In our Seat with an Expert video series, A&M Disputes and Investigations practitioners highlight key trends and developments in global disputes, investigations and compliance, forensic technology, and cybersecurity and provide expert analysis and insights into key issues affecting companies worldwide. 

In this video, cybersecurity expert and Head of A&M's Global Cyber Risk and Incident Response Services practice, Rocco Grillo, provides insights into these key issues:

• What threats and risks are organizations trying to tackle today?
• What are best practices for increasing cyber resiliency?

*Chambers and Partners recognized Alvarez & Marsal in the 2022 Cybersecurity Risk guide.

Transcript:

The threats and risks that companies are trying to tackle today continues to evolve. In the past, the main focus was on protecting the data and data breaches. This still continues to be one of the main pieces that companies are after, but the way that attacks have continued to evolve, including ransomware attacks on infrastructure, business operations, business disruption, requires companies to continue to look at where exposures are and what risks that they may have, especially as companies continue to evolve and leverage different types of technologies and innovations. Likewise, many companies want to get the leg up on their competitors, to deliver that proverbial customer experience, but it can't be at the expense of security.

Cyber resilience is something that companies have been trying to tackle for the last decade and it really starts with understanding what you're trying to protect. Many times, when I work with companies that want to develop an incident response plan, they want to have playbooks if that situation were to occur. But before companies can get there, they really need to have that framework that is the foundation of their cybersecurity program.

What are the controls that they have in place to protect their assets? What exposures do they have? In the event that the controls protecting their assets, or as we like to say, “crown jewels” are circumvented or any accepted risk exposures are exploited, what's their plan? How are they going to respond to it? We've always said it's not the end of the world if a company suffers an incident, what's more important is how quickly they recognize it, respond to it, contain it, and restore normal business operations and limit the damages.

The next piece is having that incident response plan in place and like anything testing the muscle memory by conducting simulated cyber-attack exercises against these potential exposures. And then following from that companies need to review lessons learned. They need to understand that it's not just about to technology, but collectively people process and technology: getting out to the endpoints as well conducting compromise assessments. What are the potential situations that are out there? It's not necessarily if, but when, and at the same time going through those compromise assessments and doing proactive investigations.

Further at the executive level, cyber awareness from boards and executive teams are at an all-time high. We need to continue advising the boards, the executive teams and let them know what their risks are not only if they're exploited but what is the plan in the event there's a compromise. The contingency planning is critical.