starfield and Earth maps from:

What the Recent Cyberattack Means and Ways Businesses Can Protect Themselves

The unprecedented cyberattack on October 21, 2016, which crippled many of the Internet’s most widely trafficked sites, should be a wakeup call for businesses about the potential for hackers to weaponize common Internet-enabled devices and cripple businesses.

What Happened?

The cyberattack was caused in part by malware directed to more than 10 million Internet-connected devices, including DVRs, thermostats and closed-circuit video cameras. It caused a distributed denial-of-service attack (i.e., service interruption) that hit in three waves. Dyn, an Internet services company that directs Internet traffic, reported that the attack hit all of its 18 data centers globally. Early reports show that the disruption may be responsible for up to $110 million in lost revenue and sales. Perhaps most troubling is that the group claiming responsibility said the attack is merely a dry run for much larger attacks.

The Magnitude of Cyberattacks Will Rise as the “Internet of Things” (“IoT”) Continues to Evolve

The IoT is a giant network of Internet-connected “things” that include everything from cellphones, manufacturing equipment, utilities, home appliances (coffee makers, refrigerators, lamps, etc.), cars, wearable devices, technology-enabled clothing and anything else that can be imagined. Cisco states that 15 billion IoT devices are in use today, and there will be 50 billion IoT devices by 2020. Never before have so many Internet-enabled devices been in our homes and workplaces, and in the coming years, it will change the way we do business and engage in everyday activities.

Security analysts report that many of these devices do not have appropriate security features, making them a prime target for hackers. Unlike well-established computer servers and smartphones with robust security features, many of the new devices—which are often designed for a specific purpose, at a lower price point, and with a limited product life—have not been fully vetted and their makers may not always engage in rigorous security testing.

Steps Businesses Should Consider to Protect Against the Inevitable Breach

Cybersecurity is now a business necessity because breaches are anticipated to multiply exponentially as more IoT devices make their way into homes and businesses. With the increasing number of devices being connected daily, businesses can no longer delay in preparing for the inevitable breach.

Below are steps that you should consider for your business to ensure you are ready when on the receiving end of a cyberattack:

  • Ensure security gaps are identified and remedied but also ensure that outside legal counsel engages technology consultants on your behalf and that legal counsel works directly with consultants. Doing so may enable businesses to assert attorney-client privilege over the results of technology audits and investigations;
  • Review and update your security program and policies to ensure they are comprehensive and up-to-date;
  • Develop a bring your own device (“BYOD”) policy to address the types of devices employees may connect to your computer systems;
  • Update privacy policies to ensure they are accurate and appropriately convey the business’ collection, maintenance, use and security of consumers’ and employees’ personally identifiable information;
  • Conduct cybersecurity and privacy training for employees. Many breaches are a result of an employee’s mistake or negligence, and policies and procedures are not effective if not known and practiced by the entire workforce;
  • Develop an incident response plan that outlines in detail your business’ response to a cyberthreat to ensure you are prepared to act promptly;
  • Run a mock data breach exercise to practice implementing your incident response;
  • Review and update contracts with third-party vendors to confirm that they are engaging in appropriate security measures to protect your key data assets and to update limitation of liability and indemnity clauses for cybersecurity events; and
  • Review relevant insurance policies and determine what your insurance covers and to what extent. Insurance coverage for cyberattacks and data breaches varies widely from policy to policy, so simply confirming that you have “cyberinsurance” may leave you exposed.

Technology is advancing rapidly, and businesses no longer have the luxury to address cybersecurity at their convenience or engage in limited security initiatives. Taking these proactive steps may help businesses be prepared when the “big one” hits.

For Further Information

If you have any questions about this Alert, please contact Sandra A. Jeskie, any of the attorneys in the Information Technologies and Telecom Practice Group, any of the attorneys in the Cybersecurity Response Team or the attorney in the firm with whom you are regularly in contact.

Politics and Elections in the Era of Cyberwarfare

Unless you are a hermit hiding out in an undiscovered cave, you are well aware that we have been in the thick of an acrimonious and difficult election cycle for the highest office in the land — the Presidency of the United States. Presidential campaigns and campaigns for other elected offices have been a struggle in prior years — given all the competing interests, priorities and strategies that constantly have to be juggled. If that were not enough, now candidates have to deal with the new reality of cyber warfare.

We have been learning from recent press reports that Russia apparently has been active in its efforts to disrupt the current presidential election in the United States. Indeed, according to a recent report by NBC News, Russia’s “cyber-espionage campaign against the American political system began more than a year ago and has been far more extensive than publicly disclosed, targeting hundreds of key people.” Continue reading Politics and Elections in the Era of Cyberwarfare

Are Election Systems Vulnerable to Upcoming Hacks?

One presidential candidate with the initials DT has claimed generally that “the system is rigged” and he has speculated in advance as to whether the election also might be rigged against him. At the first presidential debate, he did say that he would abide by the election result if the candidate with the initials HRC won the election.

But what does it mean to “win”? If the election result is a close one, and if she apparently tallies sufficient popular and electoral college votes to put her over the top, would he concede her victory if there are suggestions of hacking of voting systems? This question is posed because a recent Associated Press article asserts that hackers recently have targeted registration systems in greater than 20 states and cites a Homeland Security Department official for support for this assertion.

Continue reading Are Election Systems Vulnerable to Upcoming Hacks?

The Internet – Latest Addiction

We routinely hear about all sorts of addictions relating to drugs, alcohol, food, and even sex. But what about internet addiction? Is it real, and is it a problem? The answer to both, unfortunately, is yes.

According to a study led by Michael Van Ameringen at the McMaster University in Canada, heavy internet use can exacerbate various mental health conditions, including depression and anxiety, especially among college-aged students. The results of the study recently were presented at the European College of Neuropharmacology conference in Vienna.  Continue reading The Internet – Latest Addiction

The Eighth Circuit Gives Defendants New Ammunition Against Data Breach/Misuse Cases

Since the Supreme Court’s decision in Spokeo v. Robins, courts have begun to ratchet back prior decisions on the minimum standard to plead an injury sufficient to establish Article III standing. The recent Eighth Circuit opinion in Braitberg v. Charter Communications adds to the growing number of cases defendants will rely upon to get data breach cases dismissed at the pleadings stage. Braitberg addressed standing in the context of the retention, use, and protection of personally identifiable information. Although the case did not involve a data breach, its holding is however instructive when defending against such cases.

In Braitberg, plaintiff alleged that he was required to provide personally identifiable information to purchase cable services and that the cable provider improperly retained his information long after he cancelled the services in violation of the Cable Communications Policy Act (“CCPA”).

Prior to Spokeo, such claims would have been sufficient to establish Article III standing because the Eighth Circuit permitted the actual injury requirement to be satisfied solely by pleading that there was an invasion of a legal right that Congress created. The Supreme Court in Spokeo held that Article III standing requires a “concrete injury” even in the context of a statutory violation.

With the benefit of Spokeo’s guidance, the Eighth Circuit acknowledged that Spokeo superseded its prior precedent. Accordingly, the panel affirmed the district court’s dismissal of the complaint for lack of Article III standing and failure to state a claim. In doing so, the panel rejected arguments that CCPA created standing to sue where the defendant merely retained the data in violation of the statute with no other injury. It further rejected an economic argument that retention of the data deprived plaintiff of the full value of the services received from the company.

This decision is important for two reasons. First, the Eighth Circuit further narrowed the scope of allegations that will give rise to Article III standing in a post-Spokeo world. Second, in denying the economic argument, the court cut off an alternative avenue by which plaintiffs have successfully alleged harm.

The Different Layers of the Internet

Most of us regularly use the surface level of the internet. But there are other deeper and darker levels. So, let’s briefly explore three levels of the internet.

First, there is the “surface web.” As you read this blog, you are operating on the surface web. When you access your email, when you tweet on Twitter, when you conduct Google searches, when you listen to Pandora, when you watch YouTube videos, when you buy and sell things on eBay, and when you shop on Amazon, you are utilizing the surface web.

This part of the internet probably is the most familiar to you, so you might think that it comprises the vast majority of the internet. Wrong! According to a recent blog by Vinay Kumar, the surface web comprises only 4 percent of the internet. Continue reading The Different Layers of the Internet

Got Drone? New FAA Regulations: To Infinity and Beyond!

Drones are coming down in price, and they no longer are confined for deployment by military officials and high-level business moguls. So, can you just go out and buy and use a drone, completely unfettered? Sorry, no. Not under new FAA rules. But where there is a will, there is a way.

If you have a business purpose for your drone, you could be fined for using your drone without obtaining FAA approval. However, beginning last week, you can apply for a license by taking a multiple choice exam and by paying a modest fee. Continue reading Got Drone? New FAA Regulations: To Infinity and Beyond!

How to Improve Your Computer Experience

It probably is fair to say that most of us are glued to our computers for a large part of each and every day. Accordingly, how can we improve our computer experience? A good start is to follow eight fairly simple tips, among a variety of other tips that also could be considered.

First, make sure periodically to restart your computer. A restart can cure computer sluggishness. We all have a need for speed, so reboot!

The second tip is not use your keyboard as a plate. You accidentally could spill something that could destroy your computer. Also, computer keyboards host all sorts of bacteria and thus are not sanitary. So, don’t compute where you eat! Continue reading How to Improve Your Computer Experience

Is Your Business Prepared for a Ransomware Attack?

Ransomware attacks are on the rise and expected to reach epidemic proportions. The most publicized attack took place this year at the Hollywood Presbyterian Medical Center when it was forced to declare an “internal emergency” after a ransomware attack locked down its systems. Businesses that are viewed as offering a combination of valuable data and weak security may be seen as attractive to attackers. Some attackers have strictly financial motivations while others may simply be in it for “the data.”

According to Cisco’s Midyear Cybersecurity Report, email and malicious advertising are the primary ways ransomware infiltrates a system. Businesses often pay the ransom but even when paid, files may be lost or altered in ways that could be devastating to the business.

Cisco reports that companies entering into M&A deals often do not conduct enough due diligence on the risk posture of the acquired business and realize their shortcomings after the deal is done, when it is too late to remediate problems or when it’s harder to do so because the networks are intertwined.

What can you do? Robust security is clearly the first step to prevent attacks and that begins with the creation of a comprehensive privacy and security roadmap that addresses high risk areas, compliance gaps and specific tactics for incident preparedness. It is important to involve experienced counsel at the outset to not only advise on the array of federal and state privacy and cybersecurity laws and help develop the policy but also to direct any security investigation so that consultants can report potential vulnerabilities to outside counsel to protect potentially negative findings from discovery in future litigation.

On September 7th, the Federal Trade Commission will begin its series of seminars on new and emerging technologies with a workshop on ransomware.

The Ultimate Impact of Sex Robots

Technology continues to advance to help humans in so many countless ways. And now we are getting to the point that we are not simply dealing with cold machines, but we are dealing with features and contraptions that are becoming quite human.

For example, we can talk to Siri on our Apple devices, and a human voice, programed to our liking by gender and accent, will talk back to us. And when we call all sorts of businesses, we are guided through various prompts by a human voice that is powered by voice activation software. Who knows, is it possible that some people can become smitten by these voices, like the protagonist in the movie “Her”?  Continue reading The Ultimate Impact of Sex Robots