Cyber Attacks: Trends to Watch For

Cyber-crime is experiencing a golden era and it's not just remote working or digital transformation that is to blame. Cyber-criminals can inflict large scale damage on companies without ever setting foot in them.

We are seeing a lot of activity in the ransomware, phishing and extortion spaces at the moment. It is no longer just about fraud and theft.

Very recently, double and even triple extortion are the crimes of choice. Double extortion is where cyber criminals exfiltrate a victim's data in addition to encrypting it. Triple extortion goes a step further and involves criminals approaching a victim's customers or suppliers and demanding a ransom by issuing data leak threats.

Cyber-crime is experiencing a golden era and it's not just remote working or digital transformation that is to blame. Cyber-criminals can inflict large scale damage on companies without ever setting foot in them. Cyber-crime is a business and the safe haven problem for criminals is a key challenge.

In practice, we see significant advantages for clients who have resilient cyber security postures and who cooperate closely with law enforcement as police agencies, including the Gardaí, they have access to global policing intelligence that can help.

For instance, in a case Matheson recently advised upon, we received very helpful code from the Gardaí that they in turn obtained from the FBI, that assisted our client to disrupt a cyber-attack. In this case, it helped enormously that our client had a well-practiced incident response plan and was quickly able to identify key security information in the hours after the attack was confirmed.

Recent law enforcement successes

The amount the FBI managed to retrieve ($2.3m) of a reported $4.4m ransom payment in the Colonial Pipelines breach in June 2021

The number of global cyber-attacks in 2021

Initial steps in the wake of a cyber-attack

In the heat of the first hours of a cyber-attack, all eyes are on business continuity and shutting down cyber-criminals' access to compromised systems. This task is extremely challenging when businesses are locked out of their own systems. Pair this reality with time sensitive notifications to affected individuals and legal authorities, and you have the perfect storm.

Key risk factor

The human factor is a key weakness for any business that trusts people to manage its data. The majority of cyber-attacks we advise on are triggered by an employee clicking on a malicious email. Thanks to remote working and digital transformation, attack surface areas have increased and are a honey pot just waiting to be ravaged by cyber criminals.

An evolving insurance market

Geopolitical factors such as Russia's invasion of Ukraine have driven some players in the cyber insurance market to the view that they are excluding state backed cyber-attacks from cover on the basis that they are an act of war.

Late last year, pharma group Merck succeeded in a US court claim that a war exclusion should not be applied to its losses in the 2017 NotPetya malware attack. Russia and its government were blamed for the NotPetya attack that scrambled data from the computer systems of companies in more than 60 countries.

So, the lesson here is to read the small print in cyber insurance policies carefully and ask yourself if you can live with the exclusions based on your organisation's cyber risk profile.

If you do one thing to prepare for a cyber attack, what would it be?

An unannounced, lights out, simulated cyber-attack.

There is nothing like a simulated cyber-attack to help business leaders experience the impact of what it means to lose control of an organisation's most precious asset - its data.

In addition to reviewing our cyber security resilience, what else can we do in advance to prepare?

  • Understand the stakeholders you need to notify and whether any time limits apply. The Data Protection Commission, the Gardaí, sector-specific regulators such as the Central Bank and commercial partners are likely to be on the list.
  • Know what data your business holds, where it is stored, who has access to it and what security controls are in place to protect it.
  • Identify swim lanes in advance and ensure that the response team knows their role, duties and responsibilities ahead of time.
  • Talk to all external advisors in advance and involve them in your unannounced simulated cyberattack.

"We find that clear and timely communication with stakeholders is key to restoring trust and confidence in the victim organisation in the wake of a cyber-attack. Stakeholders including the Data Protection Commission and the Gardaí understand that organisations are the victim of a serious crime – what really matters is how an organisation responds to a cyber-attack"

Deirdre Crowley, Technology and Innovation Partner, Matheson LLP