Navigating Legal Risks and Responses in the Aftermath

The SolarWinds breach has represented a landmark event in its scope and technical complexity, as well as in the ensuing impact it has had on regulatory oversight and executive liability. This major cybersecurity event, which affected both private corporations and government agencies, has been followed by the signing of Executive Order 14028 and the adoption of the new SEC ‘Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies.’ The attack is also serving to highlight the increasing potential for executive liability in cybersecurity incidents. Indeed, a Wells Notice received by current and former executives of SolarWinds in June 2023 was the first instance of a CISO being directly named.
As this latest event continues to shape the way organizations understand and address cyber risk management, join our panel of industry leaders for a dynamic conversation at the intersection of cybersecurity and the law. This seminar will serve as a useful resource for lawyers aiming to understand the consequences of these developments and gain insight into crafting strategies to mitigate risks.
In this seminar, our panel of industry leaders begins by reviewing the SolarWinds attack to highlight key facts, the technical complexity of the attack method, and the breadth of affected parties. Our speakers then review the response to the breach and focus on the SEC’s June 2023 Wells Notice to highlight its potential implications for executive liability. The panel concludes the discussion by highlighting best practices to safeguard organizations and avoid the pitfalls of digital threats.

Our Mission is to bridge the knowledge gap between law and technology professionals by educating attorneys on technology to attorneys and technology executives on its laws and regulations. Legal Cyber Academy provides a comprehensive tool and evolving knowledge base through exclusive insights from world class cybersecurity, privacy, web 3.0, forensic, and e-discovery legal and technical practitioners. Earn CLE, CPE, and CE credits. (Refunds are available if you do not receive credit) At Legal Cyber Academy We recognize that technology, the cybersecurity threats it faces, and relevant laws and regulation are rapidly evolving, presenting unique challenges and opportunities. Our platform is dedicated to empowering legal professionals with the skills and understanding necessary to navigate the complex landscape of technology in their field, enabling them to effectively advise clients, draft contracts, and navigate legal implications in a technology-driven world. Simultaneously, we strive to equip technology professionals with the legal knowledge they need to make informed decisions, ensure compliance with regulations, and limit liability. By fostering a deep understanding of legal frameworks, we hope to support technology professionals in creating innovative, compliant, and socially conscious technological advancements. Join us in our mission to reshape the way legal professionals and technology experts understand and interact with each other in a rapidly changing technical and legal landscape. Together, they will mitigate risk better, ensure compliance, and actively shape the future of technology and its accompanying laws.

LAW & FORENSICS LLC – FOUNDER; JAMS – NEUTRAL; HARVARD – ADJUNCT;
Danie Garrie, Esq., is the Co-Founder of Law & Forensics LLC, where he heads the Computer Forensics and digital discovery Cybersecurity teams. Daniel has been a dominant voice in the computer forensics and cybersecurity space for the past 20 years, as an attorney and technologist. He is an adjunct professor at Harvard for Computer Forensics, and prior to Law & Forensics, he successfully built and sold several technology start-up companies. Since co-founding Law & Forensics LLC in 2008, Daniel has built it into one of the leading boutique firms specializing in cybersecurity and forensic engineering. He is a mediator, arbitrator, and e-discovery special master for JAMS and is a partner and head of Cybersecurity practice at Zeichner, Ellman & Krause LLP. Daniel earned both a Bachelor’s and a Master’s degree in computer science from Brandeis University, as well as a J.D. from Rutgers Law School. Daniel has led cyber and forensic teams in some of the most visible and sensitive incidents in the United States. He and his team have worked globally for two of the top five banks and dozens of the largest private and public companies in the world. In addition, Daniel has been awarded several patents for advanced cybersecurity and forensic platforms he built with his team, including TableTop.AI, CustodyTrack.IO, and Forensic Scan. Daniel is also well-published in the cybersecurity space and has authored more than 200 articles and books. His work is cited by Black’s Law Dictionary 10th Ed. defining the terms 'software', 'internet', and 'algorithm'. Lastly, he has been recognized by several United States Supreme Court Justices for his legal scholarship and is a trusted source and thought leader for cybersecurity articles and opinions, cited over 500 times to date.

Frankfurt Kurnit – Partner
Rick Borden is a partner in the Privacy & Data Security Group at Frankfurt Kurnit. With decades of experience both at firms and in-house, Mr. Borden translates privacy and data security requirements into budget-friendly operational solutions, advises on risk management, audits and incidents, and helps clients commercialize data and innovation. Mr. Borden regularly represents FinTech, InsurTech, Software as a Service (SaaS), cloud computing, and other tech-forward companies on technology transactions, and privacy and data security issues. With a laser focus on data flows and a full understanding of operations, IT and the legal landscape, he translates complex risk discussions into plain English, and right-sizes mitigation strategies so that they fit with corporate budget and staffing limitations. Mr. Borden’s experience on both the customer and vendor side enables him to advise general counsel, boards of directors, and CEOs, CIOs, CTOs and other C-Suite executives on risk and incident response. He also interfaces with technology departments, advising them on how technology implementations and programs may expose companies to risk. Mr. Borden was named a JD Supra Readers' Choice Awards Top Author for cybersecurity. He serves on the Board of Editors of the Journal of Law and Cyber Warfare and is a Senior Advisor to the RANE Networks.

Morrison Foerster – Partner and Investigations +White Collar Defense Practice Group Co-chair
Craig serves as co-chair of Morrison Foerster’s Investigations + White Collar Defense practice group. Craig has led dozens of internal investigations, often on behalf of audit and special committees. Though Craig most frequently assists with matters involving complex financial accounting and reporting issues, his investigations have covered a broad range of subjects, including corporate disclosures, commercial practices, scientific misconduct, commercial and foreign bribery, and misuse of company assets, among many others. In addition, Craig represents issuers involved in U.S. Securities and Exchange Commission (SEC) enforcement and U.S. Department of Justice (DOJ) investigations. Craig’s clients span various industries, including technology, healthcare and life sciences, financial services, manufacturing, real estate, and agriculture. Craig has obtained excellent results for clients, often in the wake of a serious financial accounting misstatements or disclosure failures. Craig also serves as personal counsel to executives and directors in government and internal investigations. Attuned to the scrutiny that corporate executives can face in the wake of a business setback, Craig has helped CEOs, CFOs, and general counsel successfully navigate parallel SEC, DOJ, and internal investigations. Clients consistently praise Craig for his sound judgment, investigative experience, pragmatism, and credibility. He has been recognized in the “Enforcement 40” published by Securities Docket as one of the 40 best securities enforcement defense lawyers in the business. In addition to representing clients, Craig served for a decade as a Firmwide Managing Partner at Morrison Foerster (2012-2022). Craig was an enforcement attorney in the SEC’s San Francisco office from 1999 to 2002. During his tenure at the SEC, he worked closely with attorneys and investigators from DOJ on both financial accounting fraud and insider trading matters. Of particular note, Craig led one of the largest insider trading cases in SEC history, in which 15 individuals were charged with illegal trading.

Mitsubishi Corporation (Americas) - Senior Manager of Information Governance, Security, and Privacy
After 11 years as a generalist in the legal division of Mitsubishi (a multinational trading company) handling corporate transactions, managing litigations, and building compliance programs, Lana has spent the last 9 years developing and maturing information governance, data security, and privacy programs. Lana revamped the company’s document retention policy through close collaborations with business and corporate units, producing the company’s first data map in this process and providing her with a detailed understanding of the company’s IT infrastructure, which allowed her to implement litigation holds more effectively and to work seamlessly with HR and IT to institute appropriate annual technical and manual processes for data retention compliance as well as address data security and privacy compliance. Afterwards, Lana spent 18 months in intensive partnership with IT to finalize the company’s first data security incident response plan. Lana led a cross-functional team in obtaining management approval for and completing the company’s first formal security risk assessments, tabletop exercise, and vendor risk assessments. She created the company’s first live cybersecurity awareness training, which has become the most popular training provided by the legal and compliance division. As a result of Lana’s efforts in building the company’s data security program, the company’s security incident response team has become a resource for Mitsubishi’s other affiliates in the Americas requiring cybersecurity support with incident response, awareness training, or templates such as incident response plans and vendor risk assessment questionnaires. She has also served on Mitsubishi International Corporation's Paperless Initiative Task Force to transition recordkeeping and HR processes from legacy systems to cloud-based alternatives. Her current responsibilities include monitoring and developing compliance strategies in response to ever-changing U.S. privacy and AI regulations and standards. Her International Association of Privacy Professionals certifications include CIPP/US, CIPP/E, CIPM, and CIPT.