Heading 1

You can edit text on your website by double clicking on a text box on your website. Alternatively, when you select a text box a settings menu will appear. Selecting 'Edit Text' from this menu will also allow you to edit the text within this text box. Remember to keep your wording friendly, approachable and easy to understand as if you were talking to your customer

TAG Cyber Law Journal

January 2020
There may be no way that companies can prevent them, but lawyers can use the occasion to beef up security.    
Featured on the webcast (clockwise from top left): Chris Colvin, founder of In The House; Prudential’s Erez Liebermann; David Hechler
By David Hechler
WE RAN AN INTERVIEW WITH EREZ LIEBERMANN back in November. I thought it was one of our strongest articles. Liebermann had worked for nearly a decade at the U.S. Attorney’s Office in New Jersey, where he oversaw the cyber section, and he now leads the cybersecurity and privacy program at Prudential Financial. He had a lot to say about, among many other topics, how the public and private sectors can work together on cybersecurity. And how he tries to ensure that his company is safe.
     We knew that the interview would go well because we’d worked with him on a webinar for the ACC Foundation’s Cybersecurity Summit last year. But we had no idea when we scheduled another talk with him for January 9, that it would happen to fall just six days after Maj. Gen. Qassim Suleimani, the second most powerful man in Iran, was killed by a U.S. drone.
     Iran had countered by firing a barrage of missiles at U.S. troops stationed at an air base in Iraq on January 8. And there had already been a great deal of speculation that Iran would likely launch cyberattacks at a variety of targets, including U.S. companies. So we seized the opportunity to ask Liebermann how companies should prepare.
     He joined me on a webcast on cybersecurity and privacy that I co-host with Chris Colvin, founder of a membership organization for corporate lawyers called In The House. I asked Liebermann what they do at Prudential when there’s an emerging crisis like the one that’s been brewing with Iran.
     “If you look at any crisis—putting aside Iran—when there’s a heightened risk or threat, you’re going to act,” he said. You may need extra resources, like extra hard drives and backups. If there’s an imminent threat in the next few weeks, he continued, then you might say to yourself, “Those things on my checklist that I was going to do, did I do them? Did I line up an outside counsel who specializes in cybersecurity? Do I have a forensics consultant ready to help me? What if I have a major breach? I’ve been saying for years that I’m going to have this great company do all of my outreach and notifications. Did I line them up?”
     Liebermann paused and smiled before he added, “Now I’m happy to say that my answer to all of those questions is yes.”  Other participants on the webcast smiled too, but they looked less confident than Liebermann when they did. 
     Chris Colvin asked Liebermann if any organizations aggregate information for legal departments “to make sure that they’re up to date on best practices.”
     “I don’t have a one-stop shop that I go to,” Liebermann replied. “I visit a number of places.” The U.S. Department of Justice has published reports about incident response planning and cooperating with the government, he noted. The URL cybercrime.gov accesses DOJ’s Computer Crime and Intellectual Property Section, which Liebermann recommended.
     He also praised the NIST Framework. “It’s somewhat technical, but I do think it’s readable,” he said. In his own industry, the Financial Services Sector Coordinating Council (FSSCC) put together what’s called the Financial Services Sector Cybersecurity Profile, “which helps to map the NIST Framework and the regulatory requirements against each other.” 
     “It’s an amazing resource for technical, risk, law and compliance people alike,” he added. “I highly recommend it.”
     Before our webcast pivoted to another topic, Liebermann returned to the idea that a crisis often presents lawyers with an opening. “Let’s suppose, hypothetically, that in some companies you get resistance” to requests for more resources. “And I know that can be true,” he said. “This is an opportunity to say, ‘It’s time to lift that resistance. We have a real threat.’ ”
     And that could make all the difference. “It could be an opportunity that helps lawyers who might have been stuck,” he said. “It’s hard to believe, in this day and age, that cybersecurity wouldn’t get attention” without a crisis. “But I know that sometimes there are competing priorities. This could be a call to arms.”