David Turetsky Interviewed by MCC on Cybersecurity Challenges, Practices
The Metropolitan Corporate Counsel has published “Insider’s View on Cybersecurity in the TMT Sector,” an interview with Akin Gump public law and policy partner David Turetsky on cybersecurity challenges and practices facing business and government.
Among the topics covered in the interview:
- Public/private opportunities in cybersecurity: It’s clear that government is not anywhere close to 100 percent effective in securing even its own information. It’s also clear that the vast majority of the critical infrastructure in our country is owned and controlled by the private sector, not by the government. So, the private sector needs to play a leading role in providing cybersecurity because it owns the assets that are at risk, and the government doesn't have all the answers.
- Best practices for business: One important thing a company can do is training. Some don’t do that. Nothing will necessarily keep a determined and capable hacker out, but companies should make it hard. Companies can also consider addressing cybersecurity in their supply chain contracts and insurance policies and should prepare and drill a plan and a response team, among several other steps. This issue can go right to a business’s reputation and success.
- Beating hackers: Nowadays it's understood that some hackers will likely succeed in getting into a company's systems. We currently see efforts to segment systems so that getting into one area doesn't get you in everywhere. Encryption is part of that. So is the kind of monitoring that will spot intrusions faster and enable countermeasures to be taken. Enhanced information sharing may help. Yes, hackers will win some of the time. But there's a lot of proactive work underway – I’ve only mentioned a couple examples – to make that harder.
- Advice for general counsel: I would advise them to take cybersecurity seriously, make sure it is considered at the board level and press the company to be prepared. Preparation is vital. Make sure that risks have been assessed and that a team is in place and, apart from other precautions, that your company has a response plan that is tested. You want to avoid a situation in which you are first hiring consultants or lawyers after the breach occurs and introducing them to your business people and systems. Your team should understand the plan and know something about your systems so they are ready to respond.
To read the full interview, please click here.