By Tom Hagy
Did someone order another cautionary tale about data security? The Associated Press responded quickly last week to a bogus AP tweet apparently sent out by hackers with the Syrian Electronic Army (S.E.A.) announcing a bomb attack on the White House. News of the fictitious event sent U.S. markets into a dive. “Pure chaos” was reported on the trading floor of the New York Stock Exchange. The S.E.A. reportedly is sympathetic to Syrian President Bashar Assad — a man with his own set of problems — and has apparently hacked the accounts of other respected news outlets, including NPR, the BBC and CBS. News reports say Twitter is taking steps to beef up its account-authentication protocols.
Unfortunately, experts say, this is not an uncommon occurrence. “This is something we see organizations face daily in many sectors. These events lead to costly insurance claims that our worldwide insurance partners — those who insure against cyber liability risk — see regularly now,” said Mark Greisiger, a cyber risk analyst and president of leading risk assessment and mitigation company NetDiligence®.
The 2013 Verizon Data Breach Investigations Report — an annual must-read in the data world — said that 76% of hacks are made possible by weak or stolen credentials, that 96% of them come from “outsiders,” and 20% are “state affiliated.” Verizon has analyzed 621 confirmed breaches and 47,000 “security incidents.”
Al Saikali is a privacy and data security attorney with Shook Hardy & Bacon, and author of the Data Security Law Journal. Saikali told HB that “when it comes to cyber threats, we’re all learning how to operate in an already compromised environment. There’s no way to prevent all attacks; you can only minimize the risks and incorporate them into the cost of doing business in the 21st century.”
He added that the SEC recently decided to allow companies to make corporate disclosures via social media like Twitter. “I heard analysts call for the SEC to re-examine that policy,” he said. “While it is important to make sure that companies are making their public disclosures securely, I also hope that we don’t start to regress in our use of technology based on hysteria and a handful of public incidents.”
Greisiger told HB that companies need to expect the unexpected. “This [AP hack] is a reminder that cyber liability risk will often surface in unique ways — from malicious exploits to very common, innocent mistakes by staff, partners or service providers that are in the care, custody and control of information residing on porous networks.”
It also is a reminder of the price tag that comes with breaches. “A leak of private data or a breach of corporate intellectual property can impact the profits and reputations that risk managers are tasked to protect. Anemic information security and privacy practices that fall short of ‘reasonable’ can lead to expensive class actions and aggressive state and federal enforcement actions,” Greisiger said.
These and many other aspects of cyber risk and privacy liability will be addressed by leading experts during the annual NetDiligence Cyber Risk & Privacy Liability Forum which will take place June 6 and 7 at the historic Hyatt Bellevue Hotel in Philadelphia (left). HB’s Tom Hagy, producer of the event, says there has been a strong buzz about this conference, as well as its sister program scheduled for October 10 and 11 in Marina del Rey, Calif. (below). For more information, write to us at Info@LitigationConferences.com.