Organisations rely heavily on the integrity of their IT systems to store data and conduct routine business operations from payroll to dealing with supplies, orders, tax and inventory. Huge amounts of sensitive personal and commercial data are stored on corporate servers and protected by data privacy laws and complex security systems – at least in theory.
Attacks by clandestine operators on public and private companies made for gain have become increasingly common. Originally malicious software (“malware”) was anticipated to be used by state agencies for attacks on enemies of the state including other nations’ governments departments and agencies. As a result of the conflict in Ukraine, this has moved higher in the list of acute concerns.
For obvious reasons, commercial organisations provide tempting targets. Their IT security could be breached by software available on the dark web, allowing clandestine operators to freeze or seize data. Indeed, not only does a cyberattack constitute a significant security risk, but also poses a considerable financial cost. 2021 saw the highest average cost of a data breach in 17 years, rising from US$3.86 million to US$4.24 million on an annual basis. (IBM Cost of a Data Breach Report 2021).
We spoke to Mark Pugh-Cook of RMPC Consulting Ltd, a retired army intelligence officer who uses his experience as a consultant in risk and crisis management, threat analysis, and business continuity planning. He warned that clandestine operators now present a triple threat: they can decrypt data and demand payment to ensure that data is not published online as well as threaten attacks on data owners. This is known as Ransomware as a Service (RaaS).
Ransomware attacks on the rise
Ransomware attacks are becoming increasingly common, with targets comprising commercial organisations, government agencies and individuals.
In May of last year, the US fuel network Colonial Pipeline was attacked and its ability to manage operations frozen. Within days and working together with the FBI, Colonial Pipeline met a ransom demand of over $4m. Software was provided by the attackers that permitted the computerised systems to restart gradually, and the FBI succeeded in recovering more than $2m of the ransom.
Further, early in July last year, US IT service provider Kayesa was attacked. The attack affected potentially hundreds of customers worldwide and tens of millions of dollars were demanded in ransom.
Later that month, reports of the Pegasus malware attacks brought home that these invasions of privacy and thefts of data can – and will – be targeted at individuals as well as at government and commercial organisations.
How businesses can prevent ransomware attacks
Clandestine operators can find a way in even through powerful and complicated computer systems. There are a couple of strategies that businesses can employ to reduce their vulnerabilities:
Run mock attacks
Various organisations run mock attacks, with or without the knowledge of their IT security specialists. This is with the aim of strengthening the integrity of their software and protections. These ‘simulation’ attacks help organisations to identify existing vulnerabilities in their cybersecurity infrastructure and address these weaknesses ahead of a real cyberattack.
Train employees for increased cyber-awareness
Raise cyberawareness in your organisation’ personnel to mitigate against attacks where key employees are bribed or blackmailed. Training and counselling of staff is an important means to monitor these vulnerabilities. There are also occasions when key information is simply left in public or otherwise insecure through sheer inadvertence. Cyber awareness training for all staff from the senior management team downwards is an essential tool to putting up barriers to attack. Staff should be encouraged to report a possible breach as soon as possible; to see IT security personnel as allies in how we protect ourselves from attack.
How to respond to cyberattacks: disaster recovery plans
The largest organisations have contingency plans and teams in place to react quickly to attacks on their IT systems and data. IT and security personnel, along with delegates from the C suites will be able to work closely and quickly to provide co-ordinated and pre-planned responses to minimise risk and disruption. Legal advisors will be called on to deal with the key legal points including:
- Advice on reaching decisions to mitigate risk or damage to services, reputation, customers and staff
- collaboration with other commercial organisations including competitors
- Liasing with regulators shareholders and financiers to keep relevant parties informed and gain support for key decisions
- Obtaining prompt advice on dealing in alternative currencies and respecting data protection and privacy rights
- Installing and operating back-up systems.
How to strengthen your business’ cybersecurity
Contact Mark Parkhouse, James Taylor, or your advisor if you would like to discuss implementing protection and contingency plans to deter attackers. Of course, if you suffer an attack we suggest that you contact us or your usual legal advisors immediately and bear in mind that the privileged communications with external legal advisors can be an important part of the tactics deployed to preserve business continuity.
Mark Parkhouse, Insolvency Solicitor