Kroll Ontrack | Home

White Papers & Articles

Below you will find an expanding list of Kroll's industry expert-authored articles and white papers on best practices and the important issues related to cyber security, computer forensics, and incident and data breach response.



U.S. offers companies broad standards to improve cybersecurity

The U.S. government on Wednesday released the final version of standards meant to help companies in nationally critical industries better defend against cyber attacks, and officials now face the challenge of getting the private sector to adopt the voluntary measures. Criticized for being too vague and toothless, the so-called cybersecurity framework turned a vast amount of industry input...



Due Diligence an IT Priority for 2014

The data supply chain and the threat of malicious insiders will pose continuing challenges to hospitals this year according to a 2014 security forecast by cyber security experts Kroll. While organizations may have their own security in order, the same may not be true for the business associates who handle that data. “What we’re seeing in many cases is that as that data leaves the hospital it...



Cyber-security expert: Target case is 'watershed moment'

Congress takes its first look at Target's data breach this week, a moment some analysts think finally will prod lawmakers to pass tougher safeguards for protecting consumer information. "We will see federal legislation come out of this, and Target is the incident that will drive data security," predicts Jonathan Fairtlough, managing director with the cyber-security firm Kroll. The theft of...



TalkingPoint: D & O Liability in Data Privacy and Cyber Security Situations in the US

FW moderates a discussion on D&O liability in data privacy and cyber security situations between Richard Bortnick, a shareholder at Christie, Pabarue and Young, Jonathan Fairtlough, a managing director at Kroll, and Ann Longmore, an executive vice president at Willis. Download D&O Liability in Data Privacy and Cyber Security Situations in the US



Frankly Ludicrous: Time to Hone Your IT and E-Discovery Knowledge

"Frankly ludicrous" was the court’s reaction in Martin v. Northwestern Mut. Life Ins. Co., when the plaintiff sought to excuse his non-compliance with e-discovery requests on the grounds that he was “so computer illiterate that he could not comply with production.” In the intervening years since that 2006 case, the bench’s patience with lawyers failing to meet their discovery obligations has...



Kroll Speaks to Cyber Threats in Banking

While financial organizations have been working to enhance services to customers through new channels, cybercriminals have spent their time finding new ways to capitalize on the cyber risk in banking. “Cyberrisk in Banking,” a report released by Longitude Research and SAS on October 23, explores the cyber threat in financial services resulting from exploited weaknesses, sophisticated new...



Kroll Special Report: Cyber Security and Investigations - Looking Beyond the Headlines to Effectively Safeguard Data

Since early 2013 when the New York Times and Wall Street Journal raised alarms that they had been victims of Chinese hacking operations, there have been numerous reports of data breaches, hackings, and high-profile information leaks around the world. In this Kroll Special Cyber Report, we examine timely issues around recent cyber threats and data losses and provide you with suggested measures...



When It Comes to PCI Data Breach Investigations, Organizations Are Well Served to “Declare Their Independence”

For many organizations, the specter of becoming a victim of a cyber attack—whether via criminal enterprises or malicious insiders—is no longer if, but when.   As headlines show, virtually no organization is immune and the stakes are raised for any group, such as card brands, processors and merchants, that handles payment card information—just ask Global Payments, which was hit hard last year...



“It’s a Legal Matter” The Fine Line Between Expert Data Breach Guidance and Legal Advice

As a practitioner in Kroll’s cyber security group focusing on data breach response, I am regularly faced with a variety of client questions that arise during a data breach event: “Can you determine what data was exposed by the breach?”; “How long was the malware present on our network?”; and, “Can you determine what was on the laptop at the time it was stolen?” are all common. Kroll is well...