Co-Chair of Lewis Brisbois’ Data Privacy & Cybersecurity Practice Kamran Salour was recently featured in a Los Angeles Times B2B Publishing article about cybersecurity risks faced by businesses, and privacy measures that companies can take to protect against these threats.
The article, titled “What Businesses Need to Know About Cybersecurity in 2024,” highlights key insights from Mr. Salour, Kim Klinsport (Foley & Lardner), and Gene Yoo (Resecurity), who address the issue of rising corporate cybersecurity breaches, as methodolgy used by cybercriminals continues to become more sophisticated.
When asked about companies creating an incident response plan, Mr. Salour stressed the importance of avoiding plans that are overtly detailed and complicated, which can render them useless. He said that an effective plan should identify how the organization defines an incident, how it detects and contains it, and when it should be escalated to the incident response team.
Mr. Salour offered guidance for companies analyzing their current cybersecurity measures, such as utilizing third-party experts to bridge gaps, periodically evaluating needs, and make decisions collaboratively. “The IT/security team should work with the business team to implement cybersecurity measures,” he said to the LA Times. “Although a difficult balance to achieve, cybersecurity measures must advance business operations, not hinder them.”
For companies who find themselves victims of ransomware attacks, Mr. Salour advised on engaging a cybersecurity attorney such as himself, and compartmentalize its response into business and legal paths. Immediate steps include stopping the spread of ransomware from disconnecting Internet access, collecting forensic evidence of impacted servers, and remediating the threat before reconnecting servers. He said that a reliable cybersecurity attorney “can help manage communications with employees and customers about the attack and determine the company’s contractual, regulatory and statutory notification obligations.”
The article concludes with key pieces of advice by the three featured cybersecurity experts, and what these trusted advisors tell clients about protection against cyber threats.
According to Mr. Salour, “to adequately protect a business against cyber threats, the business cannot have a singular focus on ‘preventing’ an attack. An attack is inevitable. Of course, a business should take steps to reduce the likelihood of an attack. But an equal focus should be on minimizing the impact of an attack, so if a threat actor does access the environment, the threat actor’s impact is limited.
Mr. Salour focuses his practice on leading his clients through the incident response process. This process includes directing forensic investigations, developing post-incident response notification plans, and responding to regulatory investigations. He also helps his clients assert or defend against claims in state and federal litigation resulting from data security incidents.
Original source can be found here.