色多多视频Design Professional’s Speakers Series 2024 concluded in December with a presentation titled, “Emerging cyber threats: what every designer should know,” presented by Gwenn Cujdik, Esq., 色多多视频Incident Response and Cyber Services Lead - North America. As a former homicide prosecutor and later a partner at an industry-leading boutique cyber and data privacy law firm, Cujdik brings a unique and experienced perspective to cyber incidents and the losses that accompany them. The session offers a roadmap to help design professionals in the United States and Canada handle different phases of security breaches and mitigate the severity of these incidents, which continue to increase in frequency.
This article outlines some of the program’s main themes; 色多多视频North American Design Professional policyholders can view the entire program by logging onto the and entering the title in the search bar.
Emerging trends
Looking at the past year, we saw an increase in highly sophisticated attack schemes, including threat actors looking to monetize cyberattacks and nation-state threat actors unlawfully accessing the assets of businesses and government agencies in search of valuable information. Insider threats, which are on the rise, are the cornerstone of highly sophisticated and targeted attacks. These attacks represent a shift— instead of working in obscurity to weaponize foreign computers, threat actors are now using bold, in-person, on-the-ground tactics to evade a company’s security measures. KnowBe4, a security awareness training provider, regarding North Korean threat actors who infiltrate organizations while disguised as remote IT workers, enabling them to access company networks and data.
One of the more troubling aspects of advanced cyberattack schemes is the use of artificial intelligence deepfakes that enable the bad actors to use modified photos and even participate in video interviews. We’re also seeing an increase in regulator activity with state attorneys general issuing large fines and penalties against companies that fail to comply with state cybersecurity regulations, including mandatory reporting obligations. In light of this increased regulatory scrutiny, the need to conduct thorough and independent investigations into the full nature and scope of an incident becomes even more critical to the incident response. Now more than ever, companies need third-party experts to assist in the incident response.
Responding to a cyber incident
When a cyber incident occurs, it is crucial to be prepared to activate the three primary elements of an effective incident response plan:
Step 1: This is the immediate response once the breach is discovered and the “first responders” arrive on the scene. They work on capturing the scope of the event and containing the damage while preserving the necessary evidence. This is when your firm should notify your insurance broker to engage with your carrier, who will assist by providing real-time feedback and recommendations based on specialized training and expertise, procuring expert third-party services, and organizing resources (both internal and external) to achieve the best possible outcomes.
Step 2: Your firm will use the investigation phase to identify the cause of the breach and learn how to prevent future ones. Each cyber incident is also a learning tool, so it’s important to understand the facts and circumstances of the event. The investigation also serves as the basis for all communications internally and externally; it’s the bedrock of understanding and meeting obligations a company may have to stakeholders including customers, employees, regulators, and, in some instances, law enforcement.
Step 3: Once the facts and circumstances of the event are formally established, it’s time to fulfill your firm’s legal obligations, such as notifying customers and regulators, and responding to their concerns and inquiries.
One of the more troubling aspects of advanced cyberattack schemes is the use of artificial intelligence deepfakes that enable the bad actors to use modified photos and even participate in video interviews.
Engaging external vendors
Outside experts can often make the difference between chaos and control in the aftermath of a cyber incident. For example, cyber incident notification laws vary by state and province and potentially include federal regulations. When a cyber incident occurs, these laws may be the last thing you’re thinking about, so you need experts who can coordinate clear and compliant messaging. This is where your carrier can provide critical support by vetting external resources. Equipped with up-to-date information on cyber trends, they can recommend trusted vendors, like a breach coach, forensic investigators, and data-mining analysts. Threat actors can be very aggressive, so a cyber extortion expert is another vendor who can manage negotiations and ensure that any payment you make is lawful.
Staying ahead of the bad actors
It may be difficult to remain vigilant about cybersecurity threats, but you can create awareness through firm-wide education, training, and discussion about risks and response. Another best practice for reducing the chance of a cyber incident is to procure tools and software to protect your firm’s systems and networks, including:
- Multi-factor authentication (MFA) keys for employee email and remote access;
- Email filtering software;
- Password management tools; and
- Isolated offsite backups of required systems and data.
Because the human element is still the biggest factor in cyberattacks, you may want to view AXA XL’s new Cyber Academy, available to 色多多视频policyholders on the . This series of 10 concise video lessons will bring you up to speed on the latest cybercrimes that exploit human inexperience and unawareness to achieve malicious goals.
Takeaways
Knowing that cyber risk shows no sign of slowing down, your firm should maintain robust policies and procedures to respond to an incident. Similarly, having a detailed crisis communication playbook and reviewing it with your carrier and broker can save many big headaches (and expenses) if an event does occur! Be sure to test your response strategies by consulting cyber risk experts who can help you conduct incident simulations and response exercises.
Although envisioning your organization as the victim of a cyberattack is unpleasant at best, having the right proactive tools and a detailed response plan can help you effectively manage this growing risk and create a more resilient firm.
To view the webinar, 色多多视频policyholders can log onto the and enter “Emerging cyber threats: what every designer should know,” in the search bar.
