Topics
Cybersecurity Resources
Blog Post
Rising to the Challenge: Mastering Data Breach Response Amid Ransomware
Corporate ransomware threats have increased in frequency and severity in recent years. Accordingly, ransomware attacks are changing too. To place these developments in context, and to offer recommendations to organisations facing operational and technical challenges in responding to data breaches, FTI Consulting’s Sonia Cheng and David Dunn participated in a panel discussion as part of the International Association of Privacy Professionals (IAPP) Data Protection Congress 2023.
Blog Post
The Day After: Recovering from a Data Breach
Today, data attacks are a fact of life, which makes building your organization’s resiliency and recovery capacities more important than ever. Successful recovery requires a coordinated effort across the Enterprise.
Case Study
Assess & Advise: Pre-Acquisition Cryptocurrency Assessment
FTI Technology’s cryptocurrency experts provide in-depth audit of digital assets, business model and infrastructure in support of due diligence activities.
Blog Post
Ransomware on the Rise: Preventing and Responding to a Cybersecurity Crisis
The threat of ransomware is becoming increasingly worrisome for Latin American corporations and governments. Organizations in Brazil are at an especially high risk, as the country represents the highest share (nearly 50%) of Latin American targets attacked using ransomware. While ransoms average around $170,000, they can reach into the tens of millions. The overall cost of such an attack—across regulatory fines, reputational damage, recovery efforts and legal proceedings—is usually far greater than the payment alone.
Blog Post
It’s Not Over Yet: Addressing Persistent Legal and Regulatory Risks in Remote Work Environments
Earlier this year, we teamed up with Colin R. Jennings, a partner at Squire Patton Boggs, and other speakers on a panel for the Northeast Ohio Chapter of the ACC. Our talk covered the breadth of risks and mitigation strategies that have emerged—and are continuing to create headaches for—legal teams during the COVID-19 pandemic.
Video
The Future of Investigations Part 4: X-Factors
COVID-19 and the global migration to remote work environments, pending vaccine breakthroughs and migration back to physical offices, a growing presence of blockchain and cryptocurrency, moves to digitization and artificial intelligence, a presidential election and global shifts in regulatory priorities – these are just some of the “X factors” that can be difficult to account for as companies assess their compliance and investigative priorities. This webcast will focus on resilient and agile measures that companies can take to efficiently adapt to for unforeseen challenges.
Video
The Privacy Playbook: Protecting Deal Value Through Targeted Privacy Due Diligence
While cyberattacks and breaches grab headlines, privacy compliance issues can be equally damaging to a deal and often reveal themselves only after the close. The growing web of privacy regulations increase the specter of integration challenges in the near term and enforcement actions or litigation in the mid-to-long term.
Blog Post
SEC Cyber Report Focuses on Information Governance Best Practices
In January, the Securities and Exchange Commission (SEC) released its most substantial cybersecurity guidance to date. The report, “Cybersecurity and Resiliency Observations,” was the result of examination findings and research from the last five years, much of which was led by the commission’s Office of Compliance Inspections and Examinations (OCIE). This is the first comprehensive guidance we’ve seen from the SEC’s cyber unit since it was established several years ago. In many ways, it reads as an examination pamphlet—outlining the essential information security practices and programs a financial services institution will need to have in place to stand up against a government raid, inquiry or investigation.
Blog Post
The Most Interesting Cryptocurrency Stories to Close out 2019
Cryptocurrency news heated up at the end of 2019. The second half of the year also brought a wave of new litigations around cryptocurrency misuse, fraud and theft. I expect we’ll see even more of this in 2020, along with a surge of interesting news. Industry watchers can expect a range of cases, from the state level, all the way up to far-reaching cross-border matters, as criminals find new ways to leverage crypto markets to further their malicious interests.
Blog Post
2020 Forecast: Expect Landmark Changes in E-Discovery, Data Privacy and Investigations
Across our practice areas, we asked our experts to share their predictions for what will shape legal, compliance and information governance in the coming year. Below is a roundup—across new laws, emerging technology and key industries—of what they expect will make the biggest impact to businesses worldwide.
Blog Post
Hacking, Extortion and Stolen Coins: Unraveling a Major Cryptocurrency Breach
When one of the world’s largest cryptocurrency exchanges was breached in May of this year, few in the industry were surprised. Cryptocurrency exchanges have long been appealing targets of malicious actors looking to steal currency and personal information. But this recent breach, which will potentially impact tens of thousands of cryptocurrency investors around the world, is particularly unique. The series of events that has unfolded in its aftermath serves as a stark reminder that the criminals looking to profit from this industry are both sophisticated and highly motivated.
Blog Post
Questions Arise Amid IRS Crackdown on Cryptocurrency Investors
In July, more than 10,000 cryptocurrency investors received warning from the IRS that they may owe taxes on improperly reported income. Weeks later, another round of letters were sent to some, outlining the amount of taxes owed for cryptocurrency gains and demands for payment. These letters are likely the tip of the iceberg in a long-anticipated IRS crackdown on crypto income—the latest in a series of government activity in this arena.
White Paper
Given its lawlessness, complexity and lack of transparency, monitoring the Dark Web requires expertise and experience. It is often difficult for organisations due to a lack of highly skilled resources and skillset they typically have available. Instead, companies would be better served by working closely with a technology provider who can provide the relevant support along with assistance in closely monitoring the Dark Web for relevant data using specialist tools and techniques.
White Paper
Advice from Counsel: State of the Union on Data Privacy & Security
The 12th Advice from Counsel study explores how issues of data security and privacy impact in-house legal teams at Fortune 1000 corporations and reveals the top concerns and emerging best practices across three key and intersecting topics: the General Data Protection Regulation (“GDPR”), IG and data security and remediation.
Blog Post
Equifax Breach a Category 4 or 5 Attack, but By No Means Unique
Late last week, we learned that Equifax was breached via a simple web application weakness, and over 143 million consumers’ records were compromised. The bad (worse) news is that this story is not unique, and this is by no means the final chapter.
Blog Post
Evaluating Network Permissions in Investigations
Jim Scarazzo explains how risk, IT, legal and compliance intersect across the many stages of investigation.
Blog Post
ILTA Peer-to-Peer: Skills You Need To Summit the Mountain of Data Challenges
In a recent FTI Advice from Counsel study, 76 percent of respondents said that while they do have information governance programs in place, initiatives ranged across 30 different areas of focus. These included data security, budget transparency, efficient records retention, data analytics, compliance, risk prevention and optimizing data for litigation needs, and underscore the difficulty many legal teams have in focusing their IG efforts.
Blog Post
FTI Shares Information Governance Philosophy in Cybersecurity Law & Strategy
One of the most meaningful elements of information governance is how it can drive the differentiation of data types and enable stronger security protocols around a corporation’s most sensitive data.