Cyber attacks are inevitable, so a focus on resilience is vital - James McGachie
A ransomware attack involves the deployment of malicious software, or malware, designed to deny a user or organisation access to files on their devices. By encrypting these files and demanding a ransom payment for the decryption key, organisations are left with a stark decision which may give rise to tension between business, ethical and legal risks.
A September 2023 White Paper by the National Cyber Security Centre and National Crime Agency highlighted the evolution and adaptation of criminal gangs to survive what was described as “a climate of heightened pressure from government and law enforcement agencies”. A plethora of organisations have reported attacks in recent weeks, and research from global cybersecurity company Secureworks indicates that in more than 50 per cent of its incident response engagements, hackers managed to execute their malware within just 24 hours of breaking into the victim’s computer network.
Advertisement
Hide AdAdvertisement
Hide AdWith Microsoft’s 2023 Digital Defence Report showing a 200 per cent rise in human operated ransomware attacks, and indication that 80-90 per cent of such attacks have their origins in unmanaged devices – for example, through “Bring Your Own Device” policies in the workplace – and the cost of cybercrime anticipated to hit a staggering $10.5 trillion by 2025, the importance of cyber resilience is brought into sharp focus.
A September 2023 cyber seminar hosted by DLA Piper, with input from Nortal, brought together multiple sectors to consider current challenges and solutions, emphasising the need for robust resilience on the part of all businesses. The ability of an organisation to protect, detect, respond to, and recover from cyberattacks will contribute to its preparedness, which is particularly relevant where personal data has been compromised by a malicious actor. The first step in building cyber resilience is consideration of a pragmatic “when, not if” approach to ensure development, and regular rehearsal, of a thorough cybersecurity policy supported by guidance from advisors with forensic, legal, and public relations expertise. Craig Kennedy, Head of Cyber Risk at Nortal, said:
All too often, the impact of cyber disruption is compounded by an ineffective response to the crisis. This can materially exacerbate the legal, regulatory and operational consequences of a cyber attack, and cause significant reputational damage. The best prepared businesses will invest in proactive cyber resilience ahead of time to ensure that a swift and effective response can be mobilised to mitigate any cyber threats encountered. Failing to prepare is preparing to fail as no business could reasonably expect to successfully manage the plethora of issues that inevitably flow out of a cyber crisis without prior planning.”
Such steps are increasingly viewed as essential by regulators, insurers and customers, and in the private equity world cyber assurance is considered a key component of any due diligence exercise.
The inevitability of cyberattacks mean that focusing on cyber resilience is imperative. Investing time and resources in cybersecurity will generate valuable returns in minimising the risk of a successful attack, and mitigating the commercial consequences when an incident does occur. Regular dissemination and familiarisation with incident response policies and procedures, including tabletop “fire drills”, is critical. Rehearsal of key decision making – including posture with regard to ransom payment – long in advance of an incident ensures the best possible response, providing a thorough rationale to be exhibited to relevant stakeholders to justify particular decisions. Being able to demonstrate preparedness where such incidents do arise is essential in the current climate.
James McGachie is a legal director, DLA Piper