In The Press
The Other Cyberthreat: Business Email Compromise Schemes
By now, it has become clear that virtually any type of organization could be the target of a large-scale computer-based data breach incident, from multinational corporations to local school systems. Indeed, many cybersecurity professionals accept the notion that, for nearly any entity, the question is when, not if, it will experience such an incident. Further, the consequences of these incidents can be significant, often triggering internal investigations, regulatory scrutiny, class action lawsuits, congressional inquiries, reputational harm, the departures of key executives, adverse media coverage, and, in at least one recent example, a $100,000 ransom payment.
Each public revelation of such a breach — most of which involve hackers accessing or acquiring large quantities of personally identifiable information (PII) — generates front-page newspaper headlines, armchair quarterbacking by cybersecurity professionals, and the inevitable comparisons to other big data breaches to assess and rank its relative size and scope. And like a mini-mite soccer game, in which the players swarm to the ball like moths drawn to a light, the media, lawyers, regulators, companies and cybersecurity professionals obsess over each new incident, trying to assess how the intrusion might have been prevented.
Start date: December 21, 2017
Location: Law 360