Victoria Beckman: "A cybersecurity programme does not need to be expensive to be successful"

The Principal Corporate Counsel of Microsoft talks about the growing sophistication of cybercrime, cybersecurity regulation in Latin America, and what she looks for when hiring external counsel.

Posté le Tuesday, June 22nd 2021
Victoria Beckman: "A cybersecurity programme does not need to be expensive to be successful"

Leaders League: The Covid-19 pandemic ushered in a spike in cybercrime. Given the logistical and financial challenges faced by so many companies, which made it difficult to invest fully in cybersecurity or implement defence programmes on time, was this spike avoidable?

Victoria Beckman: Increases in cyberattacks may not be avoidable, but a company could be more prepared to respond to them. The pandemic forced companies to move their entire workforce to remote work overnight, which presented a great opportunity for attackers to go after systems when they were vulnerable. A cybersecurity programme does not need to be expensive to be successful. Basic best practices, including internal defined policies, training of employees, and protocols to respond to incidents are effective tools to avoid or reduce the severity of attacks.

When looking for external counsel, on top of expertise in the area and financial feasibility, I always evaluate a firm’s diversity

How has digital criminality changed over the last few years, and how do you expect it to change in the coming years?
Digital crimes have evolved with technology. As more people adopt technology and connect to systems online, the pool of targets for bad actors also grows. The number of attacks and their sophistication have grown exponentially. Similarly, companies’ preparedness for attacks and understanding of existing threats has also evolved and improved. We are seeing more attacks to critical infrastructure (water treatment plants, pipelines, etc.), social engineering scams through IoT (Internet of Things) devices, and different versions of ransomware.

 

In North and South America, what cybercrime regulation has been enacted in the last year, and what more could be done by authorities?
There have been several initiatives and proposed regulations throughout Latin America, but there has not been a pure cybersecurity law enacted. Cybersecurity measures have been incorporated in proposed laws related mostly to data privacy (not cybersecurity per se) and some amendments to existing laws have been approved.

In the last year or so, Colombia and Peru have ratified the Budapest Convention, which is the first international treaty on crimes committed via the internet and other computer networks, dealing particularly with infringements of copyright, computer-related fraud, child pornography and violations of network security. Similarly, many Latin American countries – namely Argentina, Chile, Colombia, Ecuador, Guatemala, Mexico, Panama, Paraguay, Peru and El Salvador – have signed the Paris Call for Trust and Security in Cyberspace.

 

What are the most common mistakes made by companies that prepare inadequately for digital crime?
The most common mistake is not to be prepared! Some companies are not aware of the risks, or believe that because of the nature or their business, they will not be targets. It’s worth noting that not having cybersecurity insurance is a common and potentially costly mistake.

 

You only very recently joined Microsoft. What attracted you to an in-house position?
I was not looking for a job or to go inhouse, but the opportunity came up for a role that perfectly fit my skills and interests. I’m not going to lie: I am really enjoying not having to bill hours!

 

When you hire external advisors, what do you look for?
Other than the obvious requirements to have expertise in the area and be economically feasible, I always evaluate a firm’s diversity. As a woman of color, I appreciate seeing where diverse attorneys are doing the work and getting credit for it.

 

What advice would you give to young lawyers wanting to specialise in digital criminality?
Network, seek out mentors, and remember your value.