May 26, 2020

The Verizon 2020 Data Breach Investigations Report ("DBIR") is here.  In this 13th DBIR, Verizon analyzed a record total of 157,525 incidents, of which 32,002 met their quality standards and 3,950 were confirmed data breaches. 

Before we dive into some the data, here are some helpful definitions:

  • Threat actor: Who is behind the event? This could be the external “bad guy” that launches a phishing campaign or an employee who leaves sensitive documents in their seat-back...

May 8, 2019

The 2019 DBIR is finally here!  Some interesting items at first glance:

– 32% of breaches involved phishing

– 33% included Social attacks

– 43% of breaches involved small business victims

– 34% involved Internal actors

– Figure 21, page 14. In sanctioned phishing exercises, click rates are down to 3% (a good sign, but one just one click can be devastating)

– Golf analogy on page 20

The gray box on page 14 (social engineering) is also interesting: "Research points to users being significantly mor...

April 30, 2019

The Sedona Conference Working Group 11 on Data Security and Privacy Liability (WG11) publishes commentary on the application of the attorney-client privilege and work product doctrine protections in the cybersecurity context.

. . .

The Sedona Conference Working Group 11: The Sedona Conference Commentary on Application of Attorney-Client Privilege and Work-Product Protection to Documents and Communications Generated in the Cybersecurity Context, Public Comment Version

#Cyber #Cybersecurity #DataBrea...

August 10, 2018

In the United States, data breaches are at an all-time high.[1]  Thankfully, advances in technology are making it increasingly more difficult for hackers to exfiltrate sensitive data from secure networks.  While technological safeguards provide a necessary element of protection, standing alone, they still remain an incomplete solution.  Companies should also implement robust administrative and physical controls to adequately safeguard valuable data (and corporate reputation).  Regardless, as com...

November 26, 2017

In 2012, Robert Mueller famously professed, “I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.”[1]  While that statement still rings true five years later, governing bodies are continuing to work diligently to enact laws that place heightened scrutiny on corporate data security measures.[2]  As a result, proactive and reactive data...

October 31, 2017

Massive data breaches are frequently making headlines. It’s a chilling reality: Hackers are stealing personally identifiable information (“PII”) from corporate networks and selling it on the dark web.[1] Hackers may also decide to encrypt corporate files until the company pays a ransom (usually in cryptocurrency).[2] This is as true for the Fortune 500 as it is for smaller businesses.[3] Just recently, around 143 million Americans were affected by the Equifax data breach, which caused many to fr...

Please reload

About CyberJudicata

Welcome to CyberJudicata an informational blog/website focusing on cybersecurity and privacy issues, including cyber policy, data breach, incident response, data security, regulatory compliance, and cyber insurance.

CyberJudicata is published by Joshua Duvall, managing partner at Matross Edwards, a law firm providing government contracts and cybersecurity legal services to small and mid-sized businesses.

Contact Matross Edwards

www.MatrossEdwards.com

info@MatrossEdwards.com

202.854.9959

Search By Tags
Connect
  • Matross Edwards
  • LinkedIn
  • Twitter

Copyright © 2020 Joshua B. Duvall. All rights reserved.

CyberJudicata™ #cyberjudicata

LegalJudicata™ #legaljudicata

GovConJudicata™ #govconjudicata