Manatt Privacy and Data Security Partner Paul Luehr was quoted in the Cybersecurity Law Report, where he discussed the Cyber Safety Review Board’s August report (Report) on the 2021 and 2022 cyberattacks associated with Lapsus$ and offered advice to address similar threats.
In the first installment of the two-part article series, Luehr reviewed key takeaways from the Report, the attack techniques used by the actors and critical areas addressed in the Report. He explained that the Report provides a snapshot of the weaknesses that the actors took advantage of in their attacks, noting, however, that the Report should not be considered a “complete security roadmap.” Luehr noted that a “full cybersecurity program should include 20 to 30 policies, a sound governance structure, experienced professionals, advanced technology, adequate funding, and well-trained staff.”
The second part of the series focused on additional areas discussed in the Report’s suggestions, such as strengthening identity and access management, mitigating telecommunication vulnerabilities and building resilience. Luehr also offered practical takeaways to help organizations and their employees avoid falling victim to these types of cyber threats. “We need to train employees to recognize social engineering techniques, and engage staff, executives and even the Board in regular table-top exercises so they can practice their response to changing threats,” he said.
Cybersecurity Law Report subscribers can read the complete part one article here and the complete part two article here.