Beginning Next Week: InsideCounsel will become part of Corporate Counsel. Bringing these two industry-leading websites together will now give you comprehensive coverage of the full spectrum of issues affecting today's General Counsel at companies of all sizes. You will continue to receive expert analysis on key issues including corporate litigation, labor developments, tech initiatives and intellectual property, as well as Women, Influence & Power in Law (WIPL) professional development content. Plus we'll be serving all ALM legal publications from one interconnected platform, powered by Law.com, giving you easy access to additional relevant content from other InsideCounsel sister publications.

To prevent a disruption in service, you will be automatically redirected to the new site next week. Thank you for being a valued InsideCounsel reader!

X

Preparing for cyber attacks must be multifaceted

These days, cybersecurity threats are outpacing the technology that protects sensitive data. And, new threats are popping up faster than the legal framework that governs data privacy and security can catch up.

 Most of these data breaches fall into three categories: Those motivated by financial gain; Breaches of U.S. government organizations by foreign governments to steal government secrets for military, intelligence, economic or other foreign policy gains; and then Cyberextortion. These primary categories highlight the diversity of hackers’ targets and the creativity of their methods, and the frequency of these hacks demonstrate the inadequacy of traditional approaches to cybersecurity.

Inside Counsel recently sat down with Peter Toren, partner, Weisbrod Matteis & Copley, to discuss the new approach that must be taken to protect sensitive data from hackers of all types.

So, why do we have to be multifaceted when preparing for cyber attacks these days? There are two key reasons, according to Toren. First, attacks can come from a variety of sources, external (international, domestic) or internal (employees, contractors, etc.). For external, companies must have strong firewalls and systems that not only prevent outsiders from breaking into the company's computer system, but also will not notify responsible officials that the company is under attack so further preventive measures can be instituted. With regard to internal, a company must have in place strong internal controls to prevent employees from accessing information that they are not authorized to use.

“These controls are very different from preventing outsiders from hacking into the computer system and are equally important since studies have shown that employees pose a significant risk to a company's computer system and proprietary information,” he explained.

Cybersecurity threats are outpacing the technology that protects sensitive data. “The resources of the bad guys is much greater than what is being spent to defeat the bad guys,” said Toren.  “Many companies (not all) would rather not spend as much money as required on computer security because computer security is not a profit center and companies would rather hope that they don't become the victim of a computer hack.”

On the other hand, the reason for the bad guys is to hack into companies and steal information for financial gain. Computer systems and the Internet were originally designed to be open systems and it is difficult to make secure a system that was not originally designed to be secure.

These emerging threats are popping up so fast lately because of the value of the financial value of the information that is at-risk, according to Toren. For many companies the value of their intangible assets exceeds the value of their tangible assets. Unlike a tangible asset, such as a factory that cannot be stolen, intangible assets, such as a trade secret, are at risk from theft.

He said, “We have been living in an information age for some time and the value of information, whether it be credit card numbers or trade secrets, is only increasing.”

According to Toren, to combat these threats, companies should devote resources towards protecting valuable information from external and internal threats.

“This is not a one-time expenditure,” he said. “But companies should act on an ongoing basis and consistently update their defenses/systems as new and different threats materialize.”

Related stories:

Study: When it comes to privacy, no company is perfect

Cyber attacks and litigation expected to jump in 2016

The game plan for closing the SecOps gap

Cyber breaches & insider threats drive usage of forensic data analytics

Contributing Author

author image

Amanda Ciccatelli

Amanda G. Ciccatelli is a Freelance Journalist for InsideCounsel, where she covers intellectual property, legal technology, patent litigation, cybersecurity, innovation, and more. She earned a B.A....

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.