Page 23 - CCCA 259155 Magazine_Winter 2016
P. 23
{ FEATURE }
ASK NIKKI LATTA ABOUT THE BIGGEST CHANGE IN HER NINE
YEARS OF PRACTICING IN-HOUSE AT THE CONSULTING GIANT
DELOITTE LLP, AND THE ASSISTANT GENERAL COUNSEL
SAYS IT IS THE FOCUS THE FIRM’S CLIENTS ARE PLACING ON
CYBER SECURITY AND PROTECTING THEIR IT SYSTEMS FROM
UNWANTED INTRUSIONS.
“What we are seeing is that clients want to understand tax records from the Panamanian law frm Mossack Fonseca.
what security protections are in place with respect to the There is also a trail of stolen money and pilfered credit card
information they are sharing with us and with respect to data. Hackers recently managed to steal US$81 million from the
the access they are providing us to their networks. They Bangladesh central reserve bank. Credit card thefts at major re-
want to know who they are dealing with…so they can tailers, including Target, The Home Depot and TJX Cos., cost
satisfy themselves that they are in good hands.” those companies millions of dollars to rectify.
Part of Latta’s job is to facilitate the negotiation of large IT out- Now, a new threat is emerging, known as ransom-
sourcing contracts, which drives part of Deloitte’s consulting ware. That’s where a hacker infltrates a company’s IT
business, so she has had a front-row seat to the emergence of system and holds critical information hostage until
cyber crime as a major issue facing businesses. the company agrees to pay a ransom, usually in un-
To enhance its business, Latta says, her group was one of the traceable bitcoins. “They are targeting amounts they
frst in Deloitte to achieve ISO 27001, an international, gold- think you can pay,” warns David R. Mackenzie, an in-
seal standard that covers an organization’s information security surance and cyber security lawyer at Blaney McMurtry
management system. It applies risk management principles to LLP. He says oftentimes it is more “cost effective” for a
policies and processes around IT systems to help organizations company to quietly pay the ransom and get control of
manage the security of critical assets, such as fnancial informa- its systems and information back than to go through
tion, intellectual property, employee details and information the rigmarole of rooting out the perpetrators.
entrusted to organizations by third parties. These types of developments are spurring both concern
That ISO stamp of approval has become and action. The 2016 Kroll Corporate Risk Survey of in-house
critical in contract negotiations, she says, counsel fnds that the combined triple play of data security, cy-
noting “in the early days, people weren’t ber security and privacy risk is now the most pressing legal issue
looking for an ISO certifcation. Now you facing companies.
see that expressly in standard form con- While 76% of respondents say they have effective safeguards
tracts.” in place to protect information, many appear ill prepared to
Indeed, data protection and cyber secu- deal with the fallout from a breach. Only 41% say they have
rity is moving to the forefront of the cor- an incident response plan that is regularly updated and tested.
porate world, spurred by recent high-pro- Another 18% say they have a response plan but it is not regu-
fle cyber incidents—from hacked emails larly updated or tested, while a further 13% say they have a plan
during the U.S. presidential election to the but it lacks resources. Almost one-third report having no plan
release of 11 million confdential client at the moment. Moreover, a startling 20% of in-house lawyers
CANADIAN CORPORATE COUNSEL ASSOCIATION | CCCA-ACCJE.ORG 23
