Sep. 27, 2023

The Good, Bad and Ugly of Summer’s Cyber Incidents

Corporate cybersecurity improves, but so do cyber criminals’ techniques, and recent breaches reveal the increased risk that attacks will cause lingering damage. This article dissects the good, bad and ugly aspects of several breaches that occurred or were disclosed this past summer. It also offers five practical threat mitigation recommendations for companies, with insights from experts at BlackCloak, BlackFog and Privacy Ref. See “Recent FTC Cases Highlight Evolving Regulatory Expectations in the Use of Multi-Factor Authentication” (Dec. 14, 2022).

CSRB Report on Lapsus$ Attacks: Moving Beyond MFA, Building Resilience and Mitigating Third-Party Threats

A recently released Cyber Safety Review Board (CSRB) report (Report) reinforces the need for all organizations to take steps to increase their cyber resilience. The Report offers practical cybersecurity recommendations based on its review of the activities associated with the threat actor group known as Lapsus$. With insights from Paul H. Luehr, a partner at Manatt, this second installment of a two-part article series discusses three areas framing the Report’s suggestions, including strengthening identity and access management, mitigating telecommunication vulnerabilities and building resilience. Part one covered key takeaways from the Report, attack techniques used by the threat actors and law enforcement cooperation. See “Four Steps to Secure Open-Source Software After CSRB’s Log4j Investigation” (Sep. 7, 2022).

Changes Brewing for Enforceability of Non‑Compete Provisions

Until recently, common law jurisprudence and legislation regarding non-competition agreements related to employment matters seemed settled. Now, however, the New York State legislature has passed a bill that would ban virtually all employment-related non-competes (New York Bill), and the FTC has announced its intention to promulgate a rule broadly banning non-competes (Proposed Rule). Those proposals represent a fundamental shift in the law governing restrictive covenants in New York. This article analyzes the New York Bill and the Proposed Rule, raises questions about their implications, and explores how they might impact different aspects of non‑compete agreements. For more on the Proposed Rule, see “What Employers Should Know About the FTC’s Proposed Ban on Non-Compete Provisions” (Mar. 8, 2023).

Former Federal Prosecutor and Cybersecurity Professional Joins Nardello

Investigations firm Nardello & Co. has welcomed former federal prosecutor Wendy Wu as a managing director in its Los Angeles office. She arrives from Wallbrook, an intelligence, due diligence and risk advisory consulting firm. For insights from Nardello, see “A Practical Look at the GDPR’s Data Breach Notification Provision” (Jan. 17, 2018).