Jun. 29, 2022

Lessons From CISA for In-House Counsel on Mitigating and Managing MSP Breach Threats

With the increase in cyberattacks and publicly available guidance, including the Cybersecurity and Infrastructure Security Agency’s (CISA) most recent alert on protecting against cyber threats to managed service providers (MSP) and their customers, there is likely to be more judicial and regulatory scrutiny when an attack occurs focused on what happened, how the issue was fixed and what steps are being taken to prevent future attacks. In this guest article, Lowenstein Sandler partner Kathleen McGee and law clerk Bonnie Schipper discuss the CISA alert’s MSP cybersecurity recommendations, and offer additional advice on managing legal obligations, business implications and privilege issues that can arise in the event of a cyberattack. See “Implementing NSA-CISA-FBI Advisory Mitigation Tactics for Vulnerabilities Exploited by Russia” (Apr. 28, 2021).

Present and Former SEC Officials Discuss the Commission’s Latest Examination and Enforcement Tactics and Priorities

Cybersecurity continues to be an SEC examination priority, with three recent cases concerning firms that failed to take reasonable steps to protect client information. We distill insights shared by present and former SEC officials, at the Investment Company Institute’s recent Investment Management Conference, on operations of the Division of Examinations, the potential for more aggressive enforcement activity, the implications of recent enforcement actions involving electronic communications and cybersecurity, and SEC Division of Enforcement’s environmental, social and governance task force. See “Privacy and Security Regulators Discuss New Enforcement Proposals and Compliance Best Practices” (Jun. 15, 2022).

Navigating the Intersection of Digital Assets and AML

Although the largest volume of money laundering takes place using fiat currency, the most money laundering transactions are done using cryptocurrencies, said Peter D. Hardy, a partner at Ballard Spahr, at a recent PLI program. He and cryptocurrency experts from Chainalysis, Element Finance and Solidus Labs examined the rapidly evolving regulatory regime governing digital assets, including the current enforcement environment, sanctions and ransomware, applicability of AML rules to banks and decentralized finance, and digital transaction tracing and investigative techniques. This article distills the speakers’ insights. See “The Evolving Crypto Regulatory Climate” (May 11, 2022).

Debevoise Expands Data Security Bench in New York

Erez Liebermann has joined Debevoise & Plimpton as a partner in the firm’s data strategy and security group in New York. For insight from Debevoise & Plimpton, see “SEC Proposes Cyber Risk Management Rules for Advisers” (Apr. 27, 2022). For insight from Liebermann, see “Data Localization: Cybersecurity Challenges Abound” (Nov. 17, 2021).