Category Archives: Cybersecurity

NIST releases “Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans.”

Written by
On December 12, 2014, the National Institute for Standards and Technology (“NIST”) announced the release of Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans (“SP 800-53A”). SP 800-53A is a companion guideline to Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organizations (“SP 800-53”) and discusses how to build effective assessment plans and how to analyze and manage assessment results. NIST’s announcement highlights [...] Read more

Data Protection Commissioners Adopt Resolution on International Cooperation

Written by
On October 14, the International Data Protection and Privacy Commissioners’ (“IDPPC”) conference adopted a resolution calling for increased enforcement cooperation among international data protection authorities. Data protection authorities from around the world participated in the IDPCC conference, including representatives from Europe, Asia, the United States (including the Federal Trade Commission), and South America. In the “Resolution on Enforcement Cooperation,” the IDPCC encourages “efforts to bring about more effective cooperation in cross-border investigation [...] Read more

New California Law Expands Data Security Requirements, SSN Protections and Breach Notification Obligations

Written by
On September 30, 2014, the Governor of California signed Assembly Bill 1710, which made three small but important changes to the state’s privacy laws.  The bill:  (1) amended California’s breach notification law to require that the notifying entities offer identity theft protection services to affected individuals in certain cases; (2) required California businesses that “maintain” personal information on state residents to adopt reasonable security procedures to protect that personal information (a requirement that previously only applied to businesses that own [...] Read more

Kim Peretti authors Bloomberg BNA article on Cyber Threat Intelligence and Information Sharing

Written by
Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, authored (with contributions from associate Lou Dennig) the Bloomberg BNA article, “Cyber Threat Intelligence: To Share or Not to Share—What Are the Real Concerns?” In the article, Peretti discusses the importance of exchanging cyberthreat information and the concerns relating to information sharing, as well as provides guidance for companies in mitigating potential risks regarding this information sharing. Posted by Security Incident Management & Response Team | Alston & Bird [...] Read more

Inside Counsel Talks Cybersecurity with Kim Peretti Ahead of WIPL Conference

Written by
Kim Peretti, a partner in the firm’s White Collar Crime Group, discussed cybersecurity and the upcoming Women, Influence & Power in Law Conference with Inside Counsel. “From a legal standpoint, the risk exposure for a cyberattack has continued to rapidly increase,” and senior executives and board members play an important role in their company’s cybersecurity, said Peretti. “Senior management should know it’s not just an IT issue, it’s an enterprise risk and needs to be handled as all other enterprise risks. The board and senior executives should [...] Read more

Alston & Bird Hosting Event: The Evolving Cyber Insurance Market: Key Issues and Challenges

Written by
Kim Peretti, partner and co-chair of the firm’s Security Incident Management and Response Team, will moderate a panel discussion during this September 11 event. The featured speakers are Tom Finan, Senior Cybersecurity Strategist and Counsel with the U.S. Department of Homeland Security, and Sean Hyatt, counsel in the firm’s Litigation & Trial Practice Group and a member of the Insurance Litigation & Regulation Team.  The Department of Homeland Security has taken an active role in the growing interest in cyber insurance, holding several public roundtables and workshops [...] Read more

Kim Peretti Interviewed by BankInfoSecurity

Written by
Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, was interviewed by BankInfoSecurity about what boards must know about security issues and how to keep directors risk-aware. In the interview, titled “Cybersecurity: What Boards Must Know,” Peretti discusses what directors don’t know about security, the pre- and post-breach responsibilities of boards, and how to educate the board – and when. “[Boards] have an awareness of the threat out there,” Peretti said. “But what they’re struggling with – what [...] Read more

Secret Service Estimates in Follow-Up Advisory that “Backoff” Malware Affected 1,000 U.S. Businesses

Written by
On Friday, August 22 the Department of Homeland Security (“DHS”) and U.S. Secret Service released an advisory warning that a family of malware known as “Backoff” may have infiltrated the Point of Sale (“PoS”) systems of over 1,000 U.S. businesses. The malware was injected into some systems as far as back as October 2013, and DHS warns that it “has likely infected many victims who are unaware that they have been compromised.” “Backoff” allows cybercriminals to remotely exfiltrate consumer credit card information by exploiting [...] Read more

U.S. Treasury Secretary Lew Emphasizes Cyber-Risks for Financial Institutions

Written by
In remarks delivered earlier this month, U.S. Treasury Secretary Jacob Lew highlighted the dangers of “cyber intrusions” to financial institutions. Secretary Lew cited more than 250 cyber attacks against U.S. banks and credit unions since 2011, as well as recent hacks and credit card thefts against major retailers. “Cyber attacks on our financial system represent a real threat to our economic and national security,” said Secretary Lew. To combat cyber attacks, Secretary Lew recommended that financial institutions adopt the NIST Cybersecurity Framework, stating that “every [...] Read more

Kim Peretti and Jessica Corley co-author Bloomberg BNA article on Director Liability for Cybersecurity

Written by
Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, co-authored with Jessica Corley, chair of the firm’s Securities Litigation Group, the Bloomberg BNA article, “Cybersecurity: What Directors Need to Know in an Era of Increased Scrutiny.” In the article, Peretti and Corley discuss the cybersecurity issues that directors and officers face due to the fact that most companies’ assets are stored digitally and, therefore, at risk of cyberattacks. Because of these risks, well-designed policies and procedures to ensure data security are crucial [...] Read more