eWhite House Watch - Full Article

ALM cyberSecure 2017 Recap

January 9th, 2018

By: Connor Breza

 

To close out 2017, on December 4th and 5th ALM Media hosted its annual cyberSecure 2017 conference in New York City.  The two day conference, which took a holistic approach to cyber-security, brought together professionals across industries and functions to better prepare corporations and corporate leaders for cyber risks and to “shape policies, risk management strategy, compliance programs, and an organization’s cyber-incident response playbook.”  The event’s main focus was to educate in-house counsel, compliance and privacy officers, technology solution providers, law firms and advisory consulting professionals on ways to improve their preparedness and response time to the growing dangers of cyber attacks that may hinder a business’s functionality, and to provide better strategies to strengthen corporate “cyber resiliency.”

The event featured four keynote speakers, Kathleen McGee, Chief of the Internet and Technology Bureau of the Office of the Attorney General of the State of New York; Richard T. Jacobs, Assistant Special Agent In-Charge of the New York Cyber Branch of the FBI; Christopher C. Krebs, Senior Official Performing the Duties of Under Secretary National Protection and Programs Directorate of the Department of Homeland Security; and Eric Friedberg, Co-President of Stroz Friedberg, LLC; as well as several other prominent noteworthy speakers.

 

McGee delivered the opening address, discussing “The New Realities of Post-Breach Crisis Management.”  In her segment, McGee stressed that crisis management requires a multifaceted approach, utilizing a variety of teams operating together. One of her most important messages was that the best crisis response will already be thought out and tested before it occurs.

 

Jacobs delivered the morning keynote with the focus on “Trends and Priorities to Manage the Cyber Frontier.” Jacobs discussed the reality that there are increasing dangers from more sophisticated and easier to use tools.  He also pointed out that some hackers may not be assuaged by money alone as well as the fact that cyber investigations are lengthy, extensive, and invasive. Similar to McGee’s stance, Jacob believes the best policy is to be prepared before a cyber attack happens.  He also stressed that it is important to watch out for inside actors and backdoors.

 

Krebs delivered the second day of the conference’s opening address, titled “Cyber-Physical and Other Growing Threats to Critical Infrastructure.”  He discussed that one of the main, and most difficult to stop vulnerabilities of a cyber network is physical intrusions.  As it cannot be stopped by software alone, breaching servers or server sites physically still poses a huge challenge.  He also highlighted that over the past several years there has been a rise in cyber weapons that destroy physical infrastructure like “Stuxnet” and the electrical grid breach in Ukraine.

 

Friedberg followed the opening address with his Morning Keynote on “Building Organizational Resiliency to Deal with Data Breaches.”  The stated purpose of this address is to “explore how to identify and prioritize critical action steps to close the gap on risk assessment, oversight and breach response plans” in order to “accelerate your path to resiliency.” He stressed that it essential to be knowledgeable and informed about cyber threats, backups, critical business elements, and the necessity of a dedicated cyber team.  Friedberg asserted that due to the prevalence of cyberattacks in 2017, “the reality of ‘its when, not if’ is finally setting in.”

 

There was a host of scheduled segments each day following the keynote speakers which were broken down into three categories for each day. On the first day of the conference, the speakers were separated into “Regulatory,” “Risk Management,” and “Industry and Technical.”  The second day was split between “Bench Marking,” “Crisis Management,” and “Data Governance.”

 

One noteworthy event was “Mitigating Cybersecurity Vulnerabilities in Your Supply Chain” moderated by Jennifer Archie, Partner of Latham & Watkins LLP.  This event involved four speakers, Ryan Lobato, Corporate Counsel of ExxonMobil; Holly Brady, Senior Counsel of Altria Client Services; Buck De Wolf, Vice President, Chief Intellectual Property Counsel and General Counsel of GE Global Research; and Nicole Eagan, CEO of Darktrace.

 

This segment enumerated on the greater risks that arise as companies improve their supply chains through more interconnected technologies. The speakers discussed various steps companies can take to maintain secure interconnected relationships involving their supply chain. The panel highlighted that third party risk to systems is number one after insider threats.  They also state that the cloud is not always the most viable solution, with potential difficulty negotiating with cloud computing companies. Mirroring what appears to be the overall most crucial theme in cybersecurity, the panel maintains that constant vigilance and preparedness is necessary.

Leave a Reply