Cybersecurity Event with Natasha Kohne Featured in The Oath
Natasha Kohne, co-head of Akin Gump’s cybersecurity, privacy and data protection practice and co-head of the firm’s Middle East practice, was featured in “Blurring the Lines,” an article in the Oath based on a recent discussion organized by the publication and Akin Gump on the topic of “Cyber Security & the GC.”
The article notes that Kohne began the discussion with some observations on current developments in cybersecurity and data protection. “Even though we have seen more awareness of security among organizations,” she said, “attackers have become more sophisticated and some company practices are not effective enough to withstand such breaches.”
Kohne highlighted some recent examples of cybersecurity events that demonstrate the speed at which the industry is moving. They included the battle between Apple and the U.S. Department of Justice over whether the company would develop software to unlock the iPhone used by the San Bernardino, Calif., mass shooter; the EU General Protection Regulation, considered one of the most significant updates to the EU privacy law in the past two decades; safe harbor, a self-regulatory framework for companies to register with the U.S. Commerce Department and certify that their data protection practices were adequate; and the Bangladesh Central Bank cyberattack, in which attackers used malware to get into the system and watch how the central bank withdrew funds from its U.S. account.
Regarding how companies are to decide what level of security they need, Kohne mentioned the internationally accepted National Institute of Standards and Technology framework, which she said “presents key cybersecurity outcomes identified by industry as helpful in managing cybersecurity risk.” She added that California has “one of the most cutting edge privacy and security regimes.”
Kohne told the audience that any data breach should involve a company’s in-house legal staff as well as its IT department. She said, “Lawyers play an important role not just in mitigating a cyberbreach but also once a breach occurs. Once a breach has happened, you should focus on containing, mitigating and remediating the attack as much as possible.” It is also important, she said, to have an Incident Response Plan, which she stressed should be tested regularly through mock-breaches.
Kohne recommended that any compliance framework include a method for dealing with employee-related breaches and she underscored the importance of due diligence of vendors and ensuring effective monitoring and auditing of them.
Kohne concluded by explaining the importance of IT and legal departments working together to mitigate the risks of a future data breach. “Being trained on IT terms can help a lawyer to come up to speed on the IT framework of the company. Lawyers are trained specifically to analyze and distill complicated information – use this skill and legal knowledge to create a comprehensive cybersecurity program for your organization along with the IT department. It is important to have this two-way conversation,” she recommended. “How quickly you respond and remediate can be the difference between a minor breach and a major disaster.”
To read the full article, please click here.