Last week, FRA Senior Director Russell Miller and Director William Odom attended the Incident Response Forum 2019 - A Data Breach Response Conference for Legal and Compliance Professionals.
Government cyber-prosecutors and cyber-investigators, attorneys and experts specializing in data breach response came together to discuss the most important and timely data breach response topics such as the legal and compliance aftermath of a data breach, including governmental investigations and litigation, as well as the almost endless list of potential civil liabilities after a cyber-attack.
Key topics of discussion included:
- Data Breach Response
- Managing Retail Data Breaches
- After the Breach: Cyber Insurance and Class Actions
- National Security and Cyber-Attacks
- Managing Data Breaches Across Borders (Privacy & GDPR)
- Breach Avoidance/Preparation: Counseling Companies Before the Inevitable Breach
- After the Breach: Digital Forensics and Remediation
- Managing Financial Firm Data Breaches
Consistent messages throughout the Forum included:
- Email phishing and other low-tech entries into systems are still the most prevalent.
- Ransomware is now more sophisticated and targeted.
- Basic cyber hygiene is necessary: Updates to IR plans on a regular cadence, table top exercises on a similar regular cadence and after action plans.
- Boards and C-Suite execs are getting smarter to the risks associated with cybersecurity but they need constant and current communication
- Perfect security is impossible
- US privacy laws will be top of mind in the coming months.