Navigating Cyberattacks: Q&A with a Cyber Breach Coach
Coughlin joined Joan Woodward from the Travelers Institute, Ernesto Ballesteros from CISA and Rehman Khan from Travelers in San Antonio.
With increasingly sophisticated cyber threats, organizations are finding themselves in the crosshairs of malicious attacks from bad actors. To underscore the critical importance of proactive cyber readiness, the Travelers Institute® hosts a series of live, in-person educational symposia as part of our Cyber: Prepare, Prevent, Mitigate, Restore® initiative.
Government and industry leaders, including Mullen Coughlin LLC, an international law firm specializing in data privacy and cyber incident response, join Travelers cyber experts to educate attendees on the evolving threat landscape and offer insights and strategies to help organizations prepare for and effectively manage cyber incidents.
We turned to Jennifer Coughlin, Founding Partner and Managing Member at Mullen Coughlin, to further understand the challenges and nuances of cyber incident response and the role of a cyber breach coach.
Can you tell us about your firm and its specialized focus on data privacy and cybersecurity?
Jennifer Coughlin: At Mullen Coughlin, we have over 130 attorneys and experience in handling tens of thousands of cybersecurity events. Our attorneys specialize in proactive data privacy and cybersecurity advisory compliance, reactive cybersecurity incident response and regulatory investigation and litigation defense. We rely on our unparalleled experience to counsel organizations through a cybersecurity event impacting the security of their systems and data.
In addition to helping organizations navigate the investigation and response to cyber events, we recognize the need for awareness around strong defensive measures and strategies for incident response before a cybersecurity event occurs. One of the ways we do this is by partnering with the Travelers Institute to help educate organizations on how they can increase or boost their cyber readiness.
What is the role of a cyber breach coach in incident response?
JC: We leverage our vast experience and global partnerships to get our clients through the investigation and mitigation process as quickly and efficiently as possible in the most cost-effective manner. As cyber breach counsel, we bring in the necessary supports like forensic investigators, law enforcement, public relations and more. We rely on these partners to understand the nature and scope of the incident, whether it’s ongoing and what information may be at risk, so that we can provide counsel to organizations on legal, regulatory, contractual or other obligations they may have as a result of the incident.
Can you describe a typical first call from an organization that has experienced a cyberattack?
JC: Not all businesses know what to do when they discover a cybersecurity event impacting the security of their systems and data. We encourage organizations to contact us even if they aren’t sure an event has occurred. We always start by triaging the situation with the organization to find out what they’re experiencing and what they know so far. The sooner we can get involved, the earlier we’ll be able to determine whether an incident requires involvement of other parties, such as law enforcement and a forensic investigation firm, for investigation and response.
How long does it usually take to resolve a cyber incident?
JC: With some cyber incidents, there are standard containment steps an organization can quickly take; however, there is no one-size-fits-all incident response, and therefore no one-size-fits-all resolution timeline. Our goal is to help organizations navigate the investigation as quickly as possible, but depending on the type of incident, the timeline for full containment and eradication can vary.
Containment is only one part of the incident response effort. Depending upon the event, the impacted organization and the data at risk, there may be additional time needed to provide required notifications to individuals, regulators, consumer reporting agencies and others. An organization may also find itself in the midst of a regulatory investigation or litigation relating to the event, which can take time to resolve, too.
How does your team of cyber breach coaches stay up to date on the latest in cybersecurity and data breach prevention?
JC: The legal and regulatory landscape is constantly evolving. To remain the thought leader in this space, we are not only monitoring pending legislation, reviewing governmental guidance and familiarizing ourselves with the law, we are also leveraging our experience in handling tens of thousands of cybersecurity events to counsel organizations. Additionally, we have strong relationships with state, federal and international law enforcement that help us remain knowledgeable about cybercrime tactics and the investigatory supports available from the U.S. government.
What trends have you observed in cybercrime in recent years?
JC: In the past, ransomware has been the top cyber threat to organizations. While ransomware should remain as a top concern, we’ve seen an evolution in attack tactics utilized by cybercriminals. We’re seeing more and more ransomware threat actors forgo encryption of information systems as part of the attack. Instead, they may focus on exfiltrating sensitive data from an organization’s systems and extorting the organization for payment to prevent the release or publishing of that data. Over the past 24 months, we’ve observed business email compromise – frequently with a wire fraud component – taking the top spot.
Additionally, since 2020, it has become apparent that many organizations rely on vendors for the security of their systems or the secure storage and use of their data. We’ve all seen how when a vendor has a cyber event, this can simultaneously impact thousands of organizations. Those organizations, however, still own the data and are responsible for notifying their customers of a breach in the vendor’s systems, or ensuring that notifications provided by the vendor on their behalf satisfy legal notification obligations arising from the incident.
How can organizations improve their strategies for cyber readiness?
JC: As part of the Travelers Institute cyber symposia, we discuss five cybersecurity readiness practices. Performing regular system updates and using multifactor authentication (MFA) as well as endpoint detection and response (EDR) can help prevent evolving cyber threats. Having reliable backups and an incident response plan (IRP) in place could help organizations get up and running more quickly after a cyberattack.
We also recommend developing and enforcing a vendor management program that ensures strict scrutiny around your vendors’ cybersecurity strength level. Organizations should be aware of their vendors’ data use and retention policies and require immediate notification of an event potentially impacting the security of the organization’s systems.
To learn more from Mullen Coughlin, and get critical information about cyber threats and tips to help strengthen your organization’s cyber resilience, find a Cyber: Prepare, Prevent, Mitigate, Restore event near you.
Related Content
Experts Highlight Five Key Practices to Increase Your Cyber Readiness
Take a deep dive into the five key cyber readiness practices and tips experts shared during the spring/summer leg of our cyber tour.
Using Travelers Cyber Readiness Practices to Defend Against the Three P’s
With so many means of attack available to cyber threat actors, organization and IT leaders must understand how attacks happen.
Do You Need a Data Breach Coach?
How can a data breach coach help your business respond to data privacy incidents? Visit Travelers.com to learn what you need to know.