Locke Lord Chicago Partner Molly McGinnis Stine and Of Counsel John Kloecker were quoted throughout The Legal Description’s 2015 Cyber Security Special Report addressing a number of cybersecurity issues including the need for a national standard in regulation for cybersecurity and the evolution of cyberthreats.
Kloecker addressed the regulation issue by stating: "It's becoming increasingly apparent that we need a baseline standard or some sort of universally accepted standard for cybersecurity. That is very difficult because the technology changes so rapidly. I think one of the reasons we are seeing state attorneys general and other regulators try to respond to this in so many different and varied ways is because we don't have that baseline standard yet, and it's driving innovations and varied responses from the regulatory community and the private insurance community."
McGinnis Stine addressed the same regulation and legislation issue by addressing the overlapping interests of various industries, "noting that a wide range of regulators have a stake in strong cybersecurity. For instance, the Federal Aviation Administration is interested in the cybersecurity of the airline industry and the Food and Drug Administration is interested in medical device manufacturers." McGinnis Stine continued by saying that the issue would not be an easy fix as "regulators and interested parties are going to have to wrestle with whether to make a baseline standard of one-size-fits-all, or whether there should be a range of standards depending on the size of the company and what industry they operate in."
The lawyers also addressed the evolution of evolution of the cybersecurity environment with increased data breaches in the government and major companies. McGinnis Stine noted that "not only are cyberthieves getting advanced at an increasingly rapid pace, but their goals are shifting as well." She went on to state that “although much hacking activity is for financial gain of some sort, there are other kinds of intruders. Someone might want to prove they can get into the company’s system. There is also an increase in hacktivism."
Kloecker commented on the increased breaches by addressing spoof emails that are threats to a company. "If the email looks authentic, oftentimes the junior person will comply and transfer the money," Kloecker said. "This combines the elements of a system intrusion — in terms of having some sort of credentials or access into your system — and social engineering — in knowing what type of email a person will respond to within your organization and do something that is not in your best interest."
To read the 2015 Cyber Security Special Report in full, download a version on the The Legal Description.