Professional Documents
Culture Documents
Discovery/Disclosure Safe?
Marlon Hylton,
Cassels Brock & Blackwell LLP, Toronto,
Canada
November 2015
The views expressed in the following material are the
2
What is Cybersecurity?
DEFINITIONS
From a law practice standpoint, “Cybersecurity” is an umbrella term that encompasses multiple
areas of the law, including privacy, insurance, litigation, financial, regulatory, and labour &
employment.
Attorneys (especially those in litigation, property or mergers and acquisitions) process highly
sensitive information—and law firms are notorious for weak security.
Advanced Cybercriminals,
Denial of Service
Persistent Exploits and
Attacks (“DDoS”)
Threats (“APT”) Malware
Employee
Corporate
Domain name mobility and
impersonation
hijacking disgruntled
and phishing
employees
Inadequate
Lost or stolen
security and
laptops and
systems; third
mobile devices
party vendors
Source: Ponemon Institute 2014 Global Report on the Cost of Cyber Crime, published October 2014,
at page 12.
9 | © 2012 Global Association of Risk Professionals. All rights reserved.
slide | 9
The Global State of Information Security Survey 2016
Source: PricewaterhouseCoopers. Jason Green, Best Practices for Data Security and Data
Breach Protocol, ed (2015).
11 | © 2012 Global Association of Risk Professionals. All rights reserved.
slide | 11
The Accidental Insider
Source: PricewaterhouseCoopers. Jason Green, Best Practices for Data Security and Data
Breach Protocol, ed (2015).
Loss of “Crown
Jewels”, IP and trade
secrets
Compromise of
customer information,
Legal and regulatory
credit cards and
issues
Personally Identifiable
Information
Loss of customer
funds and
reimbursement of
changes
• Application whitelisting
Know where you stand • Assess risk profile
• Identify “Crown Jewels”
• Cyber hygiene
Educate and Train Staff • Develop and disseminate cyber policies
• Refresh training
Global Association of
Risk Professionals
THANK YOU
111 Town Square Place
Suite 1215
Jersey City, New Jersey 07310
USA
+ 1 201.719.7210
About GARP | The Global Association of Risk Professionals (GARP) is a not-for-profit global membership organization dedicated to preparing professionals and organizations to make
better informed risk decisions. Membership represents over 150,000 risk management practitioners and researchers from banks, investment management firms, government agencies,
academic institutions, and corporations from more than 195 countries and territories. GARP administers the Financial Risk Manager (FRM®) and the Energy Risk Professional (ERP®)
exams; certifications recognized by risk professionals worldwide. GARP also helps advance the role of risk management via comprehensive professional education and training for
professionals of all levels. www.garp.org.