Five Questions With: Ellen Marie Giblin

"Because of the Great Recession we were starting to pay closer attention to any attempted incidents of internal or external fraud."

Ellen Marie Giblin, a lawyer with Locke Lord LLP in Boston, recently joined the team of cybersecurity professionals at the Pell Center at Salve Regina University. She is an expert on global privacy and data protection as well as cyber breach response. Giblin talked about her recent appointment with Providence Business News, and her interest in cybersecurity issues.

PBN: How did you become interested in the topic of cybersecurity?
GIBLIN:
While I was working at a financial institution as a privacy officer, the chief privacy officer, noted for his years working with the government on system intrusions, warned us that these cyber events were becoming more prevalent and were not only criminal, but likely terrorist and government backed repetitive attempts to gain access to the systems. Also, because of the Great Recession we were starting to pay closer attention to any attempted incidents of internal or external fraud. I, in turn, sought out experts in the field and met Nolan MacDonnell Ulsch who had written many articles and a few books on the subject based on his years of experience working with the U.S. government as a consultant on foreign espionage, cybercrime and cyber threat. The group we began to form started to meet and evolve to include anyone interested in cyber issues and then we began to tap the insurance companies to start conversations around how they were going to insure for cyber breaches. The group then evolved to us working together with former assistant U.S. attorneys and the former U.S. attorney for Massachusetts and the former U.S. attorney general. Hearing each person speak about cyber leadership and their dedication to fighting cybercrime helps me reconcile that we can push-back on the other nation states that attack our systems. At Locke Lord, I have been fortunate to work with Stephen R. Ucci (also a Rhode Island state representative) in the privacy and cybersecurity practice group headed by Bart Huffman and Laurie Kamaiko alongside many other highly skilled and trained cyber security colleagues.

PBN: What does it mean to be a fellow at the Pell Center and what do you hope to bring to the position?
GIBLIN:
The Pell Center for International Relations and Public Policy at Salve Regina is a multidisciplinary research center that promotes cyber thought leadership and its politics, policies and ideas. I was invited to become a Cyber Leadership Fellow and Faculty at Salve Regina, which are adjunct positions considering my day job. My plan is to follow the lead of the many talented and dedicated members of the Pell Center such as James M. Ludes, executive director, Pell Center for International Relations and Public Policy at Salve Regina University. Also, Francesca Spidalieri, senior fellow for Cyber Leadership leads the cyber leadership project and the Rhode Island Corporate Cybersecurity Initiative. Her academic research and publications have focused on cyber leadership development, cyber education in non-technical fields, and the professionalization of the cybersecurity industry. Spidalieri lectures regularly on cybersecurity issues and teaches a graduate course, “Management of Cyber Opportunities and Threats,” which is now a core component and distinctive feature of Salve Regina’s MBA program. The MBA graduate program and the undergraduate cybersecurity and intelligence programs, headed by David Smith, chairman, graduate program director and a faculty fellow at the Pell Center introduces students to the threat landscape and helps them to understand the methodology used to mitigate threats to personnel and their agencies. Together with this group, I am immersed in cybersecurity, cyber threat management, cyber thought leadership, and I have the information and insight to bring this all to my colleagues and clients to help us prepare for the constant onslaught of cyber-attacks.

PBN: Tell me about the Rhode Island identity theft protection act of 2015, and the data breach cybersecurity law.
GIBLIN:
The most remarkable addition is the new data security requirements. Now, any agency or person that stores, collects, processes, maintains, acquires, uses, owns or licenses personal information about a Rhode Island resident shall implement and maintain a risk-based information security program, which contains reasonable security procedures and practices appropriate to the size and scope of the organization, the nature of the information and the purpose for which the information was collected in order to protect the personal information. Many of the safeguarding requirements in the new legislation are similar to the current Massachusetts data security regulations found at 201 CMR 17, especially regarding vendor management. This is the first step toward information governance and you need to know what your information assets are so that you may safeguard them.

- Advertisement -

PBN: What’s the best way for businesses to protect themselves against data breaches? Home Depot, Target, and Sony – all of these companies have been hit in recent months.
GIBLIN:
I believe it is a combination of information governance and risk management. By effectively, minimizing your risk in over-retained and redundant information you are off to a good start. To be more effective, if you take a data inventory or create a data map of where your riskiest information for a data breach is then you are really moving ahead. This information would include not only the personally identifying information of your customers, consumers and employees, but all your proprietary, confidential and business secret information as well.

PBN: Are larger companies more prone to attacks, or is it a problem that affects businesses indiscriminately?
GIBLIN:
FBI director James Comey said (in an interview with CBS) that Chinese hackers have repeatedly and deliberately targeted U.S. firms in cyber-attacks that have cost American companies billions of dollars.
“There are two kinds of big companies in the United States,” he added. “There are those who’ve been hacked by the Chinese, and those who don’t know they’ve been hacked by the Chinese.” Yes, I definitely agree with the director of the FBI in this area. This problem will affect all companies, regardless of size, especially if you have the types of data mentioned above. This is why the trend to have a data breach law is well established, and the next place we need to master is data security of all information that is either regulated by law or valuable for its business secrets and plans for your company.

No posts to display