Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

PROTECTING CYBER VENDOR SERVICES WITH CYBERLAW

How does this privacy apply to cybersecurity? The rule of the cyberlaw in the protection of cyber vendor services against the risk of litigation exposure. In most countries and most legal systems, the sanctity of the attorney client relationship is guarded by the courts. Without confidentiality and privacy, the system of law can break down […]

PROTECTING CYBER VENDOR SERVICES WITH CYBERLAW

How does this privacy apply to cybersecurity? The rule of the cyberlaw in the protection of cyber vendor services against the risk of litigation exposure.

In most countries and most legal systems, the sanctity of the attorney client relationship is guarded by the courts. Without confidentiality and privacy, the system of law can break down from the lack of trust. Thus, the institution of law protects the privacy of the client relationship in order to promote the integrity and legitimacy of the legal system, which in turn, bolsters the good order and efficiency of other societal institutions.

How does this privacy apply to cybersecurity? Cybersecurity services between vendor and customer, especially the transfer of data, can be protected much like the delivery of other legal services underneath unique legal system privileges.  There is also the added dimension of cyberlaw risk advisory, to correlate technical details with meaningful exposure and compliance analysis. 

The US market is especially sensitive to litigation exposure. This risk would apply to any organization with data exposure in the US.  As we have seen with recent cases in US courts, this exposure risk extends through a company’s supply chain irrespective of a company’s direct data exposure in the US market.

In light of the cyberlaw advantage, why would a customer of cybersecurity services, especially after suffering a cyberattack, leave open to litigation or regulatory risks all its errors and omissions when there are structural protections available from cyberlaw counsel?

cyberlaw 2

More and more, Security Affairs is seeing interdisciplinary approaches to cyber defense, including economics, insurance, risk management, and emergency preparedness.  Adding the problem-solving dimensions of cyberlaw is a welcome addition.

A cyberlaw leader, Doug DePeppe of eosedge Legal, offered an analogy:

“Under the InfoSec ‘CIA Triad’, the objectives of confidentiality and integrity are protected by privacy-wrapping tools like encryption and network security technologies. With these technologies, we seek to maintain the privacy of data. Think of cyberlaw as another privacy wrapper enabled by an institution rather than a technology.”

The cyberlaw model is best introduced up-front during incident response planning and risk assessments.  Trusted advisory, a staple of the institution of law, is another benefit.  Additionally, the cyberlaw model is not limited simply to the delivery side of vendor services.  The entire cyber domain ecosystem can benefit, including in the production of cyber intelligence.

“Cyberlaw differentiation from the standard practice of law has generated interest from White Hats. For one, they often need legal guidance; but additionally, confidentiality enables trust building, legal landscape navigation, and prudent, law-abiding cyber operations. With so much uncertainty surrounding cyber intelligence, we have found that the institution of law is a trust-enabling institution that aids information sharing.”  said Doug DePeppe.

Security Affairs continues to monitor and bring news about emerging interdisciplinary approaches to cybersecurity.  A structural and privacy-enhancing dimension from cyberlaw seems to add an important Best Practice perspective to reduce cyber risk exposure.  

Pierluigi Paganini

(Security Affairs – Cyberlaw, privacy)