Sound Off: A Post-Mortem on the Colonial Pipeline AttackAttorney Lisa Sotto Sounds Off on Incident Response Readiness
"Sound Off" is a new video series that explores one topical question, in depth, with information security and privacy leaders.
On this week's "Sound Off," attorney Lisa Sotto demonstrates how Colonial Pipeline did "a lot right" in its response to the DarkSide ransomware attack that led the firm to shut down operations for nearly a week last May. Sotto, who advised Colonial Pipeline on its ransomware incident, shares best practices for enterprises to improve their incident response plans.
Sotto says that Colonial Pipeline "was able to get on with the difficult, substantive tasks of finding out the root cause, understanding what data and systems were impacted, understanding what might have been compromised and focused on getting systems back up and running by really that very first day." She attributes its efficiency and effectiveness to the fact that "they had all the experts lined up to get going and they were able to jump right in."
In a video interview with Information Security Media Group, Sotto discusses:
- Lessons learned from the Colonial Pipeline ransomware response;
- Incident response readiness essentials;
- Updates on U.S. regulatory movement to support critical infrastructure security.
Named in The National Law Journal's "100 Most Influential Lawyers," Sotto serves on the Hunton Andrews Kurth executive committee. She was voted the world's leading privacy adviser by Computerworld magazine and has earned the highest honor from Chambers and Partners as a "Star" performer for privacy and data security. Recognized as a "leading lawyer" by The Legal 500 U.S., Sotto chairs the Department of Homeland Security's Data Privacy and Integrity Advisory Committee and is the editor and lead author of "Privacy and Data Security Law Deskbook." She has represented the U.S. Chamber of Commerce in Indonesia and has advised the Serbian government on global data protection law. Sotto is co-chair of the International Privacy Law Committee of the New York Bar Association and chair of the New York Privacy Officers' Forum.