In-House Attorneys Panic Over Cyberattacks and Damage Control

By Jonathan R. Tung, Esq. on November 02, 2015 | Last updated on March 21, 2019

The Association of Corporate Counsel recently met to discuss pressing in-house counsel concerns and issues. What took center stage? Cybersecurity and damage control.

Threats from cyberhackers has increasingly been the headache of general counsel from companies large and small. And if you think that this party was American invitees only -- think again.

The annual meeting of the Association revealed that companies are biting their nails over cyberattacks how to handle a crisis at their firms. The North Korean attack of Sony was cited as an example of "learn from other's mistakes" and cautioned in-house attorneys to be ready for other similar attacks on law firms. Overall the meeting was a chance for IH across the planet to learn the latest in defense techniques.

Passage of an Obsolete Law

It doesn't look like corporations are going to get any help from the federal government. CISA -- or the Cybersecurity Information Sharing Act -- was passed relatively recently and guess what - it's obsolete. Or rather, it's staying obsolete.

The bill that would eventually become CISA was first proposed a little more than four years ago. And it bounced around in legislative limbo, lurching about on Capitol Hill over minutiae concerning privacy concerns and corporate throttling. But by the time it finally became law, technology had advanced so much that the security protocols envisioned by legislators back then look to be today's equivalent of the 3-number combo lock. It's as if the Code of Hammurabi were signed into law. Ludicrous.

Time to "Feel Good"

Commentators note that the just passed law would have been completely helpless to parry the North Korean cyberhacking of Sony; and it would have been equally useless against the Chinese hack of 5.6 million (repeat that number to yourself) federal employees' fingerprints.

Senator Ron Wyden says it best: "We're talking about feel-good legislation," he told the NY Times. He further went on that other officials dismissed the CISA's efficacy as "so 2009." Well, that's encouraging to say the least.

Unfortunately, however, there unless IH lawyers also have a degree in computer science, there doesn't seem to be much that lawyers can do. Still, that doesn't excuse you from implementing best practices to prevent cybersecurity attacks. Cybersecurity of law firms will be opportunities for whole new levels in information management for IH and their clients.

Related Resources:

Copied to clipboard