LS-ISAO

Now available for download is the October issue of the GRF monthly newsletter. In this issue you will find info about an upcoming webinar on incident recovery, an announcement about a new tool for GRF-affiliated members, and the incorporation of the Operational Resilience Framework into the Shared Assessments SIG, among other exciting news: grf.org/newsletter-oct…

Thank you to the LS-ISAO Annual Gathering Sponsors and our Seat Drop Sponsor of the Summit on Security & Third-Party Risk. Without the support of these organizations this event could not exist. In-person engagement is critical for developing trust, advancing relationships, and strengthening our mutual resilience through collaboration. Attendees, be sure to stop by their booths to say hello next week! Summit homepage: grf.org/summit2025

Join us for the LS-ISAO Annual Gathering! Paul Johnson and David White of Resiliam will present "AI Governance in Legal: Leveraging ISO 42001 for Compliance and Risk Mitigation.” Session abstract: As law firms increasingly integrate AI into legal research, client service, and operational workflows, ISO/IEC 42001:2023 offers a structured framework for responsible AI governance. Leveraging this standard enables firms to meet evolving regulatory and contractual requirements, manage third-party AI vendor risks, and proactively address threats and vulnerabilities in AI-enabled systems. By adopting ISO 42001, legal practices can uphold ethical standards, ensure client confidentiality, and build trust in AI-powered services. See you at the Palms in Las Vegas on November 5! Learn more and register here via the Summit on Security & Third-Party Risk, of which the LS-ISAO Annual Gathering is a part: grf.org/summit2025

On November 17 at 2pm ET, join @LS_ISAO, @LowensteinLLP, @Holland_Knight and @ArmorText for the educational webinar “From Vendor Dependent to Crisis Ready: Joint Tabletops, OOB Comms, and Privilege that Holds Up.” Register here: us02web.zoom.us/webinar/regist… In this session, we walk through a realistic incident storyboard: a managed SOC flags malicious activity, the provider may also be compromised, and the firm’s primary channels (email/IDP/chat) can’t be trusted. What fails first, where privilege gets jeopardized, and how quickly can you pivot? We’ll translate that scenario into a crisis playbook: counsel-directed, privilege-preserving communication patterns; minimum viable out-of-band (OOB) controls (E2EE, role scoping, immutable audit without content exposure); and clear decision rights across IT/Sec/PR/GC/ExCom. We’ll cover the tough edge cases—secure communications when an MSP becomes adverse or is under investigation—and how to run joint tabletops (Firm–MSP–Client) that actually build muscle memory: onboarding externals fast, testing unknown-third-party joins, and measuring time-to-pivot OOB. You’ll leave with practical templates for injects, comms decision trees, and readiness metrics you can reuse—for your organization and with your clients. Co-led by technical and legal experts, this session prioritizes privilege, defensibility, and operational control—so you can keep working cases even when primary systems and providers are under stress. Speakers include: -Amy S. Mushahwar, Partner and Chair, Data Privacy, Security, Safety & Risk Management at Lowenstein Sandler -Matthew B. Welling, Partner, Data Strategy, Security and Privacy at Holland & Knight -Navroop Mitter, CEO of ArmorText -Matt Calligan, Director of Growth Markets at ArmorText *Self report an hour of CPE *CLE credit provided by Lowenstein Sandler LLP The firm is an accredited provider in California, New Jersey, and New York. If you are seeking credit in additional states, please indicate your jurisdiction on the Affirmation Survey that will be provided, and we will issue you a Uniform Certificate of Attendance.

Join us for the LS-ISAO Annual Gathering! Shankar Krishnan of @PromptArmor will present "Novel risks from AI in vendors: web-search DLP, MCP servers, indirect prompt injection and more." Session abstract: Law firms are rapidly adopting AI vendors. But the gap between rapid innovation and risk reduction remains — how quickly can we identify the real new risks from new AI vendors and features? Learn more about the novel risks AI-enabled vendors carry - from the depths of indirect prompt injection to the various ways they can train on customer data. After this session, you will be able to confidently explain these risks in understandable terms to the rest of the business. You will be able to filter out which risks to care about, and which risks are overinflated. And you will understand how to use a comprehensive framework to evaluate vendors for novel AI risks. AI vendors carry many risks - across cybersecurity, data & privacy, legal, ethics, and more - and it is our goal to teach you how to stay up to date with the constantly evolving risk landscape. See you at the Palms in Las Vegas on November 5! Learn more and register here via the Summit on Security & Third-Party Risk, of which the LS-ISAO Annual Gathering is a part: grf.org/summit2025

Join LS-ISAO and Streaming Defense on October 8 for the webinar "Collective Defense in Action: How LS-ISAO Can Leverage Streaming Defense for Threat Sharing." The Streaming Defense (SD) platform empowers ISAC communities to detect, analyze and respond to threats in real-time. SD enables continuous intelligence sharing, automated correlation of member data and coordinated response across the sector. Members will not just share information but will act on it, together with SD as the backbone, and raise the bar for collective defense. Register here: us02web.zoom.us/webinar/regist…

Join us for the LS-ISAO Annual Gathering! Register to attend the Gathering and the GRF Summit below!

Join us for the 8th Annual Summit on Security & Third-Party Risk! Nick Panos of @googlecloud will present "Winning the Resilience Race: Outpacing Risk in the Age of AI and Automation." Session abstract: The modern digital risk landscape is not just evolving—it is accelerating. Fueled by AI-powered threats, sophisticated supply chain attack techniques, and significant geopolitical volatility, the critical questions now revolve around when, and how often, major disruptions will occur. Traditional approaches to business continuity and cybersecurity are not enough to keep pace. The new imperative is cyber resilience: the ability to anticipate, withstand, recover from, and adapt to adverse conditions. This session moves beyond the buzzwords and delivers an actionable framework for building and accelerating digital resilience within your organization. We will discuss the key pillars of a modern resilience strategy, from proactive threat anticipation and defensible architecture to rapid response and adaptive recovery. Drawing on real-world case studies, you will learn how to shift your organization's mindset from reactive defense to proactive readiness, ensuring your critical business functions remain fortified against the next major disruption. We hope to see you at the Palms in Las Vegas, November 3-5. Learn more and register here grf.org/summit2025

The hotel room block closes in three weeks! LS-ISAO members, join your peers on November 5! The LS-ISAO Annual Gathering will take place on the last day of the GRF Summit on Security & Third-Party Risk, after other sessions conclude, so that members can fully attend both events. Contact Raquel Santiago with questions or register for both events by signing up for the summit here: grf.org/summit2025. Book soon to stay on site.

Listen to Jim Routh, a former CSO/CISO at multiple Fortune 500 companies, discuss the benefits of attending the annual Summit on Security & Third-Party Risk. Learn more and join us in Las Vegas from November 3-5, 2025: grf.org/summit2025 youtube.com/watch?v=D5um9_…

Summit on Security & Third-Party Risk Nov. 3-5  |  Las Vegas Why Now: Tighten third-party risk, resilience, and compliance before 2026 audits and board meetings Outcome: Peer-tested TPRM workflows and improvements & cybersecurity insights CPEs: Attendees self-report 10+ hours of education Who Attends: CISOs, CSOs, directors of cybersecurity and TPRM, compliance teams, risk managers, security analysts Urgency: Four weeks until the room block closes and you have to stay offsite Register: grf.org/summit2025

In or around the Boston area? Join LS-ISAO and @CyberhavenInc for dinner at Smith & Wollensky at 6pm on Thursday, September 18th. Space is limited! Those who register after the maximum capacity has been reached will be placed on a waitlist. Register here: ls-isao.com/bostondinner *Law firm attendees only. If you register and are unable to attend, please be sure to email Rsantiago@grf.org.

LS-ISAO members, join your peers on November 5! The LS-ISAO Annual Gathering will take place on the last day of the GRF Summit on Security & Third-Party Risk, after other sessions conclude, so that members can fully attend both events. Contact Raquel Santiago with questions or register for both events by signing up for the summit here: grf.org/summit2025

Join us for the 8th Annual Summit on Security & Third-Party Risk! Bill Nelson, former CEO of @FSISAC and founder of GRF, will present “25 Years of Information Sharing: Past, Present, and the Future of Collective Resilience.” Session abstract: Bill played an instrumental leadership role in the growth of the information sharing and analysis center (ISAC) movement. As CEO of Financial Services ISAC, and later Global Resilience Federation, he was a pioneer in the development of collective defense, cross-sector sharing, and advancements in industry resilience. In this presentation he’ll discuss some of the key milestones in today’s security environment, from the advent of email threat lists, and the inception of the Traffic Light Protocol, to the launch of secure sharing portals and the movement into automated threat exchange. Reflecting on his long history in the threat information sharing industry, he will pose to the audience what he expects to be the greatest future threats and the ways in which we can work together to overcome them. We hope to see you at the Palms in Las Vegas, November 3-5. Learn more and register here grf.org/summit2025 *Note that registering for the summit covers a pass to see all presentations, as well food and drink from the evening of November 3 through the close of the summit on November 5.

Join us for the 8th Annual Summit on Security & Third-Party Risk! @stripe's Morgan Binder, Head of Third Party Risk, and Gary Donoghue, Business Resilience Manager, will present “Building Resilient Foundations: Establishing TPRM Excellence.” Session abstract: Join us as we explore the essential foundations of a successful Third-Party Risk Management (TPRM) program. Discover best practices to build steadfast relationships with stakeholders and ensure clear communication throughout your TPRM initiatives. We'll share real-world examples that highlight organizations successfully managing third-party risks. Engage in an interactive Q&A to exchange ideas and solutions with fellow professionals in the industry. Whether you're embarking on a new TPRM journey or fine-tuning your existing program, this session will equip you with the confidence to manage complex third-party relationships and mitigate potential risks. We hope to see you at the Palms in Las Vegas, November 3-5. Learn more and register here grf.org/summit2025 *Note that registering for the summit covers a pass to see all presentations, as well food and drink from the evening of November 3 through the close of the summit on November 5.

Attend the Summit to hear them, and many others, and then stick around for the LS-ISAO Annual Gathering!

GRF analysts recently completed the semiannual ransomware report covering the first half of 2025. The report series tracks attacks based on public sources and conversations of threat actors in closed forums. Analysts compiled data on 2,940 successful attacks. Some key findings: •Manufacturing was again the most targeted industry with 531 victims, a 69% increase from H2 2024. The next most targeted sector was Commercial Facilities with 459, a 50% increase from the last report. •This is the seventh report in a row in which Manufacturing has been the most targeted industry. •Cl0p was the most prolific actor with 415 successful attacks, followed by Akira with 261. •Roughly matching the previous report, the United States was targeted by 62% of all ransomware attacks tracked by GRF analysts, with 18% directed at companies within the EU and UK. •Re-extortion is becoming more common, Initial Access Brokers have become an integral part of actors’ process, and Endpoint Detection Killers are gaining popularity. Read the full report: grf.org/ransomware-rep…

Join us for the 8th Annual Summit on Security & Third-Party Risk! John Anthony Smith, Founder & CSO of @Fenix24_dr, will present “Recovery Over Resistance: The New Paradigm in Cyber Defense.” Session abstract: An organization’s ability to recover data post-breach and quickly bring operations back online can be assured with the proper orchestration of immutable data backup technology. In this session, attendees will learn: 1.) Data recovery and restoration to operations can be assured in the event of a cyberattack/ransomware event. 2.) Establishment of immutable backup technology is the best weapon of defense against threat actors. 3.) Resistance to cyberattacks is important, but such activities must complement a robust data recovery program. We hope to see you at the Palms in Las Vegas, November 3-5. Learn more and register here grf.org/summit2025 *Note that registering for the summit covers a pass to see all presentations, as well food and drink from the evening of November 3 through the close of the summit on November 5.