Cybersecurity Resource Center

“Emerging cyber threats require engagement from the entire American community to create a safer cyber environment—from government and law enforcement to the private sector and, most importantly, members of the public.”

– the Cybersecurity and Infrastructure Security Agency (“CISA”)

There’s no question that the pandemic has increased companies’ vulnerability to cyberattacks. More companies’ employees are working remotely, and thieves are leveraging that change—as well as public fear—to conduct hacking campaigns. Some of the more common attack methods include:

• Ransomware: Ransomware has exploded. While 2020 has been dubbed the year of ransomware, 2021 looks to be even worse. Organizations of every type and every size are being impacted.
• Business email compromises: Email compromises trick employees into making fraudulent business payments, often by compromising the account of and impersonating a colleague or vendor.
• Malicious apps: People working from home tend to jump among personal and company-owned devices. Meanwhile, more and more fraudulent mobile applications are being added to app stores, where they can be downloaded and compromise users’ devices.
• Videoconference bombing: Because employees have been working remotely and have not been able to meet in person, the use of videoconferences has risen significantly. So too has the disruption of videoconferences with pornographic, hateful, or threatening images and content.
• Scams and fraud targeting individuals: The FBI warns of social media messages, emails, and phone calls that seek to scam people for money, or to phish account access, under the guise of purported COVID-19 testing, financial relief efforts, or medical equipment.

Morrison & Foerster is uniquely positioned to provide insight and counsel on the various facets of cyberattack preparedness and response. Our market-leading Global Privacy + Data Security team has decades of collective experience helping clients navigate these and other pressing issues. Visit our new Privacy + Data Security Litigation practice page to learn how our team can help your company with potential litigation arising from a breach.

Webinar

Anatomy of a Ransomware Attack

National and global ransomware cases continue to come to light, allowing us to develop a comprehensive picture of the national and economic security threats we face from ransomware groups.

Client Alert

Another Court Decision Underscores the Importance of Preserving Attorney-Client Privilege and Protecting Work Product for Incident Response Work

The decision from the U.S. District Court for the Middle District of Pennsylvania joined Capital One and Guo Wengui in rejecting a company’s argument that “an investigative report which was created after Defendant was notified of a potential data breach” was protected from disclosure by either the attorney-client privilege or the attorney work product doctrine.

Client Alert

U.S. Congress Introduces Bill that Would Require Mandatory 24 Hour Cyber Breach Notification for Government Agencies, Contractors, and Operators of Critical Infrastructure

The U.S. Congress introduces a new bill in response to incidents like the SolarWinds and Colonial Pipeline hacks, which have put a fresh spotlight on the national security implications of cyber incidents and the need for greater information sharing.

Video

Board Table Top Exercise: A Realistic Ransom-Scenario-Driven Discussion

View the exercise from MoFo’s Privacy and Data Security team, Miriam Wugmeister, Alex Iftimie, Mark David McPherson, Melissa Crespo, Peter Carey, and Mary Race. The panel’s presentation provides a cybersecurity exposure preparedness overview for board members.

Article

Member Spotlight: A conversation with Guillermo Christensen and Alex Iftimie

In this first-of-its-kind Member Spotlight, Christensen and Iftimie spoke with IAPP Staff Writer Joe Duball on all things ransomware, specifically highlighting how personal data can be leveraged and how companies can better equip themselves to face attacks.

Article

Executive Order on Cybersecurity Expands Mandatory Breach Notification and Supply Chain Security Requirements for Government Contractors

MoFo counsel discusses latest EO in response to increased concerns about cyber threats following the SolarWinds, Microsoft Exchange, and Colonial Pipeline incidents.

Client Alert

BIS Releases Interim Final Rule on Export Controls for Cybersecurity Items

The U.S. Department of Commerce’s Bureau of Industry & Security (BIS) published an interim final rule amending the Export Administration Regulations (EAR) and creating new licensing requirements for the export or transfer of cybersecurity items to non‑U.S. persons.

Client Alert

U.S. Government Takes Increasingly Aggressive Actions Targeting Ransomware

The U.S. Government made several significant announcements regarding recent U.S. government actions targeting the ransomware ecosystem.

Client Alert

U.S. Government Responds to SolarWinds Hack, Seeks to Establish New Norms for Cyber Espionage

MoFo partners discuss the US government’s recent changes to its protocols regarding cyber threats in response to the SolarWinds attack.