Chattinn Cyber

Summary In this insightful episode, Marc Schein interviews Snehal Antani, the CEO and co-founder of Horizon3.ai, about his entrepreneurial journey, the evolution of his company, and the future of cybersecurity. Snehal shares how Horizon3.ai grew from a handful of engineers working in a basement to a cutting-edge firm revolutionizing autonomous penetration testing. He walks listeners through the different startup phases, emphasizing how critical it is to develop a repeatable sales process, retain customers, and build operational excellence at scale. Snehal discusses the complex challenge of preserving organizational culture during rapid growth, highlighting mistakes made during their first hyper-growth phase and the importance of investing in strong, well-indoctrinated management. He explains how a thoughtful approach to onboarding managers as cultural ambassadors ultimately led to a more stable, scalable team. He offers a candid perspective on venture funding—detailing both the pitfalls of dealing with inexperienced investors and the value of bringing on seasoned operators as board mentors. Snehal uses his experience with crises, including the collapse of Silicon Valley Bank and the loss of his father, to underline the importance of developing "muscle memory" within leadership teams. He compares this to special operations units, where preparation and planning allow for excellence under pressure. The episode shifts into technical terrain with a compelling explanation of autonomous penetration testing. Snehal shares how Horizon3.ai developed a system capable of autonomously discovering vulnerabilities and compromising environments without human input—essentially transforming cyber warfare into an algorithmic domain. He compares pen testing to chess, where well-defined opening and closing moves are followed by dynamic midgames. Finally, Snehal forecasts a future in which cyberattacks will be AI-powered and nearly instantaneous. He warns that most current defensive tools are designed for human-centered responses, which will soon be obsolete. As evidence, he cites Horizon3.ai's autonomous agent compromising a bank in under five minutes—twice as fast as the previous year. He predicts the first deepseek-enabled cyberattack within 90 days, calling it a wake-up call for the industry. Key Points Startup Phases: Snehal outlines the four key startup phases: building value, repeatable sales, scaling operations, and achieving operational excellence. Culture During Hypergrowth: The key to scaling culture is hiring the right management and giving them time to assimilate before they scale their teams. Autonomous Pen Testing: Horizon3.ai's agent can autonomously discover and exploit vulnerabilities without human involvement. Crisis Leadership: True leadership is tested during crises; muscle memory and planning are essential for executive teams. AI-Powered Cyber Threats: Snehal predicts that the next wave of cyberattacks will be powered by open-weight AI models capable of adaptive exploitation. Key Quotes "You want to build that muscle memory as a CEO as early as possible… so you can stack excellence upon excellence." "PowerPoint is cheap. YouTube videos are cheap. Let our results do the talking." "My primary competitor is mediocre consultants." "Every defensive tool in the market today is designed for humans at the center—and every one of them will be rendered obsolete." "The future of cyber warfare will be algorithms versus algorithms, and humans by exception." About Our Guest Snehal Antani is the CEO and co-founder of Horizon3.ai, a pioneering cybersecurity company that leverages artificial intelligence to autonomously conduct penetration testing. Before founding Horizon3, Snehal served as the first Chief Technology Officer for the Joint Special Operations Command (JSOC), where he was instrumental in leading initiatives in data analytics, cloud/edge computing,

Summary On this episode of Chattinn Cyber, Marc is chattin' with Aaron Painter, a seasoned enterprise tech executive with years at Microsoft and experience leading operations in China and the UK, shares the origin story of his company, Nametag. After observing the rise in identity theft among friends and family, Aaron was struck by how outdated and vulnerable identity verification processes had become—especially the ease with which attackers could answer common security questions using publicly available data. The conversation turns to the evolution of cyber threats, particularly social engineering and deepfake-enabled attacks. Painter outlines a disturbing trend where attackers bypass even sophisticated technological protections like multi-factor authentication (MFA) by exploiting weak points in human processes, such as IT help desks. One example he highlights is the MGM breach, where a phone-based social engineering tactic led to significant damage. Painter emphasizes that many organizations' defenses rely on trust in video verification—such as Zoom or Teams calls—but that these platforms are now susceptible to real-time deepfake emulation. Attackers can impersonate employees or candidates using advanced visual spoofing tools, bypassing traditional verification methods and gaining access to critical systems. To address these vulnerabilities, Nametag offers a mobile-first identity verification solution that leverages smartphone cryptography and biometric tools to take three-dimensional selfies and securely scan IDs. This process ensures stronger identity proofing, even under conditions that would normally be vulnerable to deepfake deception or impersonation. The episode concludes with Painter warning HR professionals about the increasing threat of hiring fraud—where bad actors impersonate real candidates using deepfakes. He advises that companies don't need to replace existing systems like Workday or Okta but should instead implement layered solutions that complement current infrastructure and close critical security gaps. Key Points Cybersecurity Gaps Are Human, Not Just Technical: Despite widespread use of MFA, social engineering attacks targeting help desk personnel remain a primary threat vector. Deepfakes Are Evolving Rapidly: Attackers increasingly use deepfake technologies to impersonate employees or job applicants on video calls, rendering basic visual verification untrustworthy. Nametag's Mobile-First Approach: Nametag strengthens identity verification by using mobile devices' cryptographic and biometric capabilities to combat real-time deepfake impersonation. Hiring Fraud Is a Growing Threat: Criminals, sometimes state-sponsored, use deepfake tools to impersonate legitimate job candidates, gain access to internal systems, and cause serious security breaches. Enterprise Integration Over Replacement: Painter advocates for bolting on new security layers rather than replacing entire systems—filling in gaps while preserving operational continuity. Key Quotes “All you have to do is call and pretend to be the account holder and say you were locked out. Then there's a clear vulnerability. And that vulnerability is a social one or human one.” “The platforms weren't really built to prevent against deepfakes… You've got that person showing up completely different on the video call.” “95% of the background check providers do it with a Social Security number and no identity verification.” “We invented the same concept of scan your ID and take a selfie—but we do it exclusively on mobile.” “I knew identity verification was a hot area. I had no idea it would be this hot.” About Our Guest Aaron Painter is the visionary CEO of Nametag Inc., the pioneering identity verification platform dedicated to protecting users from impersonators and AI-generated deepfakes. With a mission to enhance online authenticity and foster trusted relationships,

Summary In this episode of Chattinn Cyber, cybersecurity expert Mark Jackolski, Director of Risk and Compliance at Show Proof, shares his journey from Long Island technician to national leader in cyber compliance. With a foundation in information systems from Stony Brook University, Mark discusses how his passion for technology evolved into a career focused on helping organizations meet rising cybersecurity standards. The heart of the conversation is the Cybersecurity Maturity Model Certification (CMMC), a framework initiated by the Department of Defense to ensure that contractors protect controlled unclassified information. Mark explains that while compliance with NIST 800-171 has been required since 2017, CMMC introduces verification—organizations must now demonstrate their cybersecurity posture through third-party assessments to remain eligible for federal contracts. Beyond meeting DoD requirements, Mark describes how CMMC builds reputational credibility, calling it “the currency of trust.” He emphasizes the strategic advantage of showing compliance through a recognized badge rather than repeated explanations, which streamlines the contracting process and establishes confidence with partners and clients. When asked how organizations should begin preparing, Mark advises starting with people: appointing a program leader, engaging executive buy-in, and mapping where sensitive data flows. He warns against relying on underqualified partners and stresses the importance of assessing technical, administrative, and physical requirements early. Missteps—like poor documentation or unclear scoping—can lead to wasted time and resources. Finally, Mark highlights the growing relevance of CMMC beyond the DoD. New regulations aim to standardize data protection across all federal agencies, meaning businesses even tangentially involved in government work may soon fall under its scope. As CMMC requirements become embedded in contracts by summer 2025, organizations that prepare now will gain a competitive edge in the expanding defense and government market. 5 Key Points CMMC Explained: The Cybersecurity Maturity Model Certification verifies that organizations working with the Department of Defense meet NIST 800-171 cybersecurity standards. Strategic Advantage: Earning CMMC builds trust and provides a significant edge in securing government contracts by signaling a strong cybersecurity posture. Preparation Starts with People: A successful CMMC journey begins by appointing accountable personnel, securing executive alignment, and clearly mapping the flow of controlled unclassified information (CUI). Pitfalls and Guidance: Common mistakes include working with unqualified providers and underestimating documentation requirements. Mark recommends finding certified experts through the Cyber AB marketplace. Growing Scope: CMMC will expand beyond the DoD to other government agencies, making early adoption a strategic move even for subcontractors or non-defense contractors. 5 Key Quotes “It's the currency of trust.” – Mark on how CMMC serves as a reputation badge in the defense industry. “Start by appointing somebody to oversee the entire process.” – On the critical role of leadership in compliance efforts. “Documentation is key—not just technical controls, but the processes and people behind them.” “If you're going to develop a policy or some other procedure, there has to be buy-in from the organization.” “CMMC started with the DoD, but it's going to expand to other government agencies. This is just the beginning.” About Our Guest Mark Jackolski is a creative and team-oriented cybersecurity professional with a deep-seated passion for technology. He specializes in assisting small to medium-sized businesses in enhancing their security posture and achieving compliance with industry standards. With a persistent drive to deliver exceptional results, Mark offers strategic virtual Chief Information...

Summary In this episode of Chattinn Cyber, Marc Schein welcomes back Ken Rashbaum, a partner at Barton LLP and a professor at Fordham Law School. Ken, a well-respected privacy attorney, shares his journey from being a trial lawyer and prosecutor to becoming a leading figure in data protection and cybersecurity. He discusses how his early work in healthcare law, particularly with the introduction of HIPAA, paved the way for his focus on privacy and cybersecurity on a global scale. Their chat shifts to the current landscape of data protection regulations in the U.S. Ken explains the fragmented nature of these laws, which primarily exist at the state level, with only limited federal regulations in healthcare and children's information. He expresses skepticism about significant changes in federal regulation following the recent presidential election, highlighting the philosophical divide between the two major political parties regarding privacy legislation. Ken emphasizes that voters are increasingly concerned about the privacy and security of their personal information, which complicates the regulatory landscape. Marc and Ken then delve into the importance of cybersecurity provisions in contracts, particularly for midsize businesses. Ken argues that simply stating compliance with applicable laws is insufficient due to the evolving nature of cybersecurity regulations. He advocates for more detailed cybersecurity requirements in contracts to provide clarity and certainty for all parties involved. Ken also addresses the challenges small and mid-sized businesses face when negotiating contracts with larger corporations, suggesting that they assess risks and consider mitigation strategies, such as implementing multi-factor authentication. The discussion also touches on the implications of the General Data Protection Regulation (GDPR) for businesses that may not operate in Europe but have customers there. Ken advises that companies should be aware of their obligations under GDPR if they market to EU residents, as the global nature of the internet makes it difficult to avoid these regulations. He stresses the importance of transparency and understanding the data protection implications of using artificial intelligence in business agreements, given the rapid development of AI technology. Finally, Ken highlights the need for continuous learning in the field of cybersecurity and data protection, urging professionals to stay updated on current changes and adapt to the evolving needs of businesses. He concludes by encouraging open communication and collaboration between legal advisors and businesses to ensure that contracts are tailored to meet the specific needs and risks of each party. The episode wraps up with Ken sharing his contact information and resources for listeners seeking further guidance on these critical issues. Key Points Fragmented Data Protection Regulations: Ken explains the current state of data protection laws in the U.S., highlighting the lack of comprehensive federal regulations outside of healthcare and children's information. He notes that most regulations exist at the state level, leading to a complex and inconsistent legal landscape. Importance of Detailed Cybersecurity Provisions in Contracts: The conversation emphasizes that simply stating compliance with applicable laws in contracts is insufficient. Ken advocates for including specific cybersecurity requirements to provide clarity and certainty for all parties involved, especially given the evolving nature of cybersecurity regulations. Challenges for Midsize Businesses: Ken discusses the difficulties that small and midsize businesses face when negotiating contracts with larger corporations. He suggests that these businesses assess their risks and consider mitigation strategies, such as implementing cybersecurity measures like multi-factor authentication. Implications of GDPR: The podcast addresses the relevance of the General Data...

Summary In this episode of Chattinn Cyber, Marc Schein is chattin' with Jeremy Shockett, a prominent figure in cybersecurity and former co-chair of the New York State Cyber Security Advisory Board. Mark introduces Jeremy, emphasizing his extensive background, including his previous role as a prosecutor. This introduction sets the stage for a discussion centered on cybersecurity practices, particularly the significance of tabletop and red team exercises in enhancing organizational preparedness against cyber threats. Jeremy shares his professional journey, detailing his transition from a 24-year career as a prosecutor to his appointment by the governor of New York as the deputy secretary for public safety, where he oversees cybersecurity initiatives. He elaborates on the role of the New York State Cyber Security Advisory Board, which comprises leaders from both public and private sectors. This board advises the governor on cybersecurity policies and plays a crucial role in responding to real-time threats, highlighting the collaborative effort required to address cybersecurity challenges effectively. The discussion then delves into the differences between tabletop exercises and red team exercises. Jeremy explains that tabletop exercises are hypothetical scenarios where participants discuss responses to simulated threats, helping organizations identify decision-making processes and vulnerabilities. In contrast, red team exercises involve actual simulated attacks conducted by hired experts to test an organization's defenses in real-time. This distinction underscores the unique purposes and methodologies of each exercise type, emphasizing their importance in a comprehensive cybersecurity strategy. Jeremy offers practical recommendations for conducting these exercises, advising organizations to start with tabletop exercises to establish decision-making frameworks and identify vulnerabilities before progressing to red team exercises. He outlines key takeaways from both types of exercises, such as understanding strategic decision-making, clarifying roles and responsibilities, and evaluating communication strategies. For red team exercises, he highlights the importance of identifying specific vulnerabilities and assessing the effectiveness of social engineering defenses, providing valuable insights for organizations looking to strengthen their cybersecurity posture. The conversation concludes with Jeremy sharing a memorable experience from a tabletop exercise where he played the role of the governor. He emphasizes the importance of asking critical questions that challenge the status quo and drive effective responses to threats. Reflecting on his career transition from Miami to New York, Jeremy expresses gratitude for the opportunities he has encountered, reinforcing the value of preparedness and collaboration in the ever-evolving field of cybersecurity. Key Points Importance of Preparedness: The discussion emphasizes the necessity of conducting both tabletop and red team exercises to prepare organizations for potential cyber threats. These exercises help identify vulnerabilities and establish effective response strategies. Differences Between Exercise Types: Jeremy clearly distinguishes between tabletop exercises, which are discussion-based and focus on hypothetical scenarios, and red team exercises, which involve real-time simulated attacks. Understanding these differences is crucial for organizations to implement effective cybersecurity training. Sequential Approach to Exercises: Jeremy recommends that organizations conduct tabletop exercises first to develop decision-making processes and identify weaknesses before moving on to red team exercises. This sequential approach enhances the effectiveness of the overall cybersecurity strategy. Key Takeaways from Exercises: The conversation highlights critical insights gained from both types of exercises, such as understanding roles and responsibilities,

Summary In this episode of Chattinn Cyber, Marc Schein is chattin' with Gideon Hazam, a renowned expert in spoofing. The discussion revolves around the challenges faced by organizations in detecting and protecting against phishing attacks on their brands. Gideon explains that his company spent six months meeting with Chief Information Security Officers (CISOs) from various industries to understand their main challenges related to phishing attacks. They identified three major challenges: detecting phishing attacks quickly, identifying the users exposed to these attacks, and finding ways to protect them. To address these challenges, Gideon's company developed a platform that has gained popularity and is now being implemented across sectors and organizations worldwide. The platform helps organizations detect phishing attacks on their customers quickly, identify the users at risk, and implement measures to protect them. He then goes on to explain the connection between spoofing and phishing. Phishing is the platform used to conduct a cyber takeover, where attackers create fake websites to harvest credentials or steal money. Spoofing, on the other hand, is the technique used to generate these phishing attacks. It involves using spoofing tools to create fake websites or clone existing ones. The conversation then delves into the susceptibility of different industries to spoofing attacks. Gideon explains that any organization with an online presence and customer interaction is a potential target for hackers. However, industries related to finance and money are particularly vulnerable due to the potential for financial manipulation and theft. The discussion also touches upon the lifecycle of a phishing attack. It starts with building the phishing site, which is then detected and ideally taken down. However, the exposure window remains until the site is successfully removed. Even after takedown, the harvested credentials can still be exploited, posing a continued threat to organizations. Gideon predicts that spoofing attacks will become more prevalent in the corporate world due to the increasing reliance on online activities and the availability of numerous spoofing tools in the market. He emphasizes the need for authentication solutions to ensure users are visiting legitimate websites and not falling victim to imposter sites. The conversation provides valuable insights into the challenges posed by spoofing and phishing attacks, the connection between the two, and the need for robust authentication measures to protect against these threats. The discussion highlights the importance of detecting attacks quickly, identifying at-risk users, and implementing effective protection measures to safeguard organizations and their customers. Key Points Organizations face three major challenges when it comes to phishing attacks on their brands: detecting attacks quickly, identifying exposed users, and protecting them. Spoofing is the technique used to generate phishing attacks, where attackers create fake websites or clone existing ones. Any organization with an online presence and customer interaction is a potential target for spoofing attacks, with industries related to finance being particularly vulnerable. The lifecycle of a phishing attack involves building the phishing site, detecting it, and ideally taking it down. However, even after takedown, the harvested credentials can still be exploited. The prevalence of spoofing attacks is expected to increase due to the growing reliance on online activities and the availability of easy-to-use spoofing tools in the market. Key Quotes "Phishing is basically the platform to conduct a counter takeover in one hand. I will build a phishing site in order to harvest as many credentials as possible of any anyone. And secondly, I can use phishing to steal money. Simple as that." "The interesting part is that any firm, any organization that has online presence,

Summary In this episode of Chattinn Cyber, Marc Schein is chattin' with Marshall Gilinsky, a partner at Anderson Kill, PC, focusing on the impact of artificial intelligence across various industries, particularly in insurance. Marshall shares his background and explains how his interest in AI developed over time. He expresses his fascination with the technology, emphasizing its potential benefits and risks. Marshall believes that AI has the capacity to revolutionize numerous tasks and industries, but he also stresses the importance of understanding and regulating AI to ensure its safe and productive use. The discussion then shifts to instances of AI misuse, where Marshall recounts a case involving a lawyer who relied solely on AI to draft legal briefs. This reliance led to significant failures and embarrassment for the lawyer, highlighting the need for caution and responsible use of AI to prevent similar mishaps in the future. Mark inquires about the implications of AI for the insurance industry and seeks advice for policyholders. Marshall explains that while AI is a powerful new tool, it can both enhance and harm insurance operations. He notes that current insurance policies lack specific provisions for AI-related claims, advising policyholders to remain vigilant about potential risks associated with AI technologies. The conversation progresses to the topic of AI regulations and future predictions. Marshall discusses the ongoing efforts by regulators to understand and ensure the safe development of AI. He emphasizes the necessity of balancing business interests with the protection of policyholders and investors. Although he acknowledges the challenges in making accurate predictions about AI's future, he remains hopeful for conscientious engineering practices that prioritize safety and responsibility. In closing, Mark thanks Marshall for his valuable insights and expresses interest in continuing the dialogue. Marshall appreciates the opportunity to discuss AI and mentions his ongoing learning and exploration in this rapidly evolving field. Overall, the episode underscores the importance of understanding and managing the risks and benefits associated with AI, particularly within the insurance sector. Key Points Fascination with AI: Marshall expresses a deep interest in AI, highlighting its transformative potential across various industries. He emphasizes the need to understand both the benefits and risks associated with AI technologies. Cases of Misuse: The discussion includes real-world examples of AI misuse, such as a lawyer who relied solely on AI for drafting legal briefs, which resulted in failure. This underscores the importance of caution and responsible use of AI. Impact on Insurance: AI is described as a double-edged sword in the insurance industry. While it can enhance operations, it also poses risks. Marshall notes that current insurance policies often lack specific provisions for AI-related claims, urging policyholders to be aware of these potential risks. Need for Regulation: The conversation highlights the ongoing efforts by regulators to understand AI and ensure its safe development. Marshall stresses the importance of balancing business interests with the protection of policyholders and investors. Challenges in Prediction: Marshall acknowledges the difficulty in making accurate predictions about the future of AI. However, he expresses hope for responsible engineering practices that prioritize safety and ethical considerations. Continuous Learning: Ongoing education and exploration in the field of AI is important and reflects the rapidly evolving nature of the technology and its implications. Responsible Use: The conversation reinforces the need for a cautious approach to AI, advocating for responsible use to mitigate risks and maximize benefits in various applications, particularly in sensitive areas like insurance. Key Quotes On Fascination with AI: "The potential for benefits to society from...

Summary In this episode, Marc Schein is chattin' with Christiaan Durdaller, a cyber expert and founder of an innovative wholesale brokerage in the cyber market. Christiaan chats about his journey into the cyber industry, highlighting the rise of cyber awareness in recent years due to high-profile data breaches. Christiaan explains the difference between retail brokers and wholesale brokers. Retail brokers work directly with clients, while wholesale brokers partner with retail brokers to provide market access and expertise. Christiaan emphasizes the importance of collaboration and problem-solving in the wholesale brokerage industry. The conversation then shifts to the success of Christiaan's brokerage, which has consistently won awards in the cyber community. Christiaan attributes this success to the firm's dedication to product development, innovation, and expertise in cyber insurance claims. The chat also touches on a major merger that Christiaan's brokerage is undergoing. Christiaan explains that the merger aims to combine the best aspects of both companies and create a unified team with a focus on collaboration and providing the best resources and services to clients. Christiaan discusses some unique products offered by his brokerage, including a cyber access facility and a crime 360 facility. These products address specific risks in the marketplace and provide clients with broader coverage and higher limits. The chat concludes with a discussion on the current state of the cyber insurance market. Christiaan notes that the market is currently in a softening phase, with renewal rates decreasing and coverage broadening. However, he also highlights the rising attritional losses, non-breach privacy litigation, and the impact of systemic risks on the market. Overall, this episode provides insights into Christiaan Durdaller's journey in the cyber industry, the success of his brokerage, and the current trends and challenges in the cyber insurance market. Key Quotes “I was working at a law firm at the time, personal lines, insurance, defense, and looked at Cyber and said, this is interesting. This is something worth investing in. Not a lot of people are investing in it today. It's a Fortune 50, Fortune 100 product, generally speaking. Let's figure out a way to create change. It was really exciting for me and it's been exciting since.” “There are a lot of folks out there with claims experts and talent, but very few that have the expertise of a cyber dedicated wholesale broken claims unit. It's something we're super proud of.” “We want to make larger limits available to them and make it available to them quick. We've got a lot of clients out there, as an example, who are in a class of business who can only procure 2 million or 3 million on a primary basis in limits. And you know, we've got to get support for them to build what their contracts require, to build what the risk models are saying that they should carry.” “Change is coming … It's only a matter of time.” Key Takeaways Importance of Collaboration in Wholesale Brokerage. Christiaan emphasizes the importance of collaboration between wholesale brokers and retail brokers to provide market access, expertise, and solutions to clients. This collaborative approach helps address the specific needs of clients in the cyber insurance market. Merger and Unified Team. The merger discussed in the conversation aims to combine the strengths of two companies and create a unified team. This unified team will focus on collaboration, providing the best resources, and delivering consistent services to clients. Market Trends and Challenges. The conversation touches upon the current state of the cyber insurance market, including the softening market conditions, broadening coverage, rising attritional losses, and the impact of systemic risks. These trends pose challenges and opportunities for insurers and require adaptation and innovation in product offerings and risk manageme...

Summary In this episode of Chattinn Cyber, Marc Schein is chattin' with Ben Goodman, the founder and CEO of CyRisk, about the evolution of cybersecurity and the growing concern of privacy in the industry. Ben shares his background in technology and his experience working with companies to improve their security and compliance. They discuss the increasing importance of privacy in the cyber risk landscape, with privacy settlements surpassing security settlements in recent years. Ben emphasizes the need for organizations to focus on pre-incident planning, training, and preparation to mitigate privacy risks effectively. When discussing how carriers are handling privacy risks, he notes that carriers are still figuring out how to underwrite the risk in a soft market. He highlights the challenge of carriers not having access to comprehensive data and organizations themselves often being unaware of their own exposures. He suggests that carriers should focus on differentiating themselves and finding ways to underwrite privacy risks effectively. They also touch on the different industries and technologies that are more susceptible to privacy exposures. Regulated industries, such as healthcare, are under scrutiny and face regulatory actions and fines. Advertising and marketing technologies also pose significant risks, and organizations should take steps to mitigate these risks. Ben explains how CyRisk helps policyholders with privacy issues through their platform. They offer real-time detection of exposures, analysis of policyholders' active policies for compliance, and provide detailed reports with recommendations. CyRisk's privacy attorneys contribute to building out the platform and offering solid advice to policyholders. Looking ahead, Ben predicts that privacy risks will continue to be a significant issue. He mentions the increasing use of micro-targeting AI and the potential challenges it poses in terms of privacy and bias. Governments and regulators will need to keep up with these developments to protect individuals' privacy. Overall, the interview covers various aspects of privacy risks in the cyber risk landscape and provides insights into how organizations and carriers can address these challenges. Key Takeaways Privacy is becoming a major concern in the cyber risk landscape, with privacy settlements surpassing security settlements. Organizations need to prioritize pre-incident planning, training, and preparation to effectively mitigate privacy risks. Carriers are still grappling with how to underwrite privacy risks in a soft market. Differentiation is challenging, and the lack of comprehensive data and organizations' limited awareness of their own exposures pose difficulties. Certain industries, such as healthcare, are under scrutiny and face regulatory actions and fines due to privacy breaches. Advertising and marketing technologies also present significant risks that organizations should address. CyRisk offers a platform that helps policyholders with privacy issues. It provides real-time detection of exposures, compliance analysis of active policies, and detailed reports with recommendations. Privacy attorneys contribute to the platform, offering solid advice to policyholders. The use of micro-targeting AI poses challenges in terms of privacy and bias. Governments and regulators will need to keep up with these developments to protect individuals' privacy. Privacy risks are expected to remain a significant issue in the future. Key Quotes "The confluence of privacy risk in cyber insurance and the associated cyber risk... there's the data leakage part of it, there's real data breach exposure with this privacy risk." "Last year, 2022 privacy settlements actually exceeded security settlements by about 180 million." "The more that organizations could do from a pre-incident perspective, from a planning and training and preparation, I think the better off they are."

Summary In this episode of Chattinn Cyber, Mark Schein chats with John Morrissey, Cryptocurrency Operating Compliance Director for Arete, focusing on various aspects of the cryptocurrency industry and the challenges associated with ransomware attacks. John explains how he ended up in his current role, combining his cybersecurity background with his passion for trading and investing. He discusses the volatility of the cryptocurrency market and the impact it has on ransom demands. He also highlights the increasing scrutiny and compliance requirements imposed by organizations like OFAC when it comes to making ransom payments. John emphasizes the importance of taking cybersecurity seriously and investing in the right tools and processes to protect organizations from cyber threats. John shares his journey of how he becomes the Cryptocurrency Operating Compliance Director for Arete. He mentions that he met Joe Mann, the founder of Arete, while working in the Virginia DC area. John became Arete's first client when he ran a DFIR (Digital Forensics and Incident Response) services organization. With his background in cybersecurity and his passion for trading and investing, John found a perfect fit in his current role, where he manages crypto relationships and helps clients navigate the complexities of the market. The conversation then shifts to the concept of crypto puzzles and the volatility of the cryptocurrency market. John explains that crypto is the most volatile asset in the world, and its value can fluctuate significantly in response to market conditions. He gives an example of how Bitcoin's value dropped from $69,000 to $16,000 during a market crash. John highlights the challenges of working with a new industry that lacks regulation and dealing with assets that are highly volatile. He emphasizes the need to understand how all these factors fit together. The discussion then turns to ransomware attacks and the changing demands of adversaries. John mentions that during previous market crashes, ransom demands were often made in Bitcoin. However, after the crash, there has been a shift towards demanding cash instead of Bitcoin. He notes that the ransoms are increasing year over year, with some groups demanding even higher amounts. John also mentions the increasing scrutiny and compliance requirements imposed by organizations like OFAC (Office of Foreign Assets Control) when it comes to making ransom payments. He explains the steps Arete takes to ensure compliance, including analyzing threat actor wallets, conducting blockchain analysis, and verifying the absence of sanctions. Mark asks John how Arete can help in situations involving ransomware attacks. John explains that Arete is a full-service organization specializing in digital forensics and incident response (DFIR). They offer assistance from the moment a hack is discovered, providing a 24/7 phone number and email for immediate response. Arete's team helps clients through the entire process, from triage to recovery, and even offers guidance on planning and prevention. If necessary, Arete can also assist with the process of making ransom payments. In conclusion, the conversation between Mark Schein and John covers various aspects of the cryptocurrency industry and the challenges associated with ransomware attacks. John shares his background and how he ended up in his current role. He discusses the volatility of the cryptocurrency market and the impact it has on ransom demands. He also highlights the increasing scrutiny and compliance requirements imposed by organizations like OFAC. John emphasizes the importance of taking cybersecurity seriously and investing in the right tools and processes to protect organizations from cyber threats. Arete's role in assisting clients with ransomware attacks is also discussed, highlighting their full-service approach and expertise in digital forensics and incident response. Key Takeaways

Summary In this episode Marc Schein is chattin' with Jeremy Boerger, an IT Asset Management (ITAM) expert. Jeremy recounts his entry into ITAM during the Y2K era, where he was tasked with managing compliance systems for a manufacturing firm. This experience sparked his interest in ITAM, which revolves around optimizing an organization's hardware and software investments for maximum value. He emphasizes ITAM's focus on cost-consciousness and usability, highlighting its role in efficient product and service utilization. The discussion dives deeper into the essence of ITAM, explaining its significance in the cybersecurity realm. Jeremy stresses the importance of collaboration between ITAM and cybersecurity teams, citing industry standards like those recommended by NIST and the Department of Defense. He suggests that ITAM's asset management functions, such as inventory tracking and usage monitoring, are integral to bolstering organizational security measures. Jeremy acknowledges the historical challenges in establishing ITAM best practices but mentions ISO/IEC 19770 as a leading framework. He also links ITAM's principles to new cybersecurity regulations, particularly those proposed by the SEC. These regulations emphasize managing end-of-life assets, data disposal, and leveraging returns from decommissioned hardware and software, areas where ITAM plays a crucial role. As the conversation wraps up, Marc and Jeremy discuss avenues for further engagement and collaboration. Jeremy directs interested parties to his website and LinkedIn profile, where he shares insights on ITAM and cybersecurity integration. The dialogue underscores the evolving landscape of ITAM, its symbiotic relationship with cybersecurity practices, and the potential for synergistic collaboration to enhance organizational resilience and security posture. Key Takeaways IT Asset Management (ITAM) helps organizations manage their hardware and software assets to get the most value and utility out of them. It helps control costs and track assets. ITAM and cybersecurity should work together. Knowing what devices and software are in the environment helps cybersecurity track potential threats. Best practices for ITAM can be found in ISO standards, ITIL, and NIST frameworks. Organizations like the ISO are bringing ITAM and cybersecurity together. The SEC is encouraging more asset management to track hardware, software, and data, especially at end of life. This helps control cyber risks. ITAM can notify cybersecurity when hardware and software changes, so they can update their threat models. Collaboration between the teams is important. Key Quotes 00:51 - "If you remember back in Y2K, back at the turn of the century […] I had been brought into a small manufacturing firm to help with their Y2K results, a lot of it being swapping out old systems for compliance systems and the like." 03:35 - "What I have seen from the other side of the fence is that cybersecurity professionals tend to look at their work in […] silo [as a] very separate activity when there's all of this wonderful data and technique and knowledge that probably doesn't get tapped into as well as it should have." 06:09 - "Where is the hardware and software and most importantly, the data that is sitting inside that hardware and software? What do you do with it at the end of its lifecycle? And that's been typically something that cybersecurity folks don't really pay much attention to." 06:37 - "Well, asset management is very concerned about that endgame because there's money to be had. There are services to be had. If you're not going to reuse that device or reissue those licenses, then what kind of return cash can you bring into the organization to then fund another investiture?" "But I also encourage folks to reach out on LinkedIn as well. We've got a very active newsletter community speak on a great length about some of the new initiatives, licensing schemes,

Summary In this episode of #ChattinnCyber, Billy Gouveia, the CEO of Surefire, a prominent cybersecurity firm stops by to chat. Billy chats about quantifying the costs associated with data breaches. He shares what it was like growing up in Boston and becoming the CEO of a renowned cybersecurity company. Billy acknowledges the significance of #cybersecurity in today's world, stating that the work being done in the field will have a lasting impact on future generations. He highlights the exponential growth of the tech industry, which is enabled by cybersecurity, and emphasizes the importance of addressing issues such as IP theft and the normalization of cybercrime. Billy explains that he recognized structural disincentives for current market participants to embrace technology in a different way. He wanted to reframe the role of incident response experts and leverage technology to provide better outcomes for clients. By automating workflows and utilizing technology effectively, Surefire aims to provide faster outcomes, reduce costs, and make clients' lives better during cyber events. The conversation then delves into the role of automation and #artificialintelligence (AI) in incident response. Billy clarifies that while AI has a role to play in automation, the current focus is more on automation itself. He discusses the advancements in technology and tools for detection, containment, forensic investigations, and restoration. Billy emphasizes the importance of talent in the field and how automation can streamline processes, allowing experts to focus on guiding clients through business decisions. Billy tells our listeners about cybersecurity controls that provide the best return on investment (ROI). He suggests starting with endpoint detection and response capability, along with multi-factor authentication (MFA) and backups. He explains that the prioritization of controls may vary depending on the nature of the business, such as protecting intellectual property or ensuring uptime. The discussion then shifts to the challenges of MFA bypass techniques, where threat actors find ways to bypass or degrade MFA controls. Billy explains examples such as MFA fatigue and token theft, highlighting the need for multiple controls and a thoughtful approach to cybersecurity. In conclusion, Billy reflects on the dynamic and challenging nature of the cybersecurity domain. He emphasizes the importance of seeking guidance from experts like Marsh McLennan Agency #MMA to navigate the complexities of cybersecurity. Key Takeaways The Significance of Cybersecurity: Billy Gouveia emphasizes that cybersecurity is among the defining issues of our time, with the work being done in the field expected to impact future generations. The tech industry, enabled by cybersecurity, is a trillion-dollar industry, but it also faces challenges such as IP theft and the normalization of cybercrime. Reframing the Role of Incident Response: Surefire aims to reframe the role of incident response experts by leveraging technology and automation to provide better outcomes for clients. By automating workflows and utilizing tools effectively, they can provide faster responses, reduce costs, and improve clients' experiences during cyber events. Automation vs. Artificial Intelligence: While artificial intelligence (AI) has a role to play in automation, the current focus in incident response is more on automation itself. Automation can streamline processes and allow experts to focus on guiding clients through business decisions. AI's role in incident response is expected to grow over time. Prioritizing Cybersecurity Controls: When it comes to cybersecurity controls, Billy suggests starting with endpoint detection and response capability, multi-factor authentication (MFA), and backups. The prioritization of controls may vary depending on the nature of the business, such as protecting intellectual property or ensuring uptime.

Summary In this episode Marc Schein is chattin' with Kevin Sherry, the founder of DarkWeb IQ, a pioneering offensive cybercrime prevention firm. Kevin shares his unconventional journey from a hedge fund trader and entrepreneur to a leader in the cyber insurance industry, eventually leading to the inception of DarkWeb IQ. Kevin's entrepreneurial spirit and proactive approach to spotting opportunities in the evolving insurance landscape laid the foundation for his innovative venture. Kevin details the origins of DarkWeb IQ, emphasizing his belief in the necessity for a new approach to cybersecurity. In 2020, amid the chaos of the pandemic, the cyber insurance market faced unprecedented challenges due to a surge in ransomware attacks. As market panic ensued, Kevin, leading a team at Everest, realized the need for a radical solution to protect against mounting losses. His sleepless nights and relentless pursuit of answers culminated in the idea of infiltrating and disrupting the cybercriminal supply chain, a concept that formed the core of DarkWeb IQ's mission. DarkWeb IQ's approach diverges from traditional defensive security measures. Instead of merely implementing preventive controls, the firm actively engages with the criminal underground to disrupt cybercrime operations. Kevin recounts how the cybercriminal ecosystem, similar to a supply chain, can be infiltrated and dismantled by targeting its vulnerable links. Despite initial assumptions that such methods were already in use, Kevin was surprised to find significant gaps in the existing threat intelligence efforts, paving the way for DarkWeb IQ's unique offensive strategy. Kevin's firm has intercepted over 800 attacks in two years, employing various methods from direct interventions to collaborations with vendors and government agencies. These interventions range from alerting companies about immediate threats to helping software vendors secure their tools against misuse. Kevin explains how his team's efforts not only protect individual clients but also contribute to broader societal benefits, such as safeguarding critical infrastructure like hospitals and water treatment facilities. Reflecting on lessons learned, Kevin highlights the importance of focusing on the basics of cybersecurity. Many attacks exploit simple vulnerabilities, often overlooked despite significant investments in security tools. He advocates for a pragmatic approach where companies prioritize understanding and addressing the most common attack vectors rather than being overwhelmed by compliance checklists. Kevin also stresses the value of proactive vulnerability scanning for insurers, while cautioning against the pitfalls of alert fatigue caused by overemphasis on less critical vulnerabilities. As the conversation concludes, Kevin expresses his pride in the public-private partnership model that DarkWeb IQ embodies, working closely with law enforcement and the insurance industry to create impactful solutions. He reflects on his journey and the collaborative spirit of their mission, looking forward to continued innovation and progress in the fight against cybercrime. Key Takeaways Kevin Sherry started DarkWeb IQ due to his frustration with the rise in ransomware attacks and wanted to find an innovative way to combat cybercrime. DarkWeb IQ works to infiltrate the cybercriminal ecosystem and supply chain to gain visibility into potential attacks. They intercept attacks and work with law enforcement to build cases against criminals. DarkWeb IQ has directly intercepted over 800 attacks in their 2 years of existence by infiltrating criminal operations. Most cyber attacks utilize basic methods, even though security has become very complicated. Focusing on how real-world attacks occur can improve security programs. Proactive vulnerability scanning by insurers provides value, but alert fatigue is a problem. Focusing alerts on key vulnerabilities that are likely to be exploited is important.

Summary In this episode of Chattinn Cyber, Marc Schein sits down to chat with Paul Dowding, co-founder and head of design at L4S Corporation, focusing on blockchain technology and its real-world applications. Paul, an authority on digital assets, begins by demystifying blockchain for novices, describing it as a distributed ledger system that eliminates reliance on central authorities for transaction validation. He explains the intricate process of trust-building within blockchain through mathematical hashing, emphasizing its potential to revolutionize peer-to-peer transactions and reduce errors. The dialogue delves into Paul's journey into blockchain, revealing his unique background in operational infrastructure and encryption. He recounts how his expertise in engineering and global banking operations converged, leading him to explore blockchain's capabilities and limitations. Paul's insights shed light on the challenges faced by early blockchain solutions and the development of Tapestry X, a distributed ledger designed to meet scalability, interoperability, and real-time processing needs. Marc and Paul explore the intersection of blockchain with AI, highlighting opportunities for algorithmic inference and auditable record-keeping within blockchain networks. They envision a future where blockchain simplifies transactions to the extent of communication protocols, ushering in an era of seamless peer-to-peer interactions. Paul underscores the potential of blockchain in diverse sectors like capital markets, supply chain management, healthcare, and identity verification, showcasing the versatility and adaptability of L4S Corporation's offerings. The conversation concludes with Paul extending an invitation for further engagement through LinkedIn and TapestryX.com, emphasizing the accessibility of blockchain technology for businesses and individuals alike. His closing remarks underscore the transformative nature of blockchain as a process engineering and operational control innovation, urging listeners to perceive it beyond mere technological novelty. The dialogue encapsulates the profound impact of blockchain on transactional efficiency, trust-building, and future digital economies, setting the stage for continued exploration and innovation in this dynamic field. Key Takeaways Blockchain is a distributed ledger technology that allows peer-to-peer transactions without a central authority. It uses cryptographic hashing to ensure data integrity. Blockchain has the potential to simplify transactions, reduce errors, and enable near real-time settlement. It could be as transformative as the internet protocol. Paul got involved with blockchain in 2014-2015 when enterprises were starting to explore it. He saw limitations in early solutions which led to developing Tapestry. There are opportunities to use blockchain to track what data AI bots have absorbed, creating an auditable record. AI could also potentially help drive what gets recorded on a blockchain. Tapestry is a configurable, scalable blockchain solution focused on accounting to enable real-time transactions. It is industry-agnostic and can be used for supply chain, healthcare, voting, and more. Key Quotes [00:03:10] "So there's a mathematical way to give your own ledger so that you can trust other people based on what you see, not what they present to you. And then there's a method of agreeing it across the ledger. And so this allows, rather than you transacting through central authorities, what bitcoin really showed the world was you could transact peer-to-peer, or b-to-b, without that central authority, which then means you can settle in hours, minutes, or not seconds." [00:06:15] "The […] origination of what became Tapestry X was going back to the basics and saying, okay, let's take the blockchain concepts, but design a distributed ledger that meets the requirements, configurability, scalability, high capacity,

Tech-related business insurance is evolving fast and Anthony Dolce, our guest on this episode of Chattinn Cyber, is a thought leader at the forefront. As head of Professional Liability & Cyber Underwriting at The Hartford, he brings 25 years of industry expertise to the myriad issues shaping policy development and recommended coverages for businesses – whether tech giants or third-party users of technology. Anthony explains the differences between Cyber and Tech Errors & Omissions (E&O) policies – as well as who needs which and in what combination. He also highlights for Host March Schein, National Co-Chair of the Cyber Center for Excellence, the confluence of factors that make tech companies such attractive targets for threat actors. You'll learn about the most common – and damaging – cyber liabilities out there; things like network attacks, ransom ware assaults, data breaches, business interruption, data restoration costs and third-party vulnerabilities. And don't miss our guest's comprehensive list of best practices to control risk for companies of all kinds, whatever their core business. “Nothing's a silver bullet, but you can help mitigate potential exposure,” says Anthony, whose Connecticut-based career began in claims before migrating to underwriting. Find out what differentiates The Hartford's Tech E&O and Cyber insurance solutions and how their team of experts guarantee insureds the best possible outcomes when privacy breaches, data hacks or other negative events occur. (Hint: specialized expertise and preparedness are key!) Key Takeaways: Why taking a leap and moving to the business side at The Hartford was one of those pivotal choices that changed the course of Anthony's career – and all too the good! From claims to underwriting: How Anthony made the jump and why it has shifted his focus. About the collaborative, social elements that define much of the underwriter's process and goals. What's a Cyber Policy? If you're doing business of any kind on the internet, then you probably need some form of coverage. What's a Tech E&O Policy? If you providing a tech service of some kind, then you probably need some form of coverage. At the intersection: A look at insurance policies that simultaneously cover exposures in the realms of both Cyber and Tech C&E exposure. About the evolution of Tech E&O + Cyber and coverages required in an internet economy full of data transmittal, management and risk exposures. Why large technology companies are such high-value targets for threat actors eager to double-dip by accessing downstream secondary client information. How The Hartford differentiates itself as an established carrier with a wide array of solutions for any business eventuality: Stand-alone Tech E&O coverage. Tech E&O coverage + cyber coverage. A wide variety of mix-and-match options. Specialized tech expertise to ensure optimal insurance outcomes. About potential cyber liabilities unique to technology firms: Network cyber-attacks. Ransom ware attacks. Data breaches (and related extortion). Business interruption. Data restoration costs. Professional/product exposure due to third-party contractual, regulatory or subrogation issues. Supply chain and systemic risk: A closer look at the variety of vulnerabilities passed down to companies impacted by global industry events. Recommended best practices to note: Perform regular software composition analyses. Deploy tools to track vulnerabilities. Undertake regular code reviews, including both static and dynamic scans. Implement regular in-house or third-party security and resiliency testing. Develop a solid IRP (Incident Response Plan). Ensure that your cyber insurance carrier is an integral part of your IRP. Stage incident response table-top exercises to align all stakeholders. Establish a roll-back plan to close vulnerabilities and limit negative events.

Our guest on this episode of Chatting Cyber is at the forefront of Insurtech innovation, deploying new approaches to cyber underwriting (with a ripple effect on traditional insurance). Peter Hedberg, VP for Cyber Underwriting at Corvus Insurance, shares with Host Marc Schein the many ways tech-enabled strategies are transforming the landscape. Says our guest: Heightened engagement among both cyber insurance brokers and policy-holders is yielding a “virtuous cycle” of better bottom-line results! Find out how brokers can help foster alignment and build trust between insurance policy purchasers (often CFOs) and their IT executives (often CIOs, CTOs). You'll also learn how Corvus offers financial incentives to those who proactively undertake risk self-assessments to reduce liability – a major plus for all concerned. Peter also underscores why it's so important to put in place a solid three-legged stool: Application, Exposure, Technology. When these elements are in sync, he explains, vulnerability is minimized to everyone's benefit. Find out where cyber insurers are with developments related to third-party and systemic risk (works in progress!) and how a Minneapolis-born guy who originally got licensed as a traditional insurance broker became one of the most well-respected cyber specialists out there. “The feedback we're getting from policy-holders is that we are creating an eco-system and environment that is improving their stance,” says Peter. “And I'm just really happy that as an Insurtech I can point to those numbers and that value.” Key Takeaways:   Check your complementary skill sets. You may be positioned for a niche specialty! How does Insurtech differ from traditional insurance? The focus is on driving down losses through technology-enabled underwriting. The Three-Legged Stool of Underwriting: Application, Exposure and Technology. Putting the right underwriting elements together creates a profitable “virtuous cycle.” Insurtech adds value by generating tech-enabled approaches that drive down losses. Corvus Differentiator: It incents policy-holders to engage with proactive risk assessment. How can brokers help? By proselytizing the idea of cyber policy-holder engagement. By fostering alignment between the insured's buyer (typically a CFO) and their IT leadership (typically a CIO or CTO). Third-party wrongful collection of information has surged but ramifications are still actuarially unclear and still being litigated. Assessing systemic risk requires nuance and working through unknown liabilities. On the horizon for 2024? More frontlines information about how well policy-holder controls are working to control risk. Key Quotes: “When cyber (insurance) slowly became more of a mainstream product offering they just pointed to me and said: You're the cyber guy!” - Peter (02:10) “The value proposition with Insurtech is just so fundamentally different from insurance.” - Peter (04:20) “Insurtech is leveraging technology to create a better policy-holder experience, better value and more profit left over at the end of the year.” – Peter (05:24) “Insurtechs have proven that they can grow really fast, but that doesn't mean they can make money.” - Peter (05:49) “Engagement brings dividends to you as a policy-holder. It makes you a safer policy-holder.” – Peter (09:15) “We in the cyber market really demanded much better controls on our policy-holders over the last couple of years and a lot of that has been delivered to us.” - Peter (14:25) “The feedback we're getting from policy-holders is that we are creating an eco-system and environment that is improving their stance. And I'm just really happy that as an Insurtech I can point to those numbers and that value.” - Peter (15:58)   ABOUT OUR GUEST: With more than 15 years of insurance industry experience, Peter Hedberg is Vice President for Cyber Underwriting at Corvus Insurance.

In this episode of CHATTINN CYBER, Marc Schein interviews Justin Daniels, an equity partner at Baker Donelson, an AM law 60 firm. Justin worked as a corporate M&A attorney and started doing technology work, before eventually narrowing down to cybersecurity. In today's episode, he talks about cybersecurity in M&A transactions, explaining in depth his three-layer cake approach to cybersecurity in M&A and the importance of cybersecurity and privacy in all aspects of technology, from individual to business transactions. Justin begins by discussing the importance of cybersecurity and privacy for individuals and businesses, particularly in the context of smart contracts and digital wallets used in the crypto space. He emphasizes the need for individuals to shift their mindset and make intelligent choices about sharing their data. He also suggests that individuals take advantage of privacy and security settings on their phones and consider multi-factor authentication. He then shifts to cybersecurity in M&A transactions. Justin explains his "three-layer cake" approach to cybersecurity in M&A, which includes asking the right questions, having proper representations and warranties in the purchase agreement, and not integrating the target's network too quickly after the acquisition. He also discusses liability caps and super caps in technology contract negotiations. Overall, this conversation stresses the importance and relevance of cybersecurity in all technology business transactions today.   Highlights:   “You have to have a certain period where cybersecurity lasts after the closing. In fact, I make it a fundamental rep where it could last through the statute of limitations, it can get negotiated.”   “Once you own a network, you can send in your security people and try to find any intrusions. And if you can do that, while the network is isolated, that doesn't give the threat actor the opportunity to move laterally onto your network and probably cause a lot more damage.”   Time-Stamps:   [01:06] Justin's journey into cybersecurity [03:17] The importance of smart contracts and digital wallets. [05:12] How businesses and individuals can manage privacy and security concerns. [07:33] The pros and cons of using private browsers [09:35] How important is cybersecurity in M&A? [11:27] The three-step approach to cyber security. [13:43] Liability caps helpful in M&A negotiations [15:17] About Justin's book, Data Reimagined, and how to connect with him online   Connect with Justin:   LinkedIn: https://www.iansresearch.com/our-faculty/faculty/detail/justin-daniels          

In this episode of CHATTINN CYBER, Marc Schein interviews Trent Cooksley, the co-founder and CEO of Cowbell Cyber about his journey into cybersecurity and how he founded one of the most successful cyber insurance companies to date. Starting his career as a bond trader on the Chicago Board of Trade, Trent quickly realized that he wasn't cut out for that type of work and decided to learn the ropes of becoming an entrepreneur. After serving Markel Corporation in a variety of different roles for a decade and gaining experience in international insurance business, property lines, professional lines, and acquisitions, Trent decided to build his own company, something he had been putting off for some time. He watched what was happening in the insurtech space and found an opportunity in cyberspace, and ventured in. Trent developed proprietary technology that allowed his newly formed company to evaluate the cybersecurity health and hygiene of every business in the United States, which gave it an opportunity to really understand risks when they come in at a much more granular and better level. Aside from his journey, Trent also talks about the biggest challenge facing the cyber insurance industry: the rapid and continuous evolution of cyber risks, which requires companies to be proactive and reactive at a rapid pace. He shares that this uncertainty also presents opportunities for those who put themselves in a position to take advantage of them. Cowbell, his company, is working towards finding a long-term solution for their policyholders by continuing to be experts in the space and how they're modeling the risk and understanding the risk. Listen to this episode to learn more.   Highlights:   “One of the little things that we do that I think accentuates our culture, we have a really transparent organization. So we like to be transparent. We encourage resiliency, urgency and empowerment.”   “We're continually evaluating the cybersecurity health and hygiene of every business in the United States, the entire market. And that gives us an opportunity to really understand risks when they come in, at a much more granular and better level.”   Time-Stamps:   [01:43] Trent's business milestones [03:42] Challenges with the rapid growth of Trent's company. [06:25] Deep market penetration in the cyber insurance marketplace. [08:14] Taking a cross-disciplinary approach. [10:18] Understanding risks at a more granular and better level. [12:39] How it looks like being the CEO of Cowbell Cyber for a day and the process behind it.   Connect with Trent:   LinkedIn: https://cowbell.insure/team/    

2023 is a totally different year from 2022 when it comes to ransom attacks. Based on the activities on the dark web associated with ransom actors, the numbers are going up. Last year, Russia-Ukraine had the numbers go down, but this year, we have a 102 % increase. In this episode of the Chattinn Cyber podcast, we have the pleasure of hosting Jason Rebholiz. He is the chief information security officer at Convus Insurance and owns a YouTube Channel called Teach Me Cyber. Jason's passion for data security is peerless, and his knowledge of the industry is something we should all want to hear. His career started at Mandiant, where he tried different things and came to learn his passion was in data security. Jason and Marc Schein have an in-depth conversation on Ransomware and data security. Jason brings us up to speed with the current ransomware trends in 2023, the groups that are giving data security experts sleepless nights, the effects of AI on data security, and how organizations can keep their data safe. Would you like to learn more on how to prevent ransomware attacks? Listen to this episode. Key Talking Points of the Episode: [02:20] How Jason got into security [07:31] Jason's advice to people who want to join the cybersecurity industry [10:22] Ransomware trends in 2023? [13:34] Most common ransomware groups [16:48] How safe is MFA? [20:04] How can organizations beef up their data security? [22:01] How is AI impacting data security? Standout Quotes from the Episode: “Understanding the type of MFA is going to become critically important in the future.” “When companies can go in and create this baseline of the security controls, they are going to be more protected against ransomware and other attacks than somebody that does not have that.” Connect With Jason Rebholiz: LinkedIn: https://www.linkedin.com/in/jrebholz/ YouTube: https://www.youtube.com/@teachmecyber    

In this episode of CHATTINN CYBER, Marc Schein interviews James Kim, the Vice President and Director of Cybersecurity Strategies and Programs at City National Bank in Florida, about the roles and responsibilities of a cybersecurity professional, leveling up into a CISO (Chief Information Security Officer) role, and managing cybersecurity risks in an organization. James begins by discussing his path to his current position, attributing his success to luck, ambition, and grit. He started as a help desk technician at a bank and worked his way up over the years, focusing on risk management and developing business acumen. He realized that there was a gap between the technical aspects of cybersecurity and business, which led him to focus on improving the relationship between the two areas. He believes that this focus on developing relationships and maintaining partnerships is critical to his role and cybersecurity more broadly. James's day-to-day responsibilities involve incident reviews, working with governance, risk and compliance teams, reviewing policies and controls, managing projects, and tracking various initiatives. He enjoys the variety of tasks and the opportunity to work across the entire spectrum of cybersecurity, including governance, risk and compliance, security architecture, identity and access management, and business continuity and vendor risk management. James discusses the future of the CISO role and where he sees himself in five years. He believes that the CISO role will continue to expand in prominence, with more emphasis on managing cybersecurity risks for the organization. He concludes the conversation by advising young professionals interested in cybersecurity to know the many different aspects of the field, including governance, risk and compliance programs, cybersecurity auditing, and security engineering and analysis. He also stresses the importance of work-life balance, given the challenging and stressful nature of the work.   Highlights:   “We all have similar responsibilities around maintaining a robust information security or cybersecurity program, ensuring that we have proper processes, procedures in place to report incidents; and at the end of the day, having the appropriate safeguards in place to protect client information or patient information.”   “If you've been kind of following along with current events, I feel that within the next five years, the CISO role will continue to expand and gain more prevalence with management and the board.”   Time-Stamps:   [00:50] How did James get into cybersecurity? [02:38] James's day-to-day responsibilities as a security operations manager. [04:04] Working across the entire spectrum of cybersecurity. [06:06] Where do you see the Ceo role in five years? [08:07] How to promote awareness internally and externally within the organization. [10:13] Advice for young professionals trying to enter cybersecurity. [12:14] Challenges in the future of cybersecurity.   Connect with James:   LinkedIn: https://www.linkedin.com/in/james7kim/              

In this episode of CHATTINN CYBER, Marc Schein interviews Vickram Kooblall, CIO and CISO at Scahill Law Group. Vickram is in charge of managing the firm's operations and directing its technology infrastructure. He investigates and analyzes the firm's digital transformation and cybersecurity resilience initiatives. Vickram tells us about his upbringing and what led him to a career in cybersecurity. He reveals that the internet was never designed with security in mind, but as it grew, we realized how important it is to manage, secure, and protect data. Vickram also describes how artificial intelligence has become the digital transformation means of law firms and many other organizations. AI and ML have greatly aided attorneys in many areas, including contract management, document management, due diligence, legal research, behavioral prediction, and so on, allowing them to become better litigators. According to Vickram, law firms deal with sensitive data daily, so data security is critical. He also shared some basic hygiene tips, like, using a strong password and multi-factor authentication. Internal and external threats are treated equally by law firms. Internal threats are prevented/curbed with utmost employee care, especially during times like the great resignation or big quit, because data is the most important threat then. To ensure data security, many organizations today use zero trust. Encryption is also critical. Towards the close of the episode, Vikram emphasizes the importance of focusing on AI security because of the numerous native adversarial attacks specific to AI. So, it is important that organizations using data and developing an AI model must also ensure its security. Listen to the conversation for more details! Highlights: “Well, certainly in terms of zero trust is becoming, you know, one of those big, you know, big things that we're seeing organizations do more and more, we are certainly seeing user rights and access management, being something that is looked at very closely and monitored, you know, who should have access to what and when. Also, I think the timing is very important when you're working on a large case or a particular matter. Those individuals that don't need access should not have access to those specific cases. During that time. And, you know, it's going to come back to encryption.” “You know, in terms of some basic hygiene, one of the biggest things it comes back to is also employee training. That has been one of my focuses, you know, in the last two years ensuring that the employees themselves are very well versed and understand threats that come their way. You know, in terms of strong passwords, that's been some of the basic hygiene that every organization should implement, and more so many law firms. I have seen at least, maybe once or twice during a week of some law firm email being compromised due to exactly that not having a strong password, we have multi-factor authentication, which is certainly a must-have for any organization, especially, you know, law firms in this space..” “I think, AI has become the digital transformation that we've been looking for. Look, law firms are very slow in adopting new technology and trying to, you know, get a, you know, trying to, it's always been such a labor-intensive type of practice.” Time-Stamps:  [00:29] – How Vickram became executive director of the most prestigious law firm in the Northeast [03:38] – Why is Artificial Intelligence important for law firms? [05:38] – The best practices in law firms to secure data [07:12] – Is Vickram concerned more about internal threats or external threats? [08:49] – How to mitigate some of the internal threats inside an organization? [10:15] – How is AI security important? Connect with Vickram:   LinkedIn: https://www.linkedin.com/in/vickramk/        

In this episode of CHATTINN CYBER, Marc Schein interviews Nadav Aharon-Nov, VP of Cybersecurity at R-MOR, Israel. He is experienced in Organizational and Regulatory Compliance, Information Security Management, Auditing and Governance, among many other areas of cyber risk management. During the conversation, Nadav shares getting into cybersecurity, leading a cybersecurity firm in Israel, the differences and similarities of the threats observed in Israel and America, the importance of investing in internal systems for any company, and how to mitigate cyber risks by thinking from the point of view of the attacker. Nadav explains that due to the constant cyber-attacks faced by Israel, the country has learned to be creative on the cybersecurity front. They're always thinking outside the box to figure out ways to keep their civilian life safe. The majority of the threats faced by the companies in Israel is due to ransomware attacks. Cybersecurity firms like his' continually level up their attempts to study the attacking group's moves and intelligence and try to get them from the inside without them knowing. He also talks about the importance of assessing a business' infrastructure from the outside – from the viewpoint of the attackers or hackers. While internal assessments are fairly common, external assessments could give a firm a competitive edge. Another critical piece of information shared is about automation. Attacking groups tend to use more manpower and less automation to analyze issues and make decisions quickly. The present times have highlighted the importance of cybersecurity more than ever. Working from home, with not more than a VPN connection as security, the security offered by office spaces is quashed. Nadav explains that his company offers two unique departments – web analytics and cybersecurity to create a strategic platform that collects information from all three layers of the web to understand the hacker's perspective, security gaps in the existing technologies and products, and to assess a company's internal infrastructure thoroughly. A company must invest in their internal systems more than anything else, especially in today's times. Tune in to the episode now! Highlights: “There's a big blind spot when it comes to businesses, seeing their infrastructure from the outside in. So they're usually looking from the inside out, doing internal assessments,  (...) they're forgetting about the other point of view. And that is the external point of view – how a criminal or a hacker or someone with malicious intent looks from the outside-in.” “The problem is you have nothing to secure yourself at home other than a VPN connection. And most of the infrastructure at your house is either a simple modem, no firewalls, no true security on your endpoints, and everything is very exposed. So the comfort that you had in your infrastructure back at the office is literally smashed and you have nothing to get home.” “(Every company) needs to invest in internal systems, because the criminal could be either from the outside (or) from the inside. Everyone could have criminal intentions when it comes to manipulating data, stealing data.” Time-Stamps:   [02:19] - The threats faced by Israel vs. America in cybersecurity [03:23] - How Nadav got into cybersecurity [05:24] - How COVID has caused a rise in the need for cybersecurity [10:19] - Where should a company invest more to mitigate cyber risks (other than cybersecurity teams)?  Connect with Nadav Website: https://www.linkedin.com/in/nadav-aharon-nov-62a8b5a/?originalSubdomain=il              

In this episode of CHATTINN CYBER, Marc Schein interviews Greg Edwards, the Founder of Canauri, a well-known cybersecurity firm, to discuss the growing threat of ransomware attacks and how businesses can safeguard against them. Greg has been involved in the backup and disaster recovery industry since 2007. In 2012, as ransomware attacks rose, he observed that many of his off-site backup clients were affected and needed full recovery. Recognizing that this could escalate into a greater issue, he founded Canauri and decided to address this threat using deception technology. According to Greg, the rise of ransomware coincides with the increased use of cryptocurrency. He believes that cybercrime, in general, gained momentum in 2012 when Bitcoin became mainstream. He emphasizes the significance of layered security and recommends that businesses configure and manage all layers of defense effectively. During this discussion, Greg also talked about how MSPs (Managed Service Providers) can fall prey to ransomware, and the devastating impact it can have on their clients. Greg narrated an incident where an MSP's RMM (Remote Monitoring and Management) was hit by ransomware, causing 80 of their clients to be affected simultaneously. With the shift towards remote work, Greg suggests that businesses must secure all endpoints, including laptops, desktops, and mobile devices, and ensure that the networks they use are secure. He also stresses the importance of patching systems as the most crucial action people can take to defend themselves against ransomware. In conclusion, Greg shares valuable insights into the increasing prevalence of ransomware, the importance of layered security, and the measures businesses can take to protect themselves from ransomware attacks.   Highlights:   “If you look back again to 2012, the rise of ransomware coincides with the use of cryptocurrency. So not (that) I'm a fan of cryptocurrency, personally, but the rise of ransomware and cybercrime in general, all started to take off around that 2012 mark. And that's when that's when Bitcoin became really big and started to become mainstream.”   “In the pandemic, everyone said, go home, go work from home, here's your laptop, or even people were carrying desktops in their monitors out of the office to go work from home, and then connecting remotely in any fashion that they could. And so that inherently just opens up lots of additional vulnerabilities and attack surfaces for the attackers. So what has to be done is all of those endpoints, laptops, desktops, even mobile devices, need to be properly locked down, and then also need to make sure that the networks that they're on got to have the proper security now, across all of those remote workers, and manage them, just like you would if it were in an old corporate network environment.”   Time-Stamps:   [00:50] Greg's experience starting an off-site backup company in 2007. [02:37] The rise of ransomware coincided with the rise of cryptocurrency. [03:56] Layman's understanding of layered security. [06:01] Ransomware attack on remote monitoring and management. [07:16] Advice on how to better protect yourself. [08:41] What to do to protect yourself from ransomware?   Connect with Greg:   LinkedIn: https://www.linkedin.com/in/gedwardswpd/

In this episode of CHATTINN CYBER, Marc Schein interviews Joe Weiss, the Managing Partner at Applied Control Solutions LLC, Managing Director at ISA99 ICS Cyber Security Pioneer and keynote speaker. The discussion revolves around cybersecurity challenges in control systems, with a focus on those in critical infrastructure like nuclear plants. Joe was formerly a control system engineer who worked on instrumentation controls, primarily control and safety systems in nuclear plants. Joe notes the different challenges in implementing effective cybersecurity measures in control systems. The first, he shares, is the cultural gap between engineers and IT personnel. He explains that these two groups have different mindsets and concerns, which makes it challenging to work together. For example, IT personnel might need to upgrade a computer or perform maintenance, but engineers might resist because taking a workstation down could cause the entire plant to shut down. Joe suggests that doughnut diplomacy, which involves getting engineers and IT personnel together to work out their differences over doughnuts and coffee, has not worked in bridging this cultural gap. Another challenge is the technical gap in control systems. Joe explains that many control systems are older systems that have been upgraded from a very insecure base. Legacy devices lack basic security features like passwords, authentication, and encryption, which makes them highly vulnerable to cyberattacks. He provides an example of how some brand-new digital sensors installed at a petrochemical plant in Abu Dhabi did not have any passwords in their vendor spec sheets. Therefore, there was no way to send calibration data to the cloud securely. Joe adds that control systems are very different from traditional IT systems, and security measures that work in one domain might not work in the other. For example, while data is the main focus in traditional IT systems, physics is the primary concern in control systems. Control systems are designed to manipulate physical processes, and the closer they get to the edge, the more efficient the processes become. This makes it difficult to implement traditional security measures like zero trust, which assumes that nothing can be trusted until proven otherwise. Joe concludes the conversation by suggesting that insurance companies and credit rating agencies can play a significant role in driving improved cybersecurity in control systems. These organizations are highly risk-averse and can convince boards to take cybersecurity more seriously. He believes that control system cybersecurity is not going to be solved by the government and requires a concerted effort from all stakeholders involved. Highlights:   “The general rule is that these big control systems are 1980s, 1990s technology that have been in a funny sense upgraded. But they've been starting with a very, very insecure base.”   “To a sensor controller in real time, this thing is happening in milliseconds, it's 100% trust. What's worse, these devices are built in backdoors, directly to the internet. So everything you're trying to say not to do on the network side is exactly what's in this most critical of all of our critical devices.”   Time-Stamps:   [01:53] Joe's journey into cybersecurity [04:10] Everything is about data and data processing. [05:52] The engineers and the network people don't get along. [09:04] Calibrating the sensors [10:39] Zero trust is 100% trust   Connect with Joe:   LinkedIn: https://www.linkedin.com/in/joew1/  

In this episode of CHATTINN CYBER, Marc Schein interviews Paul Christopher, Senior Social Scientist at the RAND Corporation, where he serves as the principal investigator for various defense and security related research projects. In today's conversation, Paul talks mainly about AI and the need for introducing/enhancing AI cybersecurity and advancing information technology protection with time. Paul begins the conversation by discussing cognitive security, or the concept of protecting the safety of ideas and thought processes. From a national perspective, it is about protecting citizens from foreign interference in their right to think and participate in national politics. It is an old concept, rooted in the idea of war being a contest of wills and politics by other means. Further into the conversation, he discusses AI and how it is affecting propaganda by allowing for automated amplification through the use of bots. As AI becomes more sophisticated, there is a greater danger of it being used for propagandistic purposes. One example is using a Gann, a generative adversarial network, where one AI generates messages and the other detects and prevents them, but in an unethical manner, the second AI could be removed and the messages could be directed at real people. Countries are spending more money on propaganda, but it is still cheaper than traditional military capabilities. The effectiveness of propaganda is difficult to measure, but the power of an integrated physical and informational campaign, as seen in the 2014 Russian annexation of Crimea, is highly effective. Paul and Marc also discuss deep fakes and shallow fakes—methods of creating fake videos using AI technology and how both these types of fakes can be effective in deceiving people. They also discuss counter propaganda—a method of countering the effects of propaganda by providing counter messaging or a counter narrative to counteract it. Towards the close of the conversation, Paul highlights the human vulnerability to misinformation and disinformation and how it's important for everyone to remember that we are challenged cognitively. Humans often think fast and use heuristics, which make them more susceptible to being tricked, manipulated, or deceived. He also mentions the cognitive bias called Blind Spot bias, where people are willing to see vulnerabilities in others but not in themselves. He advises people to be aware of these vulnerabilities, not to believe everything they see and to find ways to improve their media literacy and to use tools to screen disinformation or at least pop up warnings when there's an uncredible source. Highlights: “If you're countering propaganda, either your counter messaging or doing a counter narrative, where you're trying to claim the opposite of whatever the propaganda is, or overwhelm it with the truth or counteract it. Which unfortunately, the research in social psychology suggests isn't very effective, because the first mover advantage is hugely important.” “There are things that the government can do to pass laws and regulations to make foreign propaganda, either require labels or to be illegal so that you can then indict foreign propagandists and affect them.” “There's this thing called Blind Spot bias, where we're willing to see these vulnerabilities in others but we imagine that we ourselves are special or magical or invulnerable.” Time-Stamps: [00:14] - How Paul ended up becoming a senior social scientist at the Rand Corporation [01:35] - What is cognitive security? [04:15] - Are countries spending money on propaganda campaigns? [06:26] - Distinguishing deep fakes and shallow fakes [12:21] - Understanding counter propaganda and the ways to curb it [17:24] - Final thoughts Connect with Paul: Website: https://www.rand.org/about/people/p/paul_christopher.html https://2018.cybersecforum.eu/en/speakers/christopher-paul/                    

In this episode of CHATTINN CYBER, Marc Schein interviews Marcin Weryk, Head of Business Development at Coalition Inc. The duo get into underwriting, cyber risks, and the future of cybersecurity, among other discussions on business and the changing world. Marcin began by providing background on his upbringing, sharing that he was born in Poland and raised in Brooklyn. He also mentioned his journey to becoming a renowned cyber underwriter after graduating from St. John's University with a major in finance and later participating in a training program at CNA to gain knowledge in the insurance industry. The training program ultimately led to his placement on CNA's cyber tech NPL team and his entry into the field of cyber insurance. Marcin stresses the importance of having a strong underwriter in the team who's knowledgeable in both analytics and marketing. The key for underwriters is to not only be creative and thorough but also reliable and trustworthy. It is also critical to learn to interpret and analyze data in cybersecurity. Further in the conversation, Marcin mentions Coalition and introduces it as the most innovative insurance company for reasons including its careful and correct analyses of data and the risk selection and prevention mindset of its employees. At its core, Coalition is a technology company that uses data more effectively than other insurance companies. Marcin also shares two concerns businesses will face in the coming years. One is the need to improve the quality of data collection and utilization to reduce cyber risks. The second was about the data currently being used to underwrite better from a loss perspective, which leads to many issues. Business controls are essential in underwriting and risk mitigation. He wraps up the conversation by highlighting the future of cyber issues, focusing on two of the most pressing issues: the exposure of systemic failure and privacy concerns. Listen to the conversation for more details! Highlights: “I think what's different about Coalition is the ability to understand that learning from data is important. And learning from data is even more important in the ever-changing space of cybersecurity. I think we at Coalition differentiate in that we are continuously making sure we look at risk selection and risk prevention. From a forward-looking perspective, not a backward-looking perspective.” “And I think that's the big differentiation is, most people are stuck looking backward, Coalition is good at looking forward. And I think that is what drives our value. The other part that's been imperative to the growth and success of Coalition and others in this space that is leaning on data better, is the concept of continuous monitoring.” “One is the systemic failure exposure that we're all dealing with. I personally think that the marketplace will evolve into a space where there will be standard coverage, and yet also separate catastrophe cyber coverage. I don't think that that's that far in the future. Just for clarity purposes, I think many people will be interested in that type of cover. The other one that some people have started to speak about, but I don't think it's getting as much attention as it should is privacy as a peril.” Time-Stamps: [01:08] – How did Marcin become a cyber underwriter and how did he get involved in cyber? [02:53] – Important roles of an underwriter [04:43] – What is so unique about Coalition and how they are the most creative insurance company? [07:42] – What made Marcin go to the technology from phenomenal insurance carriers? [10:33] – Challenges and cyber risks businesses are going to face in the next two years that concerns underwriters [13:52] – How important are controls for a business? [16:10] – Some of the future issues we may be facing Connect with Marcin: LinkedIn: https://www.linkedin.com/in/marcin-weryk-828a1a6/  

In this episode of CHATTIN CYBER, Marc Schein interviews Emil Bove, Trial and Investigations Lawyer at Chiesa Shahinian Giantomasi (CSG). Emil has extensive experience working in both the public and private sectors, starting his career as an assistant United States attorney specializing in cyber risk. Today, he speaks about the new sanctions announced against Russia following the invasion of the Ukraine, why Russia might push its financial transactions and assets into the crypto space, cyber enforcement trends pertaining to the same, and the recent collaboration of the private sector and the government sector for speedy cyber law enforcement and protection. Recently, in the aftermath of the Russian invasion of Ukraine, the US Treasury department announced a lot of sanctions against Russia. One result of that is that banks are trying to comply with the sanctions on both US financial institutions and international institutions, identifying their exposure to the sanction parties, sanction relationships, and figuring out how to address that exposure – whether that's blocking assets in some instances, or ending client relationships in others. Secondly, we're anticipating mechanisms for any sanction party to engage in sanctions evasion and access the international financial system and even the US financial system directly through correspondent accounts. Sanction parties need to innovate. Russian parties are also expected to push financial transactions and assets into crypto. Emil also discusses the trends in cyber enforcement. With Russia likely to venture into the crypto space, care needs to be taken while enforcing sanctions as not everybody is a Russian actor. Clients have to be sensitive to sanctions compliance. Recently, the OFAC has been sanctioning crypto service providers, some of which are based in Russia, who are non-compliant with US expectations for transparency and staying away from ransomware. Both on the regulatory and criminal sides, the government will be looking at public examples of non-compliant actors who are not seeking to implement the sanctions intended to choke back on Russia's access to the financial system. Another thing Emil talks about is the private sector's collaboration with the government in connection with the above sanctions. He predicts that the partnership will be significant because the technological expertise of the private sector can help speed up the government's work. The technologies used so far have repeatedly shown themselves reliable and trustworthy and have generated accurate results. For more, tune in to today's episode! Highlights: “There's a cyber component to the banks trying to comply with the sanctions to both US financial institutions and really international institutions, taking a look at what OFAC is doing. And identifying their exposure to these now sanctioned parties and sanction relationships, and figuring out how to address that exposure, whether that's blocking assets in some instances, or ending client relationships in others.” “There are a few understood mechanisms for any sanction party to engage in sanctions evasion, to access the international financial system, and sometimes even the US financial system directly through correspondent accounts. Sanction parties are going to need to take some new steps to do some innovation. And I think that one way that we're going to see that is Russia as a sovereign, and also just sanctioned Russian parties over there are going to push financial transactions and assets into the crypto space.” “There's then now a public opinion that sort of authorizes and endorses law enforcement collaboration with the private sector and use private sector tools in a sophisticated and developing space where government technology, especially in the law enforcement side, may not be quite as up to speed as where the more well resourced private sector parties are endorsing that and I think you'll see that going...

In this episode of CHATTIN CYBER, Marc Schein interviews Gregory Radabaugh about his wide range of experience in the military and information security, what the Russian-Ukrainian war illuminates about information security, and the essential practices civilians and security forces must equally adopt to strengthen cybersecurity. Retired Air Force veteran of 30 years, Greg comes with a repertoire of wealth that ranges beyond overseas reconnaissance missions. He has experience as a DOD civilian, a Defence Intelligence Agency analyst, senior Information Operations planner for the Air Force ISR agency (Intelligence Surveillance Reconnaissance), Director of the Joint Information Operations Warfare Centre, and many high-importance controlled defence and intelligence roles. But after finally retiring from the Department of Defense after 44 years, Greg has founded his own consulting company, Greg Bear Consulting. With the ongoing Russian-Ukrainian war always keeping world tensions high, Greg suggests you give “Unrestricted Warfare by Colonel Qiao Liang and Colonel Wang Xiangsui” a read for learning in depth about permanent warfare and the absence of a difference between civilian and military targets in the Ukraine-Russia war. Noting from the war updates, Greg shares that although Russia seems to be focussing on justifying their actions to their internal audience, making them see that all is being done to protect them, Ukraine is focussing on the external audience, primarily the West, trying to gain support from the US, NATO, and others providing material, financial, and medical support. He also discusses how both the countries are gathering and making use of commercially available data for warfare – from tracking locations, to cellphone ranges, and a whole lot more. Everything happening in the war is striking from an information perspective. The civilian sector, he adds, must prepare for war at this point as they could be used to incite or escalate conflict. There could be Denial Of Service attacks, deception, and other planned operations to impact the military by attacking people relevant to its personnel. Families of military personnel are especially targeted by these attacks. This is a side most people aren't prepared for. In conclusion, Greg shares that the civilian private sector needs to start thinking about security the same way the military does – for operational security. Using mobile phones and cameras in essential meeting places, not considering the secondary and tertiary access points in places, are a couple of the many things that go unnoticed. For more about it, tune in to this episode with Greg! Highlights: “The Western concepts of the law of armed conflict relying on Westphalian concepts of chivalry, interior, and territorial integrity, and what constitutes an armed attack don't apply to our adversaries and potential adversaries in the information environment.” “Think about how to provide operational security to your business. And then think about how do you shut down our second and tertiary information leakages and then decide, how do I mitigate this threat by doing things, for example, having an offline backup of my network, or having a secondary network that's offline that can go online immediately, if your primary one goes down?” “A greater awareness of these operations in the information environment is crucial to private sector success of industrial control systems, security is going to be absolutely critical to maintaining our first world environment that we live in and enjoy today.” Time-Stamps: [00:40] - Greg's early life and founding Greg Bear Consulting [05:29] - Where to connect with Greg [06:26] - What's happening with the Russian-Ukrainian war? [15:19] - Should the civilian sector prepare for a conflict at this point?         [20:42] - What can you do to protect yourself from cyber attacks? Connect with Greg: Website: https://www.af.

In this episode of CHATTIN CYBER, Marc Schein interviews Brad LaPorte, former top-rated Gartner Analyst for cybersecurity, veteran US Cyber Intelligence, and product leader at Dell, IBM, and several startups. He is currently the Advisor at Lionfish Tech Advisors and Partner at High Tide Advisors, apart from being the Board Advisor at 4 early-stage startups – NetRise, rThreat, RunSafe Security, and TBD. He is also the author of the recently released cybersecurity book, The Rise Of Cybercrime. Today, he discusses the reasons for the increasing number of ransomware attacks worldwide and the measures to avoid or mitigate the risks from the same. Explaining the increasing number of ransomware attacks, Brad shares that these days, all that is required to extort money from organizations is access to a keyboard on the internet. The barrier of entry to systems has been reduced. Additionally, over 98% of ransomware is paid out in Bitcoin, which is difficult to track. Starting November 2019, double, triple, and quadruple extortion tactics have started to be used, which has also added to this. Double, triple, and quadruple extortion tactics can be explained hence: Double extortion is the exfiltration of sensitive data. So, companies are forced to pay the attackers despite having the encryption key or backup data. Triple extortion is when attackers disrupt the critical operations of organizations involved in, say, manufacturing, healthcare, or education. The criticality of the attack makes organizations highly likely to pay the attackers. Quadruple extortion is when attackers directly attack your customers or key stakeholders also. Also called supply chain attacks, they are like a force multiplier and cause an exponential increase in the damages. Answering the question of whether or not to pay when ransomware attackers demand you to, Brad explains that one must try their best not to unless they're left with no other choice. He also touches on the best cybersecurity practices to follow to mitigate the risks due to the attack, like the 12 key controls given by Marc around cyber resilience. He adds that even though the actual amount paid to ransomware attackers is coming down over time, the number of threat actors is increasing with the decrease in their barriers of entry. One of the most overlooked reasons for cyberattacks is that over half of the organizations worldwide don't know about the assets they have in their environment, the third-party vendors and other organizations associated with them, and over 75% manage everything through an Excel spreadsheet as their asset inventory database. Care must be taken to ensure organizations are well aware of their assets, as these could be one of the easiest ways for attacks to happen. For more, tune in to today's episode! Highlights: “In trying to extort money from organizations, ultimately, all you need is access to a keyboard on the internet. So if you look at some of them (attackers), the people that can actually wreak havoc on organizations are quite vast.” “Even though the actual numbers of payments are going down and declining... The amount of groups are increasing because of that low barrier of entry and actually increasing it over time. ” “Over half of (the) organizations don't know what assets they have in their environment, and over 75% actually manage everything out of an Excel spreadsheet as their asset inventory database.” Time-Stamps: [02:33] - Why are ransomware attacks increasing? [07:15] - Should you or should you not pay when ransomware attacks require you to? [09:45] - The biggest things around cybersecurity being ignored right now [12:49] - Get in touch with Cory Connect with Brad: Website: https://www.linkedin.com/in/brad-laporte/

In this episode of CHATTINN CYBER, Marc Schein interviews Max Buchan, founder and CEO of Worldr. The conversation gets into cybersecurity for communication platforms, hybrid and in-person communication channels, and the factors that might change the way we communicate in the future. Max tells us how he got into cybersecurity while growing up in a small town in the United Kingdom (Canterbury), and how he revolutionized communication encryption around the world. He also worked as one of Coinshare's first employees, which helped him learn about data jurisdictional issues and encryption keys. Max has spent the last three years building his own company, Worldr, and has been offering security for communication platforms through it. Now, this might make you wonder: why is there a need for a company like Worldr for additional security services when most popular communication platforms have built-in encryption and security? Max explains that his company's products are not for every other user on the internet, but rather for those who do not want to change their communication platform and want to communicate in a more scalable and secure environment with no third-party inference. Worldr works with large corporations having a significant employee strength who want all of their data to be secure. Max also shared his thoughts on the best way to communicate in the future, saying that he believes it will be a hybrid style because some people prefer in-person communication while others prefer online communication for time efficiency. Max also addresses the current challenges that the CISO community is facing, as well as how they approached this application. He stated that the CISO community is currently very small and needs to scale and that people and governments all over the world are taking small but progressive steps in this space. He later mentions the concept of zero trust and how it influences product development. The conversation winds up with Max discussing the ever-changing and shifting cybersecurity space. Listen to the conversation for more details! Highlights: “We're not building these products for every single user on these platforms. I mean, these are great products, I believe, you know, for instance, Microsoft Teams, I think is approaching 300 million users, which is an incredible number. I mean, we don't build these solutions for the broad base, we build them for specific industry verticals that have needs that go a little bit beyond a one-size-fits for certain products.” “I want to caveat this by saying there are no zero-trust products, right? Because I feel like, you know, you go to one of these conferences, I was lucky enough to speak at InfoSec Europe, a month or whenever it was ago. And I mean, just everyone's got zero trust everywhere. And you know, it's an important concept. But it's not a product And again, it all comes down to essentially, least privileged access and building in controls and governance every step of the way, right into your entire policy outlook.” Time-Stamps: [00:42] – How did Max, while growing up in the UK, revolutionize communication encryption in not only the US but abroad? [02:07] – Why is there an additional need for security in various communication platforms when they are already highly encrypted? [05:29] – The communication styles of the future [09:12] – Challenges CISOs are facing today? [12:10] – What is zero trust? [13:34] – How cybersecurity space is ever-changing and shifting [15:11] – How to reach out to Max Buchan Connect with Max Buchan: LinkedIn: https://www.linkedin.com/in/maxbuchan/?originalSubdomain=uk Website: https://worldr.com/      

In this episode of CHATTIN CYBER, Marc Schein interviews Sherri Davidoff and Michael Kleinman about the rising ransomware attacks in cyberspace and the legal and operational ways to confront them. Sherri Davidoff is the CEO of LMG Security, and the author of three books, including "Ransomware and Cyber Extortion" and "Data Breaches: Crisis and Opportunity." Michael Kleinman is Special Counsel in the Data Strategy, Security, and Privacy Practice at Fried, Frank, Harris, Shriver & Jacobson LLP. The Russian-Ukrainian war has given us an open window into ransomware gang operations, thanks to some gangs facing internal discord, like the Conte ransomware gang, which became known for putting a pro-Russia statement and having a gang affiliate steal their internal information and put it out online. If sources are to be believed, the Conte ransomware gang has made at least $2.7 billion in Bitcoin over the past three years – a number drastically higher than any previous ones we've seen. The result of the explosive growth of such ransomware gangs is also that law enforcement is getting better at following the money and busting cybercriminals. However, the fight gets tougher as criminals move to more privacy-oriented cryptocurrencies. With the current geopolitical state with Russia and Ukraine in the way, cyber attacks are focused on more than economic gains, as our guests share. Vulnerabilities and attacks on critical infrastructure are predicted to rise. An interesting point to note is the OFAC advisory on ransomware from September 2021, which tends to assuage the risks towards individuals considering making a ransomware payment and avoid being hit with sanctions violation and the reputational and financial risks associated with that. This new advisory helps you if you implement cybersecurity practices, including those highlighted by Cisco, like having an offline backup, incident response plan, cyber training, and authentication protocols, and cooperating with law enforcement during and after an attack. You might never get a full sign-off, but these would certainly help your company's image significantly. The FTC is on the watch, and you need to look for a lock for vulnerabilities and repair or remediate them. If not, you'd land in hot water. The Ukraine-Russian war has also seen the introduction of new kinds of malware like wiper ransomware that wipe out the complete information from a system. These are known to have been distributed through software vendors like tax software. Though Ukraine is on the receiving end of these attacks at the moment, fears are the attack could extend to more countries. In situations like this which jeopardize our cyber health, early detection is critical. Also important is the need to have a coordinated industry-wide response to reduce the damage. As attackers get better at sneaking in and damaging our systems, our defense style also needs to grow from reactive to proactive. Prevention methodologies must also go hand-in-hand with government regulations. For more on this, listen to this episode! Please note that this podcast was recorded on February 25,2022  prior to the passage of the Cyber Incident Reporting for Critical Infrastructure Act of 2022. Highlights: “One of the points from the White House is to bolster resilience to withstand ransomware attacks. And for the past two decades, we've seen almost a reticence to push our businesses and organizations too much. Because we recognize cybersecurity as a cost.” “The new banking law was designed not to be overly burdensome to banks, but to give regulators an early heads up about issues. And that is super important, especially if you're concerned about large scale operational impact on our financial sector.” “Now is the time to deploy proactive measures, things like multi factor authentication, endpoint detection and response security training, we have to figure out what is blocking organizations and just jump over those h...

In this episode of CHATTIN CYBER, Marc Schein interviews Maria Colacurcio, CEO, Syndio, bringing pay equity in workplaces worldwide. Maria talks about switching from her liberal arts background to enter the tech space and eventually finding her purpose in leading the movement for pay equity in companies. A history and political science student, Maria's entry into tech happened by chance when she met a woman at a dinner party at the height of the tech boom, who suggested she move from nonprofits to tech, and even got her a referral to a marketing role at her company. Maria grabbed the opportunity and worked in the marketing division for the National Museum of American History at the Smithsonian and has over time, switched jobs and moved to technological roles at companies. At a point while she worked at Starbucks, the company was hyping about their pay equity announcement. Considering such things weren't mainstream conversation back then, it meant a lot. While exploring more about it during that time, Maria got to know the Head of the Global Employment Law at Starbucks very well, and learned the way that a typical traditional pay equity analysis is done – it wasn't good. She realized that not only was the system backward-looking and cumbersome, it also didn't reveal anything about the behaviors or practices that drive the pay gap in the first place. Desiring to make it better, Maria tried to infuse software innovation with proactive research to bridge the pay gap in organizations. She shares that this research has taught her the importance of starting pay in bridging pay gaps – you've to make sure it's done right to avoid pay disparities in the chain of employment roles. Maria also talks about the rising awareness around ESG commitments, including the perspective of institutional investors from the ESG lens and how they're trying hard to figure out what it means to have social ESG commitments as a company that has workplace equity embedded in the human capital. Another thing she talks about is how shareholder proposals requiring companies to disclose adjusted and unadjusted pay gaps have been featured in proxy season since 2015. As per statistics, 7 of the Fortune 100 companies face these pay gap disclosure proxies. And at 2 of these companies, it has succeeded. She also discusses pay transparency legislations that are forcing companies to post a good faith range for any new job position to avoid pay disparities. There are two sides to pay equity – equal pay for equal work and the median pay gap. Our litigation is largely centered around the first and there's a lot of legal risk to that. Companies also need to focus on the median pay gap, which is a reflection of opportunity – it's the averages. In California's SB 1162 – the legislation that just passed the California State Senate, it's not just about pay transparency on job ranges. It also includes disclosure of your median pay gap to the state and public reporting of your W2 earnings by EEO category. Companies need to do a full-body scan to adapt their practices to bridging the pay gap. Towards the end of the conversation, Maria also shares actionable ways to implement equal pay opportunities at workplaces. Tune in to this episode to hear all about it! Highlights: “It was this crack in the door, which has been a real consistent theme in my career, seeing sort of a door cracked open, and then just being curious, having that intellectual curiosity to say, I wonder what wonder that leads, and then kicking it open.”“The Head of Global Employment Law at Starbucks, and I started talking about, ‘Is there a way to infuse innovation in software to make this something that is more proactive to make this something that looks at for example, starting pay is the biggest factor in any pay equity analysis?'. So how do you look at starting pay, make sure at that moment in the employee lifecycle that you're getting it right so that you're not having this consistent and...

In this episode of CHATTIN CYBER, Marc Schein interviews Dana Mantilia, an online cybersecurity educator with an identity theft protection background. She discusses getting into the cybersecurity space, becoming a social media marketing and cybersecurity expert, and the challenges and opportunities in the industry. Dana joined cybersecurity in the identity theft protection world in 2017, developing a product for the same (called Identron). Gradually, she realized the need and the lack of education in the industry. That was also when the idea of doing some LinkedIn videos about the same for educational purposes came to her. As she continued on the same, COVID happened; and with it, she introduced online training for non-technical employees and has since become one of the most marketed cybersecurity individuals in the US. Dana moves on to discuss IT and cybersecurity. Addressing the gradual movement of IT professionals into cybersecurity, she explains that the two are still very different fields. She emphasizes that the two departments need to list their responsibilities and ensure they don't get mixed up. Discussing the importance of cybersecurity training for employees, Dana shares that it's easy for cybercriminals to trick an employee into hacking a computer system; hence, training methods must be given importance. She adds that although some of the training can be handled with technology, a lot of it needs to be done in person to make employees remember it for longer. Dana also discusses the most significant challenges faced when working with non-technical cybersecurity people. The most significant challenge is communication, i.e., speaking in layman's terms. She explains the disconnect when a lot of jargon gets thrown around, and the person listening cannot understand it. Work needs to be done to better this situation. Tune in to this episode for more learnings about cybersecurity and social media marketing from Dana! Highlights: “My thought process with cybersecurity is it's still not being embraced by the private sector, just starting to be really held feet to the fire with the government side of things. So this is the time to really build their online presence over the next three to five years. And then when everybody is forced to embrace cybersecurity, they're going to be the first ones that are going to be seen as an authority and they're going to be able to gain more clients.” “My videos are very short, very focused. And if I can I add a little bit of humor into them. And just hoping that people are going to remember what the point is that I was talking about in there.” “One of the biggest problems is that the technical people that handle the cybersecurity aspect of things, they're extremely intelligent people. But their communication skills, when it comes to speaking to somebody in layman's terms, is not always there's a disconnect there.” Time-Stamps: [01:02] - From Connecticut to the most marketed cybersecurity individual in the US: Dana's journey [03:14] - What can cybersecurity folks do to help grow their network? [05:32] - Why businesses must invest in cybersecurity training [10:47] - The biggest challenges in dealing with non-technical cybersecurity people Connect with Dana: Website: https://www.cyberdana.com

In this episode of CHATTINN CYBER, Marc Schein interviews Shiraz Saeed, Vice President and Cyber Risk Product Leader at Arch Insurance Group Inc. His role involves the strategic direction of Cyber Risk products or services at the company. Today, he talks about his exciting journey, playing multiple roles as a businessman, real estate broker, underwriter, and risk manager, and the people and situations that led him to build that. Shiraz spent the majority of his life working with his dad, who was a watch dealer. At that time, watch dealerships had a business model very similar to insurance, and hence, growing up, Shiraz was always around credit cards, retail sales and instances of fraud. He pursued his under-graduation in Finance and was interested in finding a career in either banking or Computer Science, which were a hot topic then. But realizing the challenges in the professions, he decided to work with his dad on his business full time. At a later time in his career, Shiraz also started a CTE course campaign across the country to get brokers, clients, and risk managers to understand risk management. By doing this, he could improve his ability to gain traction and deliver solutions, find policies that work at reasonable terms, and efficiently manage risks. Over the years, he received an opportunity to work with Starr, serving as the cyber product leader. He used the opportunity to learn about cutting edge technologies in the industry and further enhance his skills. He moved from there to work with Arch Insurance, where he serves as the Vice President and cyber risk product leader. During his conversation with Marc, Shiraz also shares his observations from the cybersecurity industry over the last ten years and what challenges the industry might face in the upcoming year or two. He shares that the frequency of cybersecurity incidents has increased massively over the past ten years and that we need to invest more in cybersecurity practices for more organizational and individual security in the future. Tune in to the episode today to learn more about cyber risk management from Shiraz! Highlights: “If you're gonna sell something, you have to make sure you know more about that product, that space, that industry than anybody you're selling it to.” “He [Shiraz's father] would always say [that success] it's 70% hard work and doing all the right things, and 30% luck, or forecasting or opportunity, whatever you want to call it.” “What has really happened over the past 10 years or so is the level of frequency of the incidents that we're seeing, has surpassed the amount of expectancy that any of us ever had.” “People want to maintain a level of sustainability in the marketplace.” “You got to be the educator, whether they buy it from you or not, whether they do business with you or not, you need to demonstrate or teach them about what it is all about, and why it benefits them and why it doesn't benefit them. And then, by doing that you automatically improve your ability to get traction, because you help them for real, whether you've made the money on it or not.” Time-Stamps: [03:49] - Shiraz shares his life's story with us [22:12] - Shiraz talks about the person who's helped the most in his career and life [23:57] - What Shiraz learns from his dad's journey in life [27:23] - Shiraz's thoughts on cybersecurity in the upcoming one or two years Connect with Shiraz: LinkedIn: https://www.linkedin.com/in/shirazsaeed/

In this episode of CHATTINN CYBER, Marc Schein interviews Steven Toppler, co-chair of the cybersecurity and privacy practice of Sterlington. He is also an Adjunct Professor at Nova Southeastern University Shepard Broad School of Law. Before joining Sterlington, Steven was the Chair of Mandelbaum Salsburg's Privacy and Cyber Security Practice Group. He is an ISACA certified CDPSE (Certified Data Privacy Solutions Engineer) and has been involved in cybersecurity and electronic discovery matters for over 20 years. Sterlington's work primarily revolves around private equity and family firms. With a strong litigation department, they also perform transactional work. Steven is involved in developing cybersecurity and assessing cyber risks for clients. During their conversation, Steven and Marc discuss M&A transactions, the changing cyber regulatory landscape, and mitigating risks on the buy-side and sell-side of the market. Steven explains that an M&A (merger and acquisition) is a transaction involving both purchase and sale. Both parties undertake a certain amount of due diligence in the purchase-sale environment; there are considerations on both sides with serious implications for liability. Therefore, risk evaluation pre and post-acquisition is necessary for private equity companies. The same principles apply regardless of the type of transaction (mergers, acquisitions, leveraged buyouts, management buyouts, trends offers). Also, the regulatory landscape in cyber risk is changing fairly dramatically. For instance, now, if an M&A transaction involving a health care type of entity that handles personal health information encounters a lately discovered or latent HIPAA problem. In that case, it violates the Privacy Rule – there's been a late discovered exfiltration. It could lead to escalations to several regulatory compliance departments. There should be a baseline security level on the sell-side, so you're not selling something that can put you into liability or potential liability on the buy-side. You also need protection on the buy-side to get certain representations and warranties from the seller; they ensure you have adequate insurance. You might also want to perform a cybersecurity risk assessment on the proposed acquisition to avoid warnings or trouble later. Steven explains that cyber diligence should begin at the very outset, because just like any other managed service provider, depending upon the interplay between the private equity company and the portfolio company, there will be an interchange of managed service. Protecting that information is necessary. Any private equity company needs to ensure that its subsidiary or holding companies portfolio companies are equally protected, depending on the type of industry or service they provide. To conclude, Steven advises avoiding cyber risks, starting with, do not call a number or tap on any unknown link – be conscious. Abide by cybersecurity tips at all times. Highlights: “In any purchase and sale environment, there is a certain amount of due diligence that has to be undertaken by the parties. And whether you are a buyer or seller acquisition or the acquired, there are considerations both on the sell-side as well as on the buy-side that can have very, very, very serious implications for liability.” “Cybersecurity is part of a business. It's part of your business functionality.” “Having a protecting on the buy-side means that you get certain representations and warranties from the seller, they also make sure that you have the adequate insurance, and maybe you want to maybe not even take necessarily the word or the representations of the seller, but perhaps you'll want a separate assessment and a separate cybersecurity assessment risk assessment done on the proposed acquisition.” Time-Stamps: [00:46] - Steven's entrepreneurial journey [02:27] - Cybersecurity interplay between M&A transactions

In this episode of CHATTINN CYBER, Marc Schein interviews Thomas DeMayo, Principal in the Cyber Risk Management group with PKF O'Connor Davies, LLP. Thomas is the lead Cyber Risk Adviser and Auditor for the firm. He is responsible for implementing and designing the Firm's Cyber Security service offerings, audit programs, and testing procedures. Thomas consults in IT governance, information security, threat and vulnerability management, privacy, and IT compliance. Today, he shares his backstory of getting into cybersecurity and what he's learned from his journey so far. Even as a kid, Thomas had a fascination for computers. After graduation, he ended up taking a job in network engineering at PKF O'Connor. Later on, he was asked to check on the firm's systems, IPS, and calculations. That led him to shift to cybersecurity. And around 2006-2007, he already had clarity on what he was supposed to do going forward. Thomas talks about the client benefits of partnering up with someone who has both cybersecurity resources and tax intellect. They can advise clients on a more cyber-specific path and help control their program. That's invaluable to a lot of clients. Towards the close of the conversation, Thomas talks about the future of a hybrid work environment. Hybrid working may or may not persist for a long time. But it is something that is not going to go away any time in the near future. Quotes: "Even as a kid, I was kind of always fascinated with getting the computer to do what I wanted." "We are those trusted advisors who are able to come in and say, yes, we can help you, we could advise you on a more cyber-specific path and help you control your program. That's invaluable to a lot of clients." "When we're helping them, we're advising them on what they need, and that's what matters; that's the key thing." "You have to challenge them to make you understand what their cybersecurity program is, or at least ask them, show us what your basic cybersecurity policy looks like. I think that's going to start to help you understand you even have a level of formality." "As the world wakes up and really starts to focus on this, they'll start to look at that supply chain risk." "Some businesses based on their business model will realize that this really does work. Our employees are happier and are still productive; we don't need to be in the office to do certain things." Time-Stamps: [01:43] – Thomas explains how he got into the field of cybersecurity. [03:58] – The benefits of partnering up with someone who has both cybersecurity resources and tax intellect. [08:33] – Reasons why more clients are engaging in services related to cybersecurity. [10:10] - Questions clients should be asking their Managed Service Provider. [13:25] - Where do you see this hybrid work environment going in the next 18 months? Connect with Thomas:  LinkedIn: https://www.linkedin.com/in/thomas-demayo-002bbb71 Website: https://www.pkfod.com/people/thomas-demayo/ Email: tdemayo@pkfod.com          

In this episode of CHATTINN CYBER, Marc Schein interviews Steven Kuperschmid, Co-Chair of Cybersecurity and Data Privacy at Ruskin Moscou Faltischek PC. Steven is experienced as a corporate M&A and securities lawyer. During the conversation, Steven shares his knowledge about cybersecurity in M&A deals, how (or whether) it impacts contracts and the different phases to setting an effective buyer-seller deal. He also talks about the growing need for cyber insurance in different industries today. At what point does cybersecurity integration happen within an M&A deal? Steven explains that it depends on the nature of the target's business. For the middle and upper-middle markets, like manufacturing and distribution, industrial technology, financial services, and healthcare, cybersecurity needs to be a priority. You must know whether the target business has Personally Identifiable Information (PII) - if so, cybersecurity needs to be prioritized irrespective of the industry. However, cybersecurity doesn't change different deal structures. Because a deal is chosen for tax reasons to mitigate the buyer's risk, cybersecurity is a far bigger problem than the signed contract. As for the signing of a deal, there are different phases: The discussion phase, where the buyer assesses the value offered by the seller and considers the different risks that might exist. The buyer then assesses the business from a technology point of view, evaluating the seller's internal policies and cyber hygiene. Lastly, a buyer does a lien search, looking at the lien report to gather more information about the buyer and their underlying debt instruments. Further in the conversation, Steven covers cyber insurance, explaining its relevance and importance in the cyber security industry. Having a good cyber insurance grasp can ensure the buyer can benefit from them during a data breach. Listen to the conversation for more details! Highlights: “Often, deal structure is chosen for tax reasons. But also, it's chosen to mitigate risk to the buyer. So you may choose an asset deal, because you don't want to incur any unknown liabilities that you can avoid by choosing an asset structure.” “I think the first thing the team needs to look at is the nature of the target, what's the targets business, you know, certain industries present greater risks than others. So if we were buying a company in the healthcare industry, or the financial services industry, it should be a huge focus, and usually is at this point now, now, four years ago, five years ago, maybe it wasn't as big a focus as it is today. But in those industries, it should be a huge focus.” “Every deal starts with a discussion of the business terms – the value of what's being paid, how it's being paid.” Time-Stamps: [00:53] - Steve's path to becoming one of the most well-known privacy attorneys in Long Island [10:47] - Does cybersecurity change different deal structures? [14:29] - The different phases of a buyer-seller deal [17:19] - A discussion on cyber insurance Connect with Steven: Website: https://www.linkedin.com/in/steven-kuperschmid-024375155                                          

In this episode of CHATTINN CYBER, Marc Schein interviews John Jenkins, Senior Editor and Law Firm Partner at TheCorporateCounsel.net and Calfee, Halter & Griswold LLP. During the conversation, John explains his journey to heading one of the most regarded M&A news centres in the US, cybersecurity risk assessment, and effective client management. Discussing the issues to be addressed in the negotiation of M&A agreements, John explains how smart buyers, from the outset, would be already invested in assessing the post-closing issues, integration, operations, handling contacts and the like. Depending on the nature of the transaction and the parties' sophistication, different professionals are assigned to clients to handle the cybersecurity assessment. In addition, when dealing with large firms with data breaches in the past, a separate team of forensic consultants is assigned to better understand the client's needs. Cybersecurity assessment needs to be the front and center for every buyer and seller. To win buyers, sellers need to showcase an infallible track record. To assess a company in a limited period, you would have to perform a risk assessment and then suitably allocate resources. Unless you do a risk assessment at the outset, resource allocation might not be clear. Further in the conversation, John explains the latest trends in sealing deals. As he shares, there's been an increase in deals engaging reps and warranties coverage over the years. Towards the close of the episode, John shares that cybersecurity assessment is part of a dynamic regulatory environment. Over time, it's only going to get more complicated for both parties (buyers and sellers) to scope the issues early on in any potential transaction. Listen in to get a detailed picture of cybersecurity risk assessment with clients. Highlights: “What's the environment we're dealing with here? How sophisticated is the seller, where its risks, what are its compliance environment?” “If you're a cyber person, that's where you look. But you may have competitive situations where your your due diligence opportunities are going to be somewhat limited and targeted, you're to get through to next rounds, you may have some more confirmatory due diligence at the end.” “So you have to do a risk assessment, and you kind of have to allocate resources based on your assessment of the risks, and obviously, the more sophisticated the risk assessor is, the better off that that process can be. So, it is something that needs to be done at the outset. Because unless you do it at the outset, you're not going to be able to engage in a really fully informed risk assessment process to allocate those resources.” Time-Stamps: [01:00] - John's cybersecurity journey [02:15] - Cybersecurity and M&A transactions [09:44] - Front end, Back end, and Due diligence evaluation [11:58] - Is there an increase in deals engaging reps and warranties coverage? Connect with John: Website: https://www.linkedin.com/in/john-jenkins-7449761b3/?trk=public_profile_browsemap                                  

In this episode of CHATTINN CYBER, Marc Schein interviews Cory Simpson, a legal advisor, adjunct professor, national security expert, and public policy pioneer. Cory has over two decades of experience advising the most elite organizations in the American military, Congress and Fortune 100 companies on cybersecurity, counterterrorism, emerging technologies and geopolitical risk. He discusses with Marc the state of cybersecurity pre and post-Russian invasion of Ukraine and how to prepare for any risks that might arise in the near future. The cybersecurity environment pre-invasion was described as VUCA—Volatile, Uncertain, Complex, and Ambiguous. It existed in a context where our political or economic internationalist security spaces were converging and was insecure in its standing. The illegal invasion of Ukraine is causing economic warfare, and Cory predicts that financial institutions will be targeted robustly; hence, cybersecurity would have to be strengthened in such organizations. But he also adds that large-scale systemic losses might not be observed. As of the present, Russia appears to be in a problematic situation domestically in terms of enduring starvation and facing higher living costs. A large reason why Ukraine is more transparent about the situation in its country than Russia is because of Russia's war crimes on the former. They've seen to have besieged cities, surrounded them with artillery and armor, cut off all supplies, and then indiscriminately bombed them until the people were dead. The media in Ukraine is taking deadly risks to get news and updates to the rest of the world. Towards the close of the episode, Cory advises organizations to be prepared to be agile in their plans because they'll have to adapt to a lot of changes that will happen in the coming years. For more, tune in to today's episode! Highlights: “If you want to be effective, for the IT/OT, it requires knowledge... physical knowledge of the facility, and that relationship between the IT and the OT, it is hard to do, to get that physical knowledge in the United States, it is probably easier to do in Eastern Europe, where it is known that more Russian actors are doing human intelligence on the ground.” “I think some of the access and placement of the Intel entities will probably be leveraged in the days and months ahead to inflict harm, but I don't know how much more replacement access they can they can get once they've burned that, because I think they're just going to be so overwhelmed with other issues.” “I think we all need to be prepared to be agile in our organizations and in our plans, because I do think we're going to be asked to adapt to a lot in the environment.” Time-Stamps: [01:00] - Russia's invasion of Ukraine and the associated geopolitical and cyber risks [07:52] - How likely are we to witness a large-scale systemic type of loss due to cyber attack? [11:23] - Russia and Ukraine's stance on sharing their message with the rest of the world [15:03] - Get in touch with Cory Connect with Cory: Website: linkedin.com/in/cory-s-simpson

In this episode of CHATTINN CYBER, Marc Schein interviews Jamie Singer, Managing Director FTI Consulting formerly, Executive Vice President at Resolute Strategic Services and Resolute Public Affairs. She is an ​​experienced strategic communications advisor with deep expertise in crisis communications, and has counseled Fortune 500 companies through some of the biggest reputational crises of the past decade. During the conversation, Jamie and Marc explore the need, process, and tips for effective crisis communication in organizations. Crisis communicators are partners to legal and breach counsel. The latter engages them in a tri-party agreement to protect privilege, helping them act as an interplay and an ongoing dialogue for risk mitigation. When must an organization have a crisis or strategic communication with an expert? Jamie Singer explains that strategic communications need to start early when an organization engages with its forensics firm and insurance carrier. This is partly due to the increasing number of ransomware cases organizations face today (both internally and externally), rendering their systems inoperable for operations. However, communicating a data privacy breach or incident with the clients or media should happen only after careful thought and investigation. Because the cyber world is fluid - information and facts change quickly. It's possible that in the time you communicated an incident, the positions have changed and the risks mitigated; but by then, the organizational trust would have gotten in jeopardy. Organizations must be careful about the cadence and timing of reporting such incidents. It's all easy until the media comes into the picture. With the internet always up-to-date with the recent advancements in any space, cybersecurity traders and bloggers are also the first to break any reports of security breaches in organizations. The nature of the news, however, is often ‘report and move onto the next', a fact that organizations can leverage. Jamie Singer explains that companies can use media to get their key messages to the key stakeholders through written statements (and not LIVE interviews as they might backfire). What can organizations do to mitigate cyber risks and reduce cyber incidents? Work on the communications aspect - consider your communications protocol, review and improve messaging. It includes finding a way to communicate even when corporate emails are unavailable. For more, tune in to today's episode! Highlights “A common pitfall we see is companies saying too much and too quickly - Crisis Management 101 - you should communicate the minute something went wrong as transparently as possible. The problem with cyber is, investigations are quite fluid, information and facts change frequently. And so the early bird doesn't always catch the worm in these situations, if you communicate too quickly, before your systems are remediated, or before you have all the facts that can actually erode trust.” “There's often a lot of focus on what we say to customers and media and external stakeholders, but we continue to see the employee audience being forgotten, and they shouldn't, because they wear two hats there, they could be impacted by the incident and they interface with customers. So they need to know what's going on.” “We approach media typically as a transaction, how can we use media to make sure we are continuing to reiterate our key messages to our key stakeholders, and often that can be accomplished through written statements.” Time-Stamps: [01:55] - When must an organization have crisis communication? [03:21] - Why you must think before communicating with the rest of the world about a potential (or observed) data security breach [06:19] - Managing the media in the event of a cybersecurity threat [08:02] - What can companies do to be better prepared in the event of a cyber incident? Connect with Jamie: Website: https://www.linkedin.

In this episode of CHATTINN CYBER, Marc Schein interviews Maria T. Vullo, Founder, and CEO of Vullo Advisory Services, PLLC, a strategic advisory firm. She serves on several for-profit boards, is Regulator-in-Residence at the Fintech Innovation Lab, and an Adjunct Professor at Fordham Law School. She was formerly the New York's Superintendent of Financial Services, responsible for managing a 1,400 person regulatory agency that supervises New York's banking and insurance industries. Maria has extensive banking and insurance regulation expertise, BSA/AML compliance, an understanding of cybersecurity and data privacy, fintech and insurance, and strategic litigation. In today's episode, Maria discusses her insightful career in DFS, working in private law and consulting practice later. She shares her experience working with private and public sector institutions and how both have added to her expertise in the law. Maria talks about finalizing the DFS Proposed Regulations Part 500 (Cybersecurity Requirements for Financial Services Companies) in 2017 and its significance. Not only was it a big deal in cyber, but it was the first in the nation at that time and is still a leading force in cybersecurity regulations. Maria adds that DFS has a huge responsibility in helping manage cybersecurity risks. It is responsible for the safety and soundness of all the banks and insurance companies that are state-chartered. Since any cyber risk could also create a potential financial risk to them, the DFS had to take steps to consider cybersecurity seriously. The government plays a huge role in combating cyber risk or ransomware. After the 'SolarWinds hack', the largest global cybersecurity attack that happened recently, the federal agencies and governments passed a pervasive executive order asking all private and public agencies to bring a unified approach to handling cybersecurity issues. The New York State Department of Financial Services (NY DFS) recently issued new Ransomware Guidancefor regulated companies to prevent successful ransomware attacks. This happened post realizing that 74 of their regulated institutions had suffered ransomware attacks, 17 of which needed to be paid the ransom. We also discuss the world of FinTech pre and post COVID and why insurance suffered in these times. Maria explains that in financial services, consumer protection will be a big issue for the Biden administration. Virtual currency is another central area of regulation considering its global reach. Maria closes the conversation by stating the massive role of cybersecurity protection in enabling cyber insurance. It will continue to grow in importance in the coming years! Quotes: “If you have a significant cyber cybersecurity attack, that's a financial attack and you have a ransomware attack that stops your business, has a huge impact, if not a closing impact on your bottom line.” “DFS as a regulator is very, very concerned with the financial soundness of banks, insurance companies, because there's all these people out there that rely on financial services for their banking for their insurance policies.” “The more that you follow the regulation, the more that you have security and everything else, the less likely it will be that you will suffer one, or if you do, there'll be mitigation measures that won't have as serious an impact.” “Cyber insurance is such a critical issue for all companies. And I think that it goes hand in hand with cybersecurity protection.” “The stronger your cybersecurity protections, the better able you are to get a good cyber insurance policy.” “The last thing that I want to see as a former insurance regulator is for insurance companies to not be in the space or for the pricing to be such that people can buy cyber insurance." Time-Stamps: [00:57] - Maria's experience working with both private and public sectors and how both of them helped her build a strong career in law.

In this episode of CHATTINN CYBER, Marc Schein interviews Jennifer Coughlin, Founding Partner at Mullen Coughlin, a law firm exclusively dedicated to representing organizations facing data privacy events and information security incidents and the need to address these risks before a crisis hits. Jennifer focuses her practice solely on providing organizations of all sizes and from every industry sector with first-party breach response and third-party privacy defense legal services. The second part of the conversation talks about regulatory compliance, investigations and movements, cyber insurance, how to mitigate cyber risks, especially those due to ransomware attacks, and the present and future cyber threats. On the regulatory front, many new laws and guidelines on cybersecurity are being proposed; regulatory investigations, too, are picking up well. Data shows that while over 30 movements happened in 2021, so far in 2022, 20 have occurred. These indicate: Increased reliance upon data and information systems A recognition of the impact of losing access to data and information systems Uncertainty around what businesses are doing with the massive amounts of data collected Consumers' recognition of data privacy Victim organizations have a ton of data that could help in the fight against cybercrime. Cyber insurance companies are helping organizations reduce the uncertainty due to cyber risks by setting up a vetted procedure and providing the necessary education to respond to data privacy incidents. With an evolved cyber insurance underwriting, companies can have increased safeguards, better implementation, and response to cyber incidents. How can your company mitigate cyber incidents? Conduct a data-mapping exercise, considering carefully the data you have on your system, the access controls, cost, loss in the case of security violations, and testing around that. Next, consider Multi-Factor Authentication - it's a necessity in any company. Mullen Coughlin has a 3-2-1 plan indicative of their practice of keeping 3 backups in 2 different locations, 1 of which is offline. Before dealing with ransomware attacks, companies need to take the time to understand their contracts, obligations, and responsibilities, so they're aware of the laws that apply in the case of a cyber incident. Being aware of the timelines and laws could help faster implement the necessary cybersecurity controls and practices. Additionally, training the employees properly about healthy cyber practices is essential. There needs to be proper learning and reinforcement of cybersecurity practices in organizations. Towards the close of the episode, Jennifer shares that cybersecurity incidents are not predicted to decrease in a coming couple of years. Job security in the industry appears strong. Listen to the conversation for more details! Highlights: “All these movements (around cybersecurity laws) are indicative of their recognition that victim organizations have a ton of data that would be really helpful in the fight against cybercrime. And they're not getting their hands on that. So under all of these movements, they're talking about sharing more information with them. So that when these laws are crafted, when these government meetings are happening, they have additional information that can be really helpful to the conversation.” “The cyber insurer has already figured out the call you make to set into motion, to ring the bell that is going to set into motion everything that needs to be done to efficiently and compliantly respond to these data privacy incidents; they've identified the resources that are needed to do so, they vetted these resources that are needed to do so.” “Vulnerabilities are being identified all the time, you've got zero day exploits being identified, you need to make sure you have a patch management program so that you're monitoring for patches issued for vulnerabilities,

In this episode of CHATTINN CYBER, Marc Schein interviews Jennifer Coughlin, Founding Partner at Mullen Coughlin, a law firm exclusively dedicated to representing organizations facing data privacy events and information security incidents and the need to address these risks before a crisis hits. Jennifer focuses her practice solely on providing organizations of all sizes and from every industry sector with first-party breach response and third-party privacy defense legal services. In the first part of the conversation with Jennifer, we explore her journey to Mullen Coughlin, the top three cybersecurity threats organizations have faced in the past couple of years, and a detailed analysis of the industries most prone to the attacks. Jennifer got into cybersecurity after John Mullen suggested the same to her decades ago, even before he got his first cyber case. They started their own cybersecurity firm Mullen Coughlin, which recently celebrated its fifth anniversary. Beginning with 13 attorneys, Mullen Coughlin expanded itself over the years and now has a team of 95 attorneys involved in data privacy and cybersecurity counseling. It is the largest privacy law firm in the US. Cybersecurity breaches and vulnerabilities have increased in the recent decade. Jennifer lists the increase in incident response matters hence: In 2019, they had 2350 incident response matters, it grew to 3551 in 2020, and 3954 the following year. These numbers are not including the regulatory defense, litigation defense, and compliance. The top three kinds of threats Mullen Coughlin handled in a recent couple of years have been ransomware attacks, business email compromises, and third-party events. As Jennifer draws in from her organization's reports, victim companies paid the attackers due to either of the following reasons: The threat actor deleted the data, and the victim organization didn't have backups because they were encrypted. Or the victim organization had backups, but obtaining the key was quicker for restoration purposes. 26% of the time, payments were made only for key and delete purposes. As statistics from 2020 show, only 25% of organizations paid the attackers ransom. 75% of the organizations agreed to take the risk as they didn't find it worth paying for a promise from a threat actor. The percentage of organizations making payments for ransomware attacks came further down to 18% in 2021, indicating considerable progress in cybersecurity. After assessing the likelihood of different industries being hit with cybersecurity threats, Jennifer breaks them down into 10 categories. As per her reports, in 2021, the top 10 industries affected by cybercrime (from the highest percentage of cases to the lowest) were as follows: Financial and Professional services Manufacturing and Distribution Healthcare and Life Sciences Technology Hospitality and Entertainment Education Government Non-Profits Energy Others Compared with the reports from 2020, the Manufacturing and Distribution industry remained at the second position. Evaluating the possible reasons for the consistently high levels of cyber threats in the industry, Jennifer says it could be because of inconsistent deployment of cybersecurity practices in organizations and a lack of thoroughness about cybersecurity safeguards, laws, and regulatory compliance procedures. Now, what do the threat actors do with the acquired data? They put it out on the dark web or get it sold. Listen to the episode to get detailed insight into the explained cybersecurity threats and figures! Highlights: “We are as successful as we are because of every single person on our team. And we recognize that everybody, recognizes that they are valued, and they are part of helping organizations through these really scary events, defending them in regulatory investigations and litigation and also helping them be better before they experience (cybersecurity...

In this episode of CHATTINN CYBER, Marc Schein interviews Ted Carlson, Co-Founder and President of Marcum Technology, a renowned Information Technology Consulting Firm in the US. During the conversation, Ted and Marc explore the former's journey into consulting and technology, Marcum's service and client diversity, and some thoughts on ransomware attacks. Marcum Technology is essentially an accounting firm, with technology being its core driver. In addition, the firm offers robotic process automation, business continuity, disaster recovery, and incident response through digital forensics. Ted explains how the company helps organizations prevent ransomware incidents by using parallel networks, adequate backups, and strong infrastructure. He adds that depending on the severity of the attack, the recovery process could vary. Firms should practice testing and rehearsal to ensure business continuity during an attack. Gathering lessons from his entrepreneurial journey, Ted suggests why you shouldn't be hesitant to chase your passion. Though taking advice from people could help sometimes, it's essential to do what you enjoy because that's what would produce better results sometime down the road. He also states why you might not want to wait for years shifting and switching jobs only to choose another path later – it would be challenging to restart your career 20-30 years after. Don't let people hold you back from living your dreams. Tune in to the episode to learn what it takes to build a successful career in the rapidly evolving consulting industry. Highlights: “Whenever there's a merger or acquisition, we're basically stripping off the technology components of those firms. And we're kind of blending them into the marking technology division.” “You can take a certain advice from people, but you really, at the end of the day, have to do what you enjoy, and (do) whatever you feel confident, and that will produce better results down the road.” “Whatever interests you have, and whatever excites you, I would say, don't wait, because a lot of people end up waiting and switching during career changes 20-30 years later. And, it's not that easy to do.” Time-Stamps: [00:41] - Ted's entrepreneurial journey [01:22] - Advice for college students to chase their passion [04:18] - More about Marcum [05:19] - How to prevent ransomware incidents in companies Connect with Ted: LinkedIn: https://www.linkedin.com/in/ted-carlson-14977a18/                              

In this episode of CHATTINN CYBER, Marc Schein interviews John T. Wolak, chairman of the Privacy & Data Security Team at Gibbons P.C. He has extensive experience handling privacy and security issues, cyber insurance coverage, policies, endorsements, risk mitigation and exposure, and due diligence for regulatory compliance. He has been named an "Insurance Lawyer of the Year" (Newark, NJ) by Best Lawyers® and selected for the New Jersey Super Lawyers list for Insurance Law. During the conversation, John recollects his journey into cybersecurity, his experience working with the Y2K problem, biometric technology, and the regulatory tiers that apply to biometric data handling. After graduating law school, John clerked for a federal district court judge in New Jersey. He then joined Gibbons, and as a young associate, he was staffed on one of the most massive environmental insurance coverage matters of the late 80s and early 90s, an experience that proved not only challenging but very interesting. It set his trajectory in legal practice. He later got involved in the Y2K bubble, which ironically wrapped up in early January 2000. Over the years, John has counselled, covered and handled various cyber issues, most recently, diving into biometrics. Drawing parallels between the Y2K problem (or the Year 2000 problem) that “caused” data formatting and storage issues after the year 2000, and the issues surrounding cybersecurity today, John explains how uncertainty is the common ground. We're now faced with the uncertainty of compliance obligations, risk mitigation, and cyberattacks, especially since biometric data usage has increased. Biometrics are the physical or behavioral characteristics that are used to measure or identify an individual, including facial recognition and fingerprints. With biometric verifications and data usage on the rise, privacy advocates are increasingly concerned about its risks and possible violations. Biometric data has three tiers of regulation. The first is the biometrics-specific regulation that addresses only biometric information and its collection, use, processing and storage. The second tier is biometrics within the definition of personal information, and the state-specific regulatory regimes, like the CCPA, the Colorado statute, and the Virginia statute that say any individual's personal information must be appropriately used, stored and protected to ensure privacy and security. Most states have included biometric information within their Breach Notification statute and require notification of a breach involving an actual fingerprint or algorithmic formulae of a fingerprint – that's the third tier. Towards the close of the episode, John shares why individuals need to be aware of the private right of action, and how it can be a pain or a joy for different people. The private right of action is a statutory provision that provides private citizens the ability to enforce compliance with a statute by commencing a lawsuit against an entity violating the statute. It can generate a lot of litigation, and often proves a joy to plaintiff's lawyers as any failure may allow the plaintiff or plaintiffs in a class action to recover statutory damages. The pain caused is to the business that does not comply with the statute and is the target of the lawsuit and damages. Listen in to learn more about the cybersecurity regulations in effect today. Highlights: "The y2k risk was kind of the fear of the unknown. What was going to happen if my computer system completely goes down? That's a simple statement, or simplistic statement about the issue, but it was the fear of the unknown." "If you're a cyber person, that's where you look. But you may have competitive situations where your due diligence opportunities are going to be somewhat limited and targeted, and you're to get through to next rounds, you may have some more confirmatory due diligence at the end."

In this episode of CHATTINN CYBER, Marc Schein interviews Joseph J. Lazzarotti, Principal in the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. He founded and currently co-leads the firm's Privacy, Data and Cybersecurity practice group, edits their Privacy Blog, and is a Certified Information Privacy Professional (CIPP) with the International Association of Privacy Professionals. Trained as an employee benefits lawyer focused on compliance, Joseph also is a member of the firm's Employee Benefits practice group. During the conversation, Marc and Joseph explore the latter's insightful cybersecurity journey, Jackson Lewis's growth and service offerings, and the importance of better client-service provider rapport in cyber insurance. Joseph started at Jackson Lewis in the early 2000s as an ERISA and tax attorney doing employee benefits work. At the same time, the HIPAA Privacy and Security Rules and the first data breach notification law in California were passed, which piqued Joseph's interest. It led him to investigate cyber security issues for clients, and he gradually built a growing team around it. Jackson Lewis stands as a forerunner in insurance panels with a fair advantage of deep experience dealing with carriers. They understand the rate pressures, the need for responsiveness, the process of doing insured work, and encourage meaningful customer relationships. Over the years, clients have started to become more engaged in buying cyber insurance. Though one could attribute it to a contractual obligation, they're mainly concerned about dependent business interruption from a cyber incident. To help with that, Joseph advises firms to examine the coverages, risks, retention, coinsurance, and related aspects to better understand the client business and help them achieve their sayings wisely. Interestingly, people tend to have a good relationship with their brokers on the health plan side. Joseph hints at how the trend is gradually setting in in cyberspace as more cyber firms are working on building better client relationships by assessing and handing policies that genuinely benefit them. Further in the dialogue, Marc and Joseph discuss cyber compliance and its ever-changing landscape. Though the term has existed for a long time, it has continually evolved with new amendments to cyber laws and acts and varies from institution to institution. It's necessary to comply with any regulations, for non-compliance can impact your reputation. Highlights: “Compliance is a great word, and it means different things to different people. Some people, when they hear compliance, they're like, well, if we're 80% of the way there, that's good enough, that's compliant.” “Compliance also means doing all the things that you need to do with respect to the regulatory environment in which you're in. And for different companies, that means different things.” “You may not be able to make information available to your customers, you may impact your reputation, all of that also plays into compliance in the sense that if we comply with a reasonable set of safeguards, we can really save our business.” “What's interesting there is this personal liability, potentially, right with fiduciary obligations under ERISA for companies that don't do that, for individuals who don't meet their fiduciary role, as well as on the other side for advisors and other entities that service plans.” Time-Stamps: [00:43] - Joseph's entrepreneurial journey [03:43] - Where to contact Joseph [05:17] - Advice around insurance coverage for clients [12:33] - Cyber compliance amid the rapidly changing organizational landscape   Connect with Joseph:   Email: joseph.lazzarotti@jacksonlewis.com                                

In this episode of CHATTINN CYBER, Marc Schein interviews Peter A. Halprin, partner at Pasich LLP's New York office, where he assists policyholders with insurance coverage issues. He is also an adjunct professor of law at Cardozo Law with expertise in areas of arbitration, commercial law, dispute resolution, and processes international arbitration. Today's conversation is centred around privacy laws and explains the Biometric Information Privacy Act (BIPA) in detail. The BIPA came around in 2008 and had since stood out from other privacy laws for its extensive litigation surrounding its purpose, scope of implementation, and relevant details. It intends to cover protection for biometric risks, including fingerprints, retinal scans, and several other face or body detections that have become commonplace today by regulating the collection, dissemination, storage, consent, and destruction of any associated data from the point of generation. Any exclusion on the distribution of materials that violates a statute, particularly TCPA, would also apply to PIPA or other similar claims. Moreover, the BIPA also allows a private right to action, which means you can individually sue people for violations. Peter explains this by breaking down Six Flags' fingerprint scan privacy issue, for which the entertainment corporation was slammed $36 million by the plaintiff as settlement despite having refused any fault or liability. Bigger privacy violation claims can have a twofold benefit from insurance – helping with the defense of the claim and indemnity or the settlement of a potential class of action. A recent decision by the Eastern District of North Carolina has brought into light the importance of having your risk coverage neatly handled under a cyber policy. In conclusion, Peter explains why it helps to have a broker to assess your policy – the more expressed the coverage, the better informed you are of the risks. Additionally, having the right policy can reduce the liability and defence costs on your side. Highlights: “The interesting thing, I think that we're seeing, too, is a lot of litigation about whether or not insurance should respond. But I caution that most of those cases involve general liability, or business owners policies, and not cyber insurance.” “An exclusion based on the distribution of materials in violation of a statute, particularly TCPA, would also apply to PIPA or other similar claims. ” “I think that the main thing that people need to keep in mind is just when you're doing policy reviews, and when you're working with your broker to assess your policy, the more expressed the coverage can be for something like that. I think the better to know exactly what is and what isn't covered when you're buying your policy so that you can really understand the risks associated with what you're doing, then to try to have to figure it out after the fact.” “If you're working with your insurer and your insurance providing coverage is that they may see a lot of these claims for a lot of their clients. And so panel counsel or counsel that is pre-approved may have a lot of experience by doing these things. And it may even help reduce liability and perhaps defense costs on that on that side, too. ” Time-Stamps: [01:51] - Peter talks about his work and involvement with cyber insurance [03:03] - Exploring the BIPA in detail [07:27] - Does the BIPA have a private right to action? [09:53] - The role of insurance in bigger privacy claims                                

In this episode of CHATTINN CYBER, Marc Schein interviews Michael Bruemmer, VP of Consumer Protection and Global Data Breach at Experian Consumer Services, CA. Marc and Michael discuss the latter's education, upbringing, unexpected journey into cyberspace, and unique business model and services. Michael entered the cyber industry fifteen years ago, after quitting working on the tech side for Dell and Lenovo. After returning to Austin, he joined CSIdentity, leading the sales, data breach, and identity theft departments, and hasn't looked back since. Michael attributes Experian's success in insurance cybersecurity with three things -- their Program and Events Manager, their family of forensics experts, privacy attorneys, data analysts, and notification vendors (among many others), and the powerful brand and community they've created within the organization. Their notification industry work includes fraud resolution, offline enrollment, and identity theft protection. Michael explains that the foundation of his work hasn't altered in the past three years and continues to focus on consistently delivering incident notification services, meeting deadlines, and ensuring customer satisfaction. He discusses Experian's unique business model that provides an ongoing fraud resolution, using which clients can get a year's worth of credit monitoring. Michael also touches on Experian's plans of rolling out crisis management response services soon. The best practice to mitigate cyber risks at any company is to consult with cybersecurity experts before a potentially harmful incident has already occurred. Even if you haven't had an event, Michael explains that you should always have a private attorney and a cyber insurance provider at the ready. In the event of a suspected breach, you need to reach out to them quickly. Towards the close of the episode, Michael also talks about ransomware attacks and the percentage of companies giving in to such threats today. Tune in to this episode to learn in better detail about thriving in the cybersecurity industry. Highlights: “We value our relationships with people that refer us, that don't refer us, because it's such a small community. If your reputation is good in that community, it goes a long way but it only takes one bad event, one dissatisfied customer and then things don't go so well after that.” “What I suggest is that you have a privacy attorney, you're also able to operate under privilege as you if you so choose to. And we're always encouraging that with any client.” “The survey that ZD net said was that, in actuality, 83% (of companies) paid the ransomware, which I found was really interesting, despite the FBI, despite the other regulatory agencies, they don't pay, you're probably going to get it dumped on the dark web, let alone your brand is going to be exposed. Let alone you'll never get the encryption key.” “About 50% of the events that we get contacted in become never notifiable. So in other words, we don't even go into action, but we still get a heads up so that we can prepare.” Time-Stamps: [00:43] - Michael talks about his upbringing [04:38] - About the cybersecurity services provided at Experian [05:58] - The notification practice at Experian [10:21] - Why you need legal counsel before a potential cybersecurity breach/ threat Connect with Michael: Website: www.experian.com/databreach LinkedIn: https://www.linkedin.com/in/michaelbruemmer/    

In this episode of CHATTINN CYBER, Marc Schein interviews Brian Vallelunga, CEO of Doppler, a San Francisco-based company that provides API and password management software for developers. Brian has been featured in the Forbes 30 under 30 for enterprise technology experts for his outstanding achievements with Doppler. In addition, he has attracted the likes of Sequoia, Greylock, Kleiner Perkins, and Peter Thiel to invest in his startup. Brian worked at Uber and was involved with their crypto and machine learning marketplace. Working at Uber gave him the needed experience and stability to help launch his own business. He founded Doppler to make security easy and accessible for developers, which would increase a company's security further. A significant challenge Brian and his team faced with their company was fundraising -- almost all the investors they came across were a bad fit for their company. It led them to join YCombinator, a startup fund and program that has helped launch over 3000 companies to date. normal, including working from anywhere, and why Doppler is more relevant for companies today than ever before.

In this episode of CHATTINNCYBER, our host Marc Schein interviews Stephen Palley, partner at Anderson Kill. He chairs the Technology, Media and Distributed Systems group of the organization. Stephen is also a regular speaker and prolific writer on insurance, construction, and technology. He is the lead editor and contributing author to the ABA Forum on the Construction Industry's best-selling treatise on construction insurance. When in law school, Stephen had planned on becoming a technology lawyer. In a few years, Stephen had learned programming, found a new method for settling cases, and turned it into a software program! He then came across Bitcoin and Ethereum - two branches of crypto assets, and started working for crypto clients both on the front end regulatory compliance and handling disputes. Hence, interestingly, Stephen had set his career as a successful crypto lawyer at a firm best known for representing policy holders. Stephen speaks on regulatory crackdowns within crypto in the U.S. and China. The crackdown in China has impacted Bitcoin miners, and a lot of that impact has moved to the U.S. But Stephen firmly believes that a similar crackdown cannot happen in the U.S. Stephen also comments on recent guidance from the OFAC around Bitcoin and the facilitation of ransomware payments. He says the guidance puts victims in between a rock and a hard place. Stephen also gives guidance for millennials and Gen Z'ers who are fascinated by cryptocurrency. He says no matter what new thing is brought up, you need to remember that regulators and law enforcement judges will have access to it. Also, this is never quick money without effort - risks exist. Quotes "We already have a fairly well-developed regulatory framework and a way of understanding crypto. I think it is too deeply embedded in our business at this point for it to disappear." "What we do tell people is that when faced with a conundrum, we definitely want you to be in touch with law enforcement." "If you are expressing a favorable opinion publicly about a security and you have a stake or position, and if you are being paid to promote it, under federal law, you have to disclose that." "Just because you gave something a new name doesn't mean that regulators and law enforcement judges won't be able to deal with it and address it." "One of the reasons for the fascination with space is pure and simple: the promise of hope for quick profits with not much work. I'm sorry, but it comes from somewhere, there's always a risk, and somebody always pays." "What people don't know is what's happening behind the scenes. Most regulatory enforcement actions are confidential. You have no idea what the competitor is dealing with." Time-Stamps: [01:03] - Stephen reveals his story of getting into insurance law and crypto. [04:21] - Stephen comments on the regulatory crackdown in crypto in the U.S. and China. [08:30] - Guidance from OFAC on Bitcoins and facilitation of ransomware payment. [12:47] - Advice for the millennials and Gen Z who have a fascination with cryptocurrency. [14:33] – Risk management and insurance policies. Connect with Stephen: Email spalley@andersonkill.com LinkedIn  https://www.linkedin.com/in/stephendpalley    

In this episode of CHATTINN CYBER, Marc Schein interviews Omar Refaqat, Senior Manager of Crowe's Cyber & Risk Consulting Practice. Omar has extensive experience working as a #Telecom and Networks Engineer at several successful companies before venturing into cybersecurity. Omar's chats about his engineering background which gave him a solid foundation to understand today's threats, technologies, and opportunities. Credit card fraud, email fraud, hybrid attacks, and sim spoofing are the different types of attacks increasing every passing day. Omar explains  simspoofing is the technique used to defeat MFA multi-factor authentication. In this type of #fraud, attackers redirect the messages or #data from your phone's sim to their phone so that the authentication code you're supposed to receive in your phone goes directly to them. Cryptocurrency and blockchain adoption has exploded.  We chat about why there's so much trust around the two technologies and why people are increasingly drawn to them. Highlights: “What we've seen over the last decade or so is really a convergence between that and cyber threats and cybercrime.” “It's interesting that it's really a push-pull effect. The banks, central and insurance and credit unions are moving in this direction, but the cloud providers are finally also waking up to the fact that they have this huge industry out there that really wasn't that excited about their products and services.” “And that's the basic technology underlying cryptos. Think of this as a distributed ledger where you don't need an intermediary to provide that trust. And it's really that everybody has access to it, you can see what everyone else is doing. And that's where the trust comes from.” “What we have seen from our perspective as an accounting firm, we have a risk practice, we have a consulting practice, we have a fairly large audit practice as well. All these things tying together security can no longer be treated as siloed service or applicant application.” “The way we work with our clients is, as we said, we start with really helping them from the advisory perspective, from a consulting perspective in doing risk assessments, understanding where the technology risks lie in helping them put together those in various programs to help build controls mitigate the risk to the extent that they want to and they need to, and then come in as retirement as an audit practice and make sure that, that ethical framework is is compliant and effective.” Time-Stamps: [01:17] - Omar shares his life's story with us [03:44] - Omar shares about his time in the finance industry and the convergence of finance and cyber crimes [06:43] - What is sim spoofing? [15:15] - What technologies can financial services industries make use of? [25:38] - Why technology can no longer be seen as a siloed type of service Connect with Omar: LinkedIn: https://www.linkedin.com/in/omarrefaqat/