October Cyber update from the Office of Rob Kleeger

Oct 14, 2022 7:17 pm

,


I hope this email finds you and your loved ones safe, secure, and healthy.


Here we go - the final end-of-year stretch. Thankfully, the students are Back to School, time to enjoy the Cool Fall mornings and evenings by the fire pit, and the lawns are green again.


Like many of you, I have gotten comfortable with the life balance the pandemic brought. That said, I want to begin my goal of getting back in front of my past referral relationships, educational lunch and learns, and connecting good people with good people in general...


Please reach out to schedule a breakfast, lunch, drink, and/or dinner meeting if you are in NJ.


All the best,

Rob Kleeger

1010101001010111010101100010100101010010101

Words of Wisdom:

“People calculate too much and think too little.” ― Charles T. Munger

CURRENT DATA SECURITY NEWS:

Microsoft Warns of New Zero-Day; No Fix Yet for Exploited Exchange Server Flaws

Microsoft released updates to fix at least 85 security holes in its

Windows operating systems and related software, including a new zero-day

vulnerability in all supported versions of Windows that are actively

exploited. However, noticeably absent from this month's Patch Tuesday are any

updates to address a pair of zero-day flaws being exploited this past month.


Student Loan Servicer Nelnet Faces Class Action Over Data Breach

In less time than the Client notification take place, Plaintiff lawyers filed a putative class action commenced against Nebraska-based student loan servicer Nelnet Servicing, LLC over an apparent data breach. The complaint was filed by named plaintiffs who were among the 2.5 million account holders whose personal data were allegedly affected by the Nelnet ncident. In short, Plaintiffs’ legal claims fall under theories of negligence, breach of implied contract, unjust enrichment, breach of confidence, invasion of privacy, violations of various state consumer-protection and data-protection statutes, and injunctive relief.


Are you annually and independently reviewing how their people are doing overall on cyber security hygiene?

If you happen to be a person whom this causes concern about your PII or you or you know someone that owns/operates or is a decision maker at their company or organization... I am offering a 30 min discussion that may benefit you greatly and may provide you with the information to make an informed decision.


1010101001010111010101100010100101010010101


CURRENT LEGAL CASE UPDATES:

Uber's Former Security Chief Convicted of 2016 Data Breach Cover-Up

Uber's former chief security officer was convicted of federal charges for illegally covering up the theft of Uber drivers' and customers' personal information in 2016. Joe Sullivan was originally charged in 2020 with obstruction of justice and misprision. He was convicted on both counts on October 5, 2022.


This comes five years after Uber CEO Dara Khosrowshahi issued a statement acknowledging that in late 2016, hackers had broken into the ride-hailing giant's infrastructure and stolen 57 million customer and driver records. At the time, Sullivan was consequently fired as a result.


Sullivan's conviction comes weeks after Uber was compromised again. This time, the tech gianblamed the Lapsus$ group for the breach.


Busey Bank v. Michael G. Turnery, et al.,

Some lawyers and companies would think that if an employer presents specific evidence that former employees emailed, printed, or took copies of customer lists, that evidence used to establish that those former employees misappropriated those trade secrets was enough for purposes of defeating summary judgment. Well the U.S. District Court for the Northern District of Illinois Judge Sara Ellis concluded that it was not enough since “mere possession of trade secrets does not suffice to plausibly allege disclosure or use of those trade secrets, even when considered in conjunction with solicitations of former clients.” A link to the opinion can be found here


J.D., et al. v. Price, et al., 2022 U.S. Dist. LEXIS 137916 (W.D. Pa. 8/3/22)


The U.S. District Court for the Western District of Pennsylvania recently denied a motion in limine seeking to permit live testimony by video at a jury trial. FRCP 43(a) provides that “[f]or good cause in compelling circumstances and with appropriate safeguards, the court may permit testimony in open court by contemporaneous transmission from a different location.” (emphasis added).


The court noted that in-person proceedings are strongly favored because, inter alia, live testimony enhances the fact finder’s ability to assess the credibility of witnesses. The court explained its view that “[t]he world, the country, and the Court are not in the same position as in early 2020 when video technology first came into use in response to the pandemic. [m]uch, if not most, of society has returned to normal, reconciling itself to the fact that the novel coronavirus has become one of the many viruses that circulate in endemic cycles and [t]here is no reason to presume that court proceedings are more hazardous than the rest of our re-opened society.”


This is one of many cases that provide that with the circumstances of the Covid-19 pandemic changing and courts relaxing their Covid-19 precautions, courts may be less willing to allow live testimony by Zoom or similar technology at trials and other evidentiary proceedings.

1010101001010111010101100010100101010010101


CYBER SECURITY TIPS OF THE MONTH: 

October has only one spooky day...Halloween.

image

Did you know that since 2004, the President of the United States and Congress have declared October to be Cybersecurity Awareness Month. That's a whole month to scare you, if you don't pay attention!


Being in the business of reactive and proactive data forensics and data security for over 2 decades, every day is scary...which is how we differ from most firms selling cyber security (whatever that means)!


My Suggested Tips Always:

  • Build a Strong Cyber Security Culture
  • Develop a "reasonable and defensible" InfoSec Program which may need to meet regulatory or compliance standards
  • Always know the risk method to make informed business decisions
  • Implement the "minimum" cyber hygiene:

+Strong Passphrases

+Multi-Factor Authentication

+Encryption (at rest/in transit)

+Confirm and Verify your People, Process, & Technology adhere to the correct Risk Profile, Identify Overall Gaps, Reprioritize and Remediate - REPEAT ANNUALLY!

  • Budget More every year until you hit the above standards
  • Prepare for the worst AND Hope for the best


DISCLAIMER: Hope is NOT a Strategy!


1010101001010111010101100010100101010010101


Did you know that Digital4nx Group was recognized by Enterprise Security as one of the Top Ten Digital Forensic Services companies in 2022.

image

"Being acknowledged as a leader in the industry is a great honor. In addition to the award, Enterprise Security featured Digital4nx Group and me in an article in their publication in print and online." - Rob Kleeger (Managing Director)



If you are an attorney who litigates, know one, or are a responsible business executive that's ass is on the line if a data breach occurs, I would love an explorator call or introduction!

Please share the above information with those people or arrange an introduction. Look forward to seeing you in the flesh!

DON'T FORGET ABOUT US:

Digital4nx Group provides a blend of legal and technology services where we systematically identify, preserve, extract, analyze, and interpret digital evidence.


Our services are commonly used to:

  • React and respond by providing litigation support services for plaintiffs or defendants, as well as providing expert testimony and consulting, both in and out of court.
  • Proactively identify and provide insights on how to better secure your confidential data, technology, and compliance.

image

Cyber Security Services

Cyber incidents can be damaging to an organization, both in the short and long term. Digital4nx Group ​helps business leaders protect their “crown jewels” through reasonable, defensible, and cost-effective​ ​services... Before, During, and After a Data Incident! We offer a multi-disciplined approach to cyber services such as:


 

Comments