Addressing The CrowdStrike Outage
by Dave Burg, Marc Brawner, Keith Wojcieszek
Fri, Sep 11, 2020
The first was led by Imran Jaswal and Ryan Spelman of CyberClarity360. It focused on the concept of risk identification, aimed at helping the members of Buying Legal Council understand and identify risks in their vendor ecosystem. While the number of cyber risks is myriad, there are specific challenges to legal vendors that require special attention. The sensitivity and volume of data that may be shared with one or more outside counsel make a data breach by a legal vendor a particularly high-risk event. Further, the nature of legal vendor relationships, with their potential for rapid scope change and confidential procurement, make managing this data sharing a particularly challenging activity.
In the second, led by Shay Colson and Ryan Spelman of CyberClarity360, Kroll analyzed and studied vulnerabilities the same way hackers do and emphasized the data points that should be considered when deciding to engage or avoid specific legal vendors. Shay Colson talked about the critical vulnerabilities of accounts that get compromised due to exposed records. These records may be employee account credentials used on other systems such as payroll providers or travel booking sites. And, if the employees used the same username and password they use on their organization's systems, then it could lead to a data breach. Both Shay and Ryan emphasized that understanding the cyber risk exposure, combined with an understanding of the data that will be shared with the vendor, is critical in deciding how to engage with the legal vendor.
Log into your Buying Legal account to access this video recording.
The third was a fireside chat with a significant financial institution's legal vendor cyber risk management team, moderated by Shay Colson. This organization has built a robust legal vendor cyber risk management program that identifies and avoids potential risks and can engage and mitigate the threat. The mitigation comes from careful analysis of risks, leveraging a technology platform, and excellent communication between the financial institution and the firms.
Staff from Kroll’s Legal Management Consulting practice, Tyler Marion and Derek Mihm, joined us for the final and fourth webinar where they educated the audience on contracts. Contracts represent one method of risk transfer, which often represents the last option for dealing with risk if you cannot avoid it or mitigate it. Tyler and Derek focused particularly on managing clauses and terms across thousands of contracts and how leveraging technology can bring greater clarity to your understanding of what options are available to you in transferring the risks your legal vendors may create.
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Efficiently assess and confidently track the security and resilience of third parties with CyberClarity360, a robust third-party cyber risk management solution.
Capture the value of contracts through M&A due diligence, acquisition integration and daily contract management.
Manage risk, not spreadsheets. Identify and remediate cybersecurity risks inherent in third-party relationships, helping achieve compliance with regulations such as NYDFS, FARS, GDPR, etc.
Ensure that your third parties are handling sensitive data according to regulatory guidelines and industry standards with our cyber audits and reviews.
A notification letter can generate lots of questions for those affected by a data breach. Kroll’s call center services are provided by skilled representatives who know how to handle difficult questions and stand at the ready to serve your breached population.
by Dave Burg, Marc Brawner, Keith Wojcieszek
by Ryan Hicks
by George Glass