Luke Dembosky – Page 3 – Debevoise Data Blog

CISA

Emerging Cybersecurity Standards for Critical Infrastructure – Lessons from Recent Goals Released by CISA and NIST

By: Luke Dembosky, Avi Gesser, HJ Brehmer and Andres S. Gutierrez October 8, 2021

On September 22, 2021, the Cybersecurity and Infrastructure Security Agency (“CISA”) issued its preliminary cybersecurity performance goals for critical infrastructure. These voluntary goals, which were initially announced in President Biden’s…

Enforcement

OFAC’s Ransomware Advisory Part 2 – How Banks Can Reduce Their Sanctions Risk for Client Cyber Ransom Payments

By: Luke Dembosky, Avi Gesser, Satish Kini, HJ Brehmer and Scott M. Caravello October 4, 2021

On September 21, 2021, the U.S. Department of the Treasury’s Office of Foreign Asset Control (“OFAC”) released an updated advisory (the “Advisory”) on the sanctions risks associated with facilitating ransomware…

Enforcement

Improved Cybersecurity Can Mitigate Sanctions Risk and Other Takeaways from the Latest OFAC Advisory on Ransomware

By: Luke Dembosky, Avi Gesser, Satish Kini, HJ Brehmer and Sarah Q. Smith September 23, 2021

On September 21, 2021, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) issued an updated advisory (the “Advisory”) on sanctions risks associated with payments to threat…

GDPR

European Data Protection Roundup – July

By: Luke Dembosky, Christopher Garrett, Friedrich Popp, Robert Maddox, Fanny Gauthier, Martha Hirst and Christina Heil August 5, 2021

European Data Protection Roundup – July Key takeaways from developments this July include: a blockbuster €746 million fine against Amazon – the largest ever GDPR penalty – showing the Regulation’s…

Automated Decision Making

Effective Access Controls, Timely Breach Notification, and Other Takeaways from the Latest NYDFS Cyber Resolution

By: Luke Dembosky, Jeremy Feigelson, Avi Gesser, Jim Pastore, Johanna Skrzypczyk, Christopher S. Ford, Parker Eudy and Mengyi Xu April 15, 2021

On April 14, 2021, the New York State Department of Financial Services (the “DFS”) announced that its cyber enforcement action against National Securities Corporation (“National Securities”) has been resolved by…

Cybersecurity

The SEC’s Cybersecurity Priorities for Registered Investment Advisers – Looking Back to Anticipate the Road Ahead

By: Jim Pastore, Avi Gesser, Luke Dembosky, Jeremy Feigelson, Mengyi Xu and Tricia Reville March 11, 2021

Earlier this week, Debevoise published an overview of the SEC’s Division of Examination Priorities for 2021. Today, we’re taking a deeper dive into one aspect of those priorities: cybersecurity as it…

Cybersecurity

First Resolution by the DFS Under Its Cyber Rules Highlights the Risks of Inadequate Cyber Investigations and the Importance of Satisfying State Breach Notification Obligations

By: Luke Dembosky, Avi Gesser, Jim Pastore, Christopher S. Ford, Alexandra Mogul and Sarah Q. Smith March 8, 2021

Last year, we discussed the first enforcement action brought by the New York State Department of Financial Services (“DFS”), which involved charges against First American Title Insurance Company. That hearing…

Litigation

Court Chips Away at Privilege Protections for Cyber Forensic Reports

By: Jim Pastore, Luke Dembosky, Jeremy Feigelson, Avi Gesser, Corey Goldstein and Mengyi Xu January 14, 2021

On January 12, Judge James Boasberg of the U.S. District Court for the District of Columbia granted plaintiff Guo Wengui’s motion to compel production of a report (the “Report”)—and related…

Cybersecurity

Banking Agencies Propose 36-Hour Data Breach Reporting Rules for Significant Incidents

By: Jeremy Feigelson, Avi Gesser, Jim Pastore, Luke Dembosky, Satish Kini, David Portilla, Gregory Lyons, Zila Reyes Acosta-Grimes, Courtney Bradford Pike, Alex Henry, Alexandra Mogul and Amy Aixi Zhang January 12, 2021

On January 12, 2021, the Federal Deposit Insurance Corporation (“FDIC”), the Office of the Comptroller of the Currency (“OCC”) and the Federal Reserve Board (“FRB”) (together the “Agencies”) published a…

Cybersecurity

The Rise of DDoS Ransom Attacks – How to Prevent and Respond

By: Luke Dembosky and Avi Gesser December 17, 2020

We have recently written about the persistence of the four most common varieties of cyberattacks: Ransomware, Phishing, Business Email Compromises, and Credential Stuffing, as well as the increased regulatory scrutiny that companies face…