1 / 25

Texas Assisted Living Association 2019 Conference

Learn about the widespread and difficult-to-detect nature of cyber threats and how to protect your business from them. Understand the different categories and methods of cyber attacks and discover the key consequences of a hack. Explore pre-breach preparation and incident response strategies to minimize and respond effectively to a cyber attack. Gain insights on a global approach to cyber risk management and the importance of a comprehensive information security plan. Attend the Texas Assisted Living Association 2019 Conference to stay updated and ready for the evolving cyber threats.

cwayne
Download Presentation

Texas Assisted Living Association 2019 Conference

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Texas Assisted Living Association2019 Conference

  2. Cyber Threats—Are You Ready?

  3. Headline News

  4. The Cyber Threat • Cyber attacks are widespread, systemic and difficult to detect. • Companies in regulatedindustries or which have proprietary technology, sensitive customer data, or intellectual property are most at risk.

  5. Who’s Doing the Hacking? • Outsiders • Financially motivated cybercriminals • “Hacktivists” • Hackers for hire • Nation-state-supported actors • The malicious insider

  6. Categories of Attack • Theft of Trade Secrets/Economic Espionage • Theft of Consumer and Financial Data • Data Destruction/ Disruption of Operations • Website Defacements

  7. Methods of Attack • Exploitation of Network Vulnerabilities • Mismanaged computer systems • “Zero-day” vulnerabilities • Social Engineering • Physical Devices • DDoS Attacks • Misuse of Permissions

  8. Healthcare is a Sizable Portion of All Breaches Health care, with 16 percent reaches, continued to be particularly vulnerable to physical breaches, although malware and hacking breaches are starting to increase as the sector’s transition to electronic medical records progresses. The most vunerable information in health care was medical information, such as patient records, and Social Security Numbers. Source: California State AG Data Breach Report 2016

  9. Key Consequences of a Hack • Governmental Inquiries • OCR • States Attorney General • DOJ/SEC/FTC/FDA . . . • Litigation • Class Actions/Consumer Litigation • Negligence and negligent omission • Invasion of privacy • Breach of contract • Shareholder Derivative Demands • Breach of fiduciary duties • Loss of Competitive Advantage/Reputational Harm • Costs of Responding to an Attack

  10. How to Minimize and Respond to a Cyber Attack Pre-Breach Preparation Incident Response Framework

  11. A Global Approach to Cyber Risk • Develop and implement a comprehensive information security plan. • Can’t do piecemeal – coordinate to avoid weak points. • Must address internal and external threats, both human and technical. • Plan must be customized to organization’s business operations. • Once implemented, plan should be reviewed and updated regularly. • There should be clear lines of communication and authority for cyber security within the organization.

  12. Cyber Risk Assessment • Identify internal and external threats. • Review computer network and identify/assess vulnerabilities. For example: • Are software patches applied in a timely fashion? • Is the network adequately segmented? • Are access controls sufficient? • Is data encrypted where necessary? • Are network logs appropriately detailed and maintained? • Is the network topology map up to date? • Review vendor relationships (esp. data storage vendors). For example: • Do they have cyber risk protocols? • Do my clients require me to have cyber risk protocols?

  13. Anatomy of a Modern Cyber AttackCredit: CyberSecurity Insights , Eija Paajanen, 5/22/2017

  14. A Closer Look at the Mechanics: The Target Attack

  15. Cybersecurity: Phishing

  16. Attack!! What Now?

  17. The Clock Starts Ticking …

  18. Duty to Warn – State • Data Breach – State Notification Laws • 48 states require private entities to notify individuals of security breaches of information involving “personally identifiable information PLUS • Laws specify notification requirements including: • Recipients • Content • Timing • Form • Identity theft prevention and mitigation services

  19. Duty to Warn – Federal • Federal Breach Notification Laws • HIPAA/HITECH Breach Notification Requirements • FTC Health Breach Notification Rule

  20. Duty to Disclose Cyber Risks – SEC • Generally, SEC requires companies to report “material” events or risks to shareholders. • Materiality depends on what a reasonable investor would consider important to an investment decision. • “Registrants should disclose the risk of cyber incidents if these issues are among the most significant factors that make an investment in the company speculative or risky.” (SEC Disclosure Guidance Topic No. 2 (Oct. 13, 2011).

  21. Healthcare Leads Data Breach Costs Source: Ponemon Institute 2017 Cost of Data Breach Study: United States

  22. Final Thoughts • Cyber security is a business risk, not an “IT problem.” • It must be managed and mitigated like any other risk. • Think in terms of compliance. • This is a long-term process.

  23. Edward P. Jones Chief Compliance Officer Third Rock, Incorporated ed.jones@thirdrock.com Ana E. Cowan Deborah C. Hiser Senior Counsels Husch Blackwell LLP Ana.Cowan@huschblackwell.com Deborah.Hiser@huschblackwell.com Thomas Brown

More Related