Cybersecurity Awareness Means, at a Minimum, Doing the Basics … – JD Supra




Polsinelli
On September 30, 2022, the White House kicked off Cybersecurity Awareness Month by reminding citizens of the impacts cyberattacks can have on critical infrastructure such as “electric grids and fuel pipelines … and many other critical services,” and the importance of partnering with private industry and exchanging information about cyber threats.1
A few days after the above proclamation, a jury convicted the former Chief Security Officer of Uber of concealing from the FTC a 2016 data breach that exposed the personal information of about 57 million users and was linked to other data breaches.2 The former CSO awaits sentencing, which could be up to five years in federal prison.
During his trial, the former CSO claimed he was being scapegoated, that Uber’s legal team and others knew about the 2016 data breach and failed to timely report it. Ironically, about a month ago Uber was hacked again after an employee was tricked into providing access to its network. This time Uber reported the incident to law enforcement.
So what are the takeaways from last week’s conviction of Uber’s former CSO when raised awareness is not tracking with threat levels, and the effectiveness of unscrupulous adversaries is only increasing, as evidenced by incidents involving the Los Angeles Unified School District, Australian telecommunication companies, American Airlines, DoorDash, and U-Haul?
The Basics
To demonstrate good faith efforts to keep pace with an ever-evolving threat landscape and expanding cybersecurity legal obligations, organizations should develop, implement and maintain the following:
Refine your Cybersecurity Incident Response Plans (IRP)
Revisit your Cybersecurity Risk Assessment (RA)
Realign your Written Information Security Program (WISP)
Conclusion
The authors’ experience spans hundreds of cybersecurity incidents and has involved government investigations, and B2B, class action defense, and platform user/consumer-side litigation. 
 
1 https://www.whitehouse.gov/briefing-room/presidential-actions/2022/09/30/a-cybersecurity-awareness-month-2022/
2 https://www.justice.gov/usao-ndca/pr/former-chief-security-officer-uber-convicted-federal-charges-covering-data-breach
3 https://www.cisa.gov/critical-infrastructure-sectors
4 https://www.nist.gov/cyberframework/framework
5 https://www.cisa.gov/circia
See more »
DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
© Polsinelli | Attorney Advertising
Refine your interests »
Back to Top
Explore 2022 Readers’ Choice Awards
Copyright © JD Supra, LLC

source


CyberTelugu

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top

Adblock Detected

Please consider supporting us by disabling your ad blocker

Refresh Page