Cybersecurity is both a national security issue and an ongoing persistent threat that confronts all of our clients daily. Sophisticated hackers are after the "crown jewel" assets of government agencies, companies and organizations across all industries. Companies must work harder than ever to adequately secure and protect intellectual property, financial information, marketing and business plans, and sensitive client and customer information. It is vitally important that they work with attorneys and experts who can help them develop and implement security programs, as well as incident analysis and response programs that reduce the strategic and financial risk of data loss. Venable is perfectly positioned to assist clients with their data security, privacy, and intellectual property needs.
Venable has the cybersecurity risk management capabilities that businesses and organizations need in today’s world. Our cybersecurity team leverages legal services, proven organization governance models, technology risk expertise, insurance, and public relations to aid organizations with their risk management. Using government and industry best practices as a guide, we help entities set baselines and reduce risk without the fear of increasing their liability from regulatory enforcement, private litigation, or class action litigation that can lead to significant financial and reputational harm.
CAPABILITIES AND SERVICES
Venable clients benefit from the combined experience of our former Executive and Legislative branch personnel who provide deep insight into how the government envisions, enacts, and manages cybersecurity policy. Our work combines advice on broad policy questions and specific solutions to everyday industry problems. We offer both front-edge knowledge of the thinking of legislators and regulators and first-hand experience solving the issues that confront the executives of electronic commerce, financial services and communications companies.
The Coalition for Cybersecurity Policy & Law is a group of security companies that address complex policy issues and provide and single voice in influencing government policy and regulation.
We help organizations understand the risks they face and develop risk management strategies, including implementation of the Cybersecurity Framework and other planning tools to minimize risk.
Planning for Incidents
We develop incident response plans ahead of cyber incidents. This can include tabletop exercises, penetration testing, and war gaming.
Cyber Incident and Breach Response
We assist organizations during and in the aftermath of cyber incidents by helping to understand and navigate regulatory issues, public relations, and improving cybersecurity programs moving forward.
Board and Executive Education
We assist organizations with Board and Executive education to help them understand cybersecurity threats that they may face and develop an effective organizational governance framework to mitigate these potential threats.
Response to Government Requests
We assist organizations with their response to government requests for information related to cybersecurity.
We assist Information Sharing and Analysis Centers and Organizations (ISACs & ISAOs) with policy, legal, technical, and legal questions that relate to sharing threat information to help prevent future incidents, enable incident response, and assist companies in determining how to interact with ISACs and ISAOs.
MANAGING RISK USING THE CYBERSECURITY FRAMEWORK
Developed by hundreds of experts from government, technology companies, and critical infrastructure owners and operators, the Cybersecurity Framework published by the National Institutes of Standards and Technology (NIST), is widely recognized as a leading standard for assessing and managing organizational risk.
Because of its flexibility, broad acceptance, and applicability to all industry sectors and organizations, Venable uses the Cybersecurity Framework as the guide for its assessment engagements with clients. For organizations in regulated industries, Venable assists clients with navigating and meeting requirements while ensuring that their technology risk is managed effectively and efficiently.
Identify. Protect. Detect. Respond. Recover.
These five key tenants of the Cybersecurity Framework provide the foundation on which Venable advises its clients, resulting in a comprehensive view of risk that informs senior leadership and paves the way for high impact improvements in both the near and long term.
Knowing your risks is the first step to protecting against them. Venable offers asset management, data governance policies and risk assessments designed to provide the knowledge and insight required as the first step to cyber risk management.
Prioritizing the many controls necessary to protect modern networks can be a daunting task. Venable offers cybersecurity training and information protection and backup procedure reviews and can retain leading providers of access control and incident detection and prevention technologies in support of our client’s needs. Venable can also work with insurance brokers and agencies to help companies determine how to better mitigate risk.
Maintaining vigilance for technology threats and vulnerabilities is an essential part of a cybersecurity program. We advise clients on the use of leading cybersecurity consultancies that conduct comprehensive penetration testing of an organization's assets, including networks, websites, and products, as well as technology companies that provide state-of-the-art detection capabilities and services. Additionally, Venable helps organizations review information sharing strategies and technologies.
Knowing how to react and respond to a breach takes careful consideration and regular practice. Venable will create and tailor an incident response plan that reflects industry best practices while addressing your organizations specific needs. Venable retains a leading consultancy to aid clients in setting up a security operations center and, as necessary, in mitigation efforts.
Getting networks back online can be the most difficult challenge for an organization recovering from an incident. Venable will advise on recovery planning and can design and facilitate incident response and recovery exercises.
Across all our capability areas, Venable has consistently and successfully assisted our clients with their most challenging cybersecurity issues, including:
- A cybersecurity assessment of a hospitality organization, which included a review of vendor due diligence processes and data security policies and procedures across multiple business divisions, as well as an examination of technical aspects of the company’s data security procedures and controls in collaboration with information security consultancy.
- Development an incident response plan for domestic and foreign-based breaches for one of the largest multinational publishing organizations, as well as conducted table top exercises with the General Counsel and other key employees to rehearse the company’s implementation of the incident response plan.
- Training the board of directors of a major telecommunications organization in its cybersecurity responsibilities, including oversight of risk management and procedural controls.
- Serving as lead counsel to a major retailer after it experienced the largest retail data breach at the time, which included coordinating responses to state attorneys general and news media, delivering guidance to the C-Suite and Government Affairs Team, and leading congressional witness preparation and investigations.
- Counseling a major credit reporting agency on its responses to inquiries from congressional committees and federal and state agencies when the company was confronted with a cybersecurity incident.
- Counseling a global automotive trade group in the development of voluntary industry principles to govern consumer information collected through in-vehicle technology and on its efforts to address vehicle-related cybersecurity concerns related to the establishment of the Auto-ISAC.
AREA OF FOCUS FOR ORGANIZATIONS SEEKING SOLUTIONS
Venable represents and advises major financial services organizations, energy companies, health care organizations, airlines, telecommunications companies, consumer product companies, global retailers and national trade associations and others for whom failure is not an option when it comes to protecting their organizations from cyber threats. We understand that good cybersecurity practices are foundational to the many areas where Venable has traditionally been a leader in representing and advising our clients.
Venable regularly advises clients across all industries with respect to:
- Enterprise Risk Assessment
- Development of Compliance Programs
- Analysis of SAFETY ACT Protections
- Data Security and Privacy Issues
- Implementation of Privacy Policies, Records Retention Policies and related Training
- Advice regarding the appropriate patent, copyright, trademark and trade secret strategies to protect data, databases, networks, sales and financial information and other proprietary intellectual property or business enterprises
- Perform corporate investigations and provide relevant advice to corporate officers and Boards of Directors regarding fulfillment of their risk oversight responsibilities
- Advice concerning incident response, forensic investigation assistance, reporting/disclosure obligations and crisis management with respect to Breach Incidents
- Response to government investigations
- Review and negotiate third party IP vendor and outsourcing contracts to assure adequate protections for confidential and proprietary information
- Review insurance policies to assess terms and adequacy of coverage
- Prosecution of Cyber Offenses under the Computer Fraud and Abuse Act
AREAS OF FOCUS FOR SOLUTION PROVIDERS
For organizations such as information technology solution providers, systems integrators, research institutions and systems engineering firms, we deliver counsel in the areas of government regulation and procurement, financing and capital formation, mergers and acquisitions, patent and trademark litigation, technology transactions, tax planning and much more.
Venable provides a wide array of services to companies that design and implement security solutions for government agencies and commercial enterprises including the following:
- Monitoring of legislative and regulatory developments that impact our clients who provide cybersecurity solutions to government agencies and commercial businesses.
- Advice concerning cybersecurity requirements contained in a variety of government contract vehicles.
- Representing providers of cloud computing, data security and software as a service (SAAS) solutions with respect to appropriate intellectual property protection, data security and privacy and business growth strategies.
- Advice concerning import/export regulations, outsourcing of IT or development functions to foreign companies, and compliance with International Traffic in Arms Regulations (ITAR).
- Advice concerning compliance with applicable federal, state and local laws and regulations and relevant industry standards.
- Payment Card Industry Data Security Standard (PCIDSS)
- Critical Infrastructure Protection (CIP) Standards
- Automated Clearing House (ACH) Transaction Standards
- Health Insurance Portability and Accountability Act (HIPAA)
- and many others
For more information on Venable's Cybersecurity Risk Management Services, please contact Ari M. Schwartz, Stuart P. Ingis, Emilio W. Cividanes, or John F. Banghart.