Lessons From CISA for In-House Counsel on Mitigating and Managing MSP Breach Threats

With the increase in cyberattacks and publicly available guidance, including the Cybersecurity and Infrastructure Security Agency’s (CISA) most recent alert on protecting against cyber threats to managed service providers (MSP) and their customers, there is likely to be more judicial and regulatory scrutiny when an attack occurs focused on what happened, how the issue was fixed and what steps are being taken to prevent future attacks. In this guest article, Lowenstein Sandler partner Kathleen McGee and law clerk Bonnie Schipper discuss the CISA alert’s MSP cybersecurity recommendations, and offer additional advice on managing legal obligations, business implications and privilege issues that can arise in the event of a cyberattack. See “Implementing NSA-CISA-FBI Advisory Mitigation Tactics for Vulnerabilities Exploited by Russia” (Apr. 28, 2021).

To read the full article

Continue reading your article with a CSLR subscription.