As legal chiefs around the world get serious about cybersecurity as part of our mission to defend our organizations, we’re learning fast, but it’s time to go beyond education and begin taking action. Four years ago Guidance Software brought legal, security, and risk and compliance chiefs together at the inaugural CISO/CLO Summit to talk strategy and we’ve come a very long way since.
Last year I was privileged to lead a panel discussion on enabling proactive risk and threat intelligence at CISO/CLO Summit 2014. The panelists included an information security chief for a major defense manufacturer, the CISO for a global automaker, security analyst Jon Oltsik of the Enterprise Strategy Group (ESG), and Ed McAndrew, the Assistant U.S. Attorney and National Cyber Security Specialist for the Department of Justice.
Working with the DOJ on Cyber Crime
Our discussion focused on how to respond to security incidents in a way that minimizes damage, prevents the ultimate exfiltration of data, and allows organizations to work productively with the appropriate law-enforcement agency. Among the many insightful things said by panelists was this remark from Ed McAndrew on how the Department of Justice is now approaching cyber investigations:
“While they’re still in the network there’s a real opportunity for investigation. It’s a highly complex and dynamic scenario in every case. Our greatest successes are happening when victims are working with us and we can capture data and analyze it while the persistent threat persists.”
While discussing the sometimes complicated dynamic between executives and security teams and the need for executives to become educated on security, McAndrew also said:
“Senior executives get targeted [for spear phishing attacks] all the time. What would be bad is if you were the pivot point into the system and, because of your privileged access, they were able to do the following things. You go explain that to your board and to regulators. Explain it to a congressional committee.”
Join Us at CISO/CLO Summit 2015 on May 18
Sessions on the state of endpoint security with 451 Research, on the FBI Cyber Squad, and on inciting industry change and influencing national cybersecurity policy will make this year a can’t-miss one-day learning opportunity for executives. I hope you’ll register to join us and add your voice to the discussion.
Mark E. Harrington is Senior Vice President, General Counsel and Corporate Secretary at Guidance Software and oversees worldwide legal operations for the company.