Addressing a cyber attack
As National Cyber Security Awareness Month draws to a close, the Data Security and Privacy Litigation team at Honigman reminds you that cyber attacks continue to proliferate. The number of attacks continues to grow, including a sharp increase in “ransomware,” where data is encrypted by a hacker until the victim agrees to pay a ransom to obtain the encryption key. The statistics in this area show the growing scope of cybersecurity issues :
- In 2015, over 150 million personal records were exposed, stemming from over 700 publicized breaches across the financial, business, education, government, and healthcare sectors (unpublicized or undiscovered breaches likely mean that millions more records were also exposed).
- In 2016, there have been nearly 800 breaches, with almost 30 million records exposed.
- The cost to companies to deal with data breaches continues to increase, with estimates of over $150 per lost or stolen record.
- The significant majority of cyber attacks now involve phishing (attempts to gather passwords or other login information) and hacking techniques.
- Ransomware attacks grew by over a third last year.
- The risks are not entirely external – nearly three-fourths of information security officers are concerned about employees stealing sensitive company information.
- Fewer than 4 in 10 global organizations claim they are prepared to handle a sophisticated cyber attack.
- Phishing attacks resulted in nearly 30% of recipients opening the malicious attachment.
Steps to Take to Help Address a Cyber Attack on Your Business:
- Have a plan in place. The worst time to try to develop an effective data breach response plan is in the midst of responding to a data breach. Developing an effective plan and testing it will allow your organization to respond to a data breach in an organized fashion that maximizes your chances of successful remediation.
- Follow the plan. All too often, when faced with a data breach, organizations fail to follow the plans they have in place, resulting in steps being skipped, and legal risks being unnecessarily created.
- Train your employees. Vigilance is key. Not only must you inform your employees of your organization’s plan to counter a cyber attack, but you should also train them to spot phishing attempts and other suspicious activity. Emails with unusual attachments, or asking for you to provide a password to unlock a file, may be part of a phishing attack.
- Don’t try to handle a breach yourself. As cyber threats grow, not only in number but in sophistication, the need for early involvement of experienced counsel (both legal and technical) is greater than ever. The initial responses to a threat can affect the outcome for your organization, and having experienced counsel involved early in the process can help guide those responses.
For help with these or any other data security matters, please contact one of our Data Security and Privacy Litigation attorneys.
 The various statistical information identified here can be found at the following locations: idtheftcenter.org, 03.ibm.com, msisac.cisecurity.org, symantec.com, nationalcybersecurityinstitute.org, and isaca.org.