The Changing Cyber Threat Landscape and Lessons Learned From Data Breaches

Last month, Paul Hastings sponsored the Cybersecurity Law Workshop at the Spring Privacy & Security Forum held at George Washington University in Washington, D.C. The Cybersecurity Law Workshop featured three panels of experts from both the public and private sectors who offered insight into the various cybersecurity issues companies face on a day-to-day basis.

The third panel, “Cyber Threat Landscape: Lessons From the Latest Data Breaches,” was moderated by Michelle Reed, partner at Paul Hastings, and featured panelists Carlos Pelayo, executive VP and chief legal officer at the Mr. Cooper Group, and James Perry, global vice president of digital forensics and incident response at CrowdStrike.

The discussion focused on the ever-changing cybersecurity threat landscape and ways for companies to enhance their current incident response and recovery processes.

The Profile of the Threat Actor is Changing

The panelists spoke about the new cybersecurity threat actors. While previously, the threat actors approached their attacks in a targeted and highly organized manner, they are now operating in a more dispersed structure, focusing on a few, high-profile, individualized attacks — instead of attacking 100 computers at one company, the target is now one computer at 100 different companies. The threat actors focus on the quality of the data they are able to exfiltrate and not necessarily the quantity of data. From impersonating help desk support to going through the process of applying for and successfully obtaining a remote developer job and having company equipment sent to a “laptop farm” to collect data, the threat actors are continuously finding vulnerabilities within the normal company systems and processes.

Incident Response and Recovery Must Be Practiced

In response to the changing threat actors, the panelists emphasized the heightened need for companies to train individuals on their incident response processes and to test both the response and recovery processes as a regular part of a company’s cybersecurity safeguards. In partnership with legal counsel and incident response service providers, the company should have the goal of ensuring that individuals understand their responsibilities within the incident response and recovery process, know the roles and responsibilities of the others on the incident response team and feel empowered by leadership to make critical decisions when needed. Testing of incident response processes should also include review of security tools to ensure they have been customized appropriately to the company, as well as a review of the data governance structure to ensure it is not overly burdensome or rigid and allows for uncertainty.

Vigilance Across the Company is Necessary

Finally, the panelists stressed the importance of individual employees remaining vigilant against cybersecurity threat actors. Employees should be skeptical of unsolicited emails and phone calls and should know where to go and how to report suspicious activities. Companies should be aware of the software and devices used by employees and ensure that patches are properly deployed in a timely manner, especially for edge and/or end-of-life devices. Ultimately, the goal should be to make it difficult and time consuming for the threat actor to breach company systems.

Our Privacy and Cybersecurity practice regularly advises companies on key cybersecurity best practices and conducts incident response trainings and exercises. If you have any questions concerning these issues or any other data privacy or cybersecurity developments, please do not hesitate to contact any member of our team.