Another day at the breach

Your computer goes down. Then the one on the desk next to you. Then another. The phone on your desk doesn't even have a dial tone. Your cellphone beeps. It's your company's emergency alert system. "Network down. Investigating malware." IT is frantically trying to stop the spread. The legal and PR teams are mobilizing: How do we tell our customers? What did the attacker get and what will they do with it? Everyone is wondering: What's the extent of the damage?

This happens every day worldwide, as cybercriminals, nation-states and even company insiders wreak havoc on cyber systems. The extent of these threats and how to handle them was the focus of "Another Day at the Breach — Cyber Intrusion: A Conference of Experts," March 16-17, 2018, at William & Mary's schools of business and law.

 “We're in the midst of one of the most dramatic periods of technological innovation in history. But there is a downside, and that’s what this conference is about," said William & Mary Law School Dean Davidson Douglas.

 Alumni speakers from Apple, Microsoft, Wells Fargo, Prudential, major law firms and more spoke about that downside: how security and privacy is compromised in our connected world, who is looking to exploit private data and what the worst could look like in the case of a breach.

The threats are "a list of terrifying things," but we should not be discouraged, said keynote speaker Paul Mitchener, senior national intelligence offer for cyber at the FBI. "We know we can’t bring every cybercriminal to justice, but we can strengthen our defenses, increase the cost for criminals, and share information," he said. "Nobody can counter these threats alone."

Collaboration was a major theme of the conference. At every stage, from preparing for breaches to dealing with them in the moment to recovering afterwards, "have a plan that is written in a clear and comprehensive way that can be explained to everyone," said Darren Bowie ’89, chief privacy officer/associate general counsel, AIG.

 The almost 200 attendees at the conference represented this collaboration. They included law and business students, faculty, staff, alumni from a wide variety of industries and outside cybersecurity experts.

Zachary Withers J.D. ’12 traveled to the conference from New York City, where he is a senior advisor for legal, policy & compliance affairs at the NYC Department of Health and Mental Hygiene. "I wanted to get a practical perspective from the experts," he said. "William & Mary brings together the best of the best."

Mallika Srivastava M.B.A. ’09, senior manager of info security and policy at Comcast in Philadelphia, was appreciative of a chance to return to William & Mary to discuss a topic directly related to her career. "I'm excited to hear from different and new voices," she said.

Lawyers and law school students mingled with businesspeople and business school students as they discussed such topics as the challenges and opportunities presented by the cloud and the internet of things.

 "My goal is to bring businesses into the business school, to share their in-the-trenches experiences. This is a great opportunity to collaborate richly and deeply with our colleagues in the law school, our alumni and friends," said Raymond A. Mason School of Business Dean Larry Pulley.

Universities have a big role to play in training the experts of tomorrow, said Scott Price M.B.A. ’96, general manager of the national security group at Microsoft, in his panel discussion. "How do you even train humans that fast to keep up with the pace of change? You constantly need the best and brightest. We need to teach what it looks like today but spend much more time looking at the future."

This sentiment was also expressed by Karen Rollins Jackson M.B.A. ’91, former secretary of technology for the Commonwealth of Virginia, in her panel. "We don't yet have enough cyber workers to do the things we need to do. Universities and technical schools need to produce these students quickly."

Current student Taylor Treece J.D. ’18 was encouraged to attend by her professor, Holly Brady J.D. ’09, who presented at the conference. "I'm interested in going into tech law," she said. "This is a great way to get an overview of this aspect of the field."

Shay Franklin J.D. ’08, M.B.A. ’18 worked as a lawyer before returning to William & Mary for her MBA. "I love the intersection between law and business, and wherever my career takes me next, this will be essential," she said. "It's a great way to market yourself, that you know something about this. I'd love to see this conference become annual."

Alec Young J.D. ’20, M.B.A. ’21 is one of only a few students getting both business and law degrees simultaneously. He wanted to go into mergers and acquisitions, but this conference opened his eyes to a new field. "We don’t have the answers to all these questions yet, but people like me, the next generation of lawyers, might be the ones to solve them," he said.

And hopefully they will. As Jane Hovarth ’86, senior director, global privacy law and policy, Apple, Inc., said in her keynote, "Little did I know when I was spending late nights in the computer lab in Jones Hall, that one day I’d be presenting here today."

Read the law school’s coverage of the event here.