Latest Articles

In BakerHostetler’s 2017 Data Security Incident Response Report, we analyzed 104 network intrusion attacks that we helped our clients respond to last year. Such incidents typically occur when criminals find a weakness in a company’s internet-facing network, penetrate the network, conduct reconnaissance to find valuable data and export the data before they can be detected and stopped. Our clients were required to notify potentially affected customers or patients in 62 percent of the network…
Banks’ boards of directors must, among other things, understand the risks associated with existing and planned IT operations, monitor risk management, and work with senior bank managers on strategic technology planning. See the Federal Financial Institutions Examination Council (FFIEC) IT Examination Handbook InfoBase. Recent changes in the types of attacks perpetrated by cyber criminal groups and attackers’ increased skill levels have changed how board members should approach these cybersecurity responsibilities. The number of ransomware attacks…
On Jan. 10, 2017, a bipartisan group of five Republican and five Democratic senators announced their support for the Countering Russian Hostilities Act of 2017. Lindsey Graham, one of the senators who announced the proposed legislation, told The Wall Street Journal that he is confident the bill will get overwhelming support.[1] One reporter agreed, stating the bill “has a good chance of being passed in the Senate.”[2] Title I of the Countering Russian Hostilities…
On Oct. 21, 2016, an extremely large distributed denial-of-service (DDoS) attack on Dyn prevented many internet users on the East Coast of the U.S. from accessing websites such as Netflix, PayPal, Spotify and Twitter for several hours. Dyn provides domain name system (DNS) services to other businesses. DNS services resolve web addresses into IP addresses, which is necessary for users’ web browsers to connect with web providers’ servers. The DDoS attack on Dyn was reportedly
When Louis A. Aguilar was a commissioner at the Securities and Exchange Commission, he helped organize the SEC’s March 2014 roundtable to discuss the cyber risks facing public companies. The numerous data breaches that have occurred at public companies, from Target to Yahoo and many more, show that public companies have not yet succeeded in managing cyber risks. On Sept. 22, 2016, Mr. Aguilar presented his current views in a talk titled “The Role of…
In February 2016, attackers stole $81 million from the Bangladesh central bank’s account at the New York Federal Reserve Bank by hacking into the Bangladesh bank’s computer network and sending fraudulent messages through the Society for Worldwide Interbank Financial Telecommunication (SWIFT) payment network. In January 2015, attackers netted $9 million in funds from an Ecuadorian bank through fraudulent SWIFT messages. Information about the attacks and documents from a lawsuit related to the theft from the…
In 31 percent of the data security incidents that BakerHostetler’s Privacy and Data Protection Practice Team helped clients address in 2015, attackers used phishing, hacking and malware to access client data. 2016 Data Security Incident Response Report, 3. Chinese state-supported attackers have long targeted the intellectual property of U.S. businesses. As we discussed in an earlier blog post, U.S. government officials asserted that Chinese attack groups broadened their targets in 2015 to…
The Commodity Futures Trading Commission (CFTC) offered several reasons for proposing five new cybersecurity testing requirements for the commodity trading platforms it regulates in its December 23, 2015, Notice of Proposed Rulemaking: More than half of the securities exchanges surveyed in 2013 reported that they had been the victim of cyberattacks. 80 Fed Reg. at 80140. Attacks increasingly seek to disrupt financial systems rather than just steal data. Id. Survey respondents reported 42.8 million…
Threat intelligence services provide information about the identities, motivations, characteristics, and methods of attackers. See Rob McMillan, Khushbu Pratap, “Market Guide for Security Threat Intelligence Services,” 3, Gartner (October 14, 2014). “Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets to that can be used to inform decisions regarding the subject’s response to that menace or hazard.” Rob McMillan, “Definition: Threat…
U.S. officials have blamed Chinese government-backed attackers for many of the recent cyber attacks on U.S. government and business computer networks: “Researchers and government officials have determined that the Chinese group that attacked the office [of Personnel Management] was probably the same one that seized millions of records held by the health care firms Anthem and Premera.” U.S. Was Warned of System Open to Cyberattacks (The New York Times, June 5, 2015). According to a