The Law Offices of Mary N. Chaney, P.L.L.C.
The Cyber Security Law Firm of Texas

Mary's Blog

The Breach Whisperer

About Mary....

Mary N. Chaney, Esq., CISSP® is a former Special Agent for the FBI where she investigated cybercrime, a seasoned corporate executive that built and operated information security teams and now a cybersecurity attorney.

As a self-described “Breach Whisperer” our firm can train your company to properly prepare for your eventual breach!

The overall goal of our firm is to use our wealth of knowledge and expertise to help support, translate and advise, Boards of Directors, CIO's, CISO's and General Counsel's on how to legally protect their company from cyber related risk.

Blog Entries


 

Lake City Florida Fires IT Director After Ransomware Incident

See Article Here

Lake City, Florida had to pay hackers $460k to recover files from a ransomware incident, thereafter, they fired their IT Director. The mayor of the city offered no explanation for the firing, but I think we can all guess that the incident was the cause. The firing of a high-ranking security person is not uncommon after a security incident and/or breach, most CISO’s know they are one breach away from getting fired. That either motivates them or stresses them the heck out! 

However, I have yet to meet a security professional that is not aware of the weaknesses in their program, nor anyone that has not brought it to the attention of their boss. Ransomware is one of those things that causes an organization to pay attention and should motivate them to do something to protect themselves. I am sure the IT Director, if doing his or her job, brought those weaknesses to the right persons attention. Despite the fact that, technically speaking, cyber security should exist outside of the IT Director’s responsibility. In reality the IT Director, especially in city government, wears both hats and that is a tough job to say the least. 

IT and cyber security people are just different, mentally speaking, we worry about different things. Each can be taught to understand the other, but it takes effort, training and collaboration. Blindly believing that your IT Director is also an expert in cyber security is a grave error a lot of companies make. There has historically been this assumption that cyber security is an IT issue and “my IT guy (or gal)” has this handled, at least that’s what I have experienced from potential clients. Many times, it is a knee jerk response and the person doesn’t really know what is going on, nor do they know or have the courage to ask the tough questions of their IT person. In actuality, it doesn't take a huge amount of resources to develop an information security management program, but it does take someone that is actually focused on the program.