarkWeb IQ embodies, working closely with law enforcement and the insurance industry to create impactful solutions. He reflects on his journey and the collaborative spirit of their mission, looking forward to continued innovation and progress in the fight against cybercrime.

Key Takeaways

Kevin Sherry started DarkWeb IQ due to his frustration with the rise in ransomware attacks and wanted to find an innovative way to combat cybercrime.
DarkWeb IQ works to infiltrate the cybercriminal ecosystem and supply chain to gain visibility into potential attacks. They intercept attacks and work with law enforcement to build cases against criminals.
DarkWeb IQ has directly intercepted over 800 attacks in their 2 years of existence by infiltrating criminal operations.
Most cyber attacks utilize basic methods, even though security has become very complicated. Focusing on how real-world attacks occur can improve security programs.
Proactive vulnerability scanning by insurers provides value, but alert fatigue is a problem. Focusing alerts on key vulnerabilities that are likely to be exploited is important.

Key Quotes

“By late Q3 of 2020, there was panic in the marketplace and it was noticeable. People were scared.”
“I was angry at the idea that these a**hole ransomware criminals in eastern Europe and Russia were going to potentially undo five years worth of blood, sweat, and tears I put into building this business.”
“What we were proposing was essentially we felt that we had a good legal argument that could allow us to go in on a consistent and scalable way to engage with all sorts of criminals that are in that ecosystem in a way that just wasn’t being done.”
“We’ve had over 800 of those so far in our two year existence.” (Referring to direct attack interceptions)
“Most vulnerabilities don’t matter. 98% of vulnerabilities are literally never going to have a weaponized exploit. They don’t matter. You shouldn’t be patching them. You’re wasting and depleting resources.”

ABOUT OUR GUEST:

Kevin Sherry is a highly accomplished professional with a strong focus on cybersecurity and public-private partnerships. Currently, he leads a prominent public-private partnership aimed at safeguarding U.S.-based companies against imminent ransomware attacks. With a proven track record of success, Kevin has built a market-leading and best-in-class cyber insurance business from the ground up at a top-tier carrier. Additionally, he played a pivotal role in establishing Prime International Trading’s first high-frequency trading team, which generated over $4 million in profit for the firm and laid the foundation for the firm’s success during times of disruption. Kevin’s passion for making a positive impact extends beyond the business world. He co-drafted a blueprint and secured funding for an initiative to break the cycle of poverty for coffee farmers in Flores, Indonesia, in collaboration with Noble Coffee, local political leaders, and NGOs. Today, parts of the plan are being executed, bringing tangible benefits to the community. Kevin holds a Master of Science in Finance from the Simon School of Business, where he was a member of the prestigious Beta Gamma Sigma honor society. With his expertise and dedication, Kevin Sherry continues to make significant contributions in the fields of cybersecurity, finance, and social impact.