Ransomware, a method of electronically attacking corporations and individuals by holding their data hostage, has gained massive popularity amongst hackers in the last several years. Ransomware is the first form of malware to present the threats of both the destruction of important data and the economic harm the loss of that data can create. Ransomware attacks will continue to increase in scope and severity in years to come, necessitating continuous vigilance.
In essence, ransomware acts by taking data that is of value to an entity but not deleting it. The ransomware acts as a figurative glass wall, allowing the owner of the data to physically possess that data but not access it. This is accomplished by implanting a virus on the owner’s hard drive, usually by means of an infected link in an email or other innocuous-looking document. Once the link is clicked, the ransomware works by encrypting the entire storage system. The hackers then threaten to destroy the data unless a ransom is paid.
2017 saw some of the worst ransomware attacks to date, escalating exponentially in size and gravity over previous years. According to a study by the Kaspersky Lab, over 479 million attacks occurred from online sources during the first quarter of 2017, up by over 250 percent from years past. These attacks ranged across countries and industries, and plagued corporations of all sizes.
To read the full text of this article by Duane Morris attorneys Anjali Kulkarni and Joseph M. Burton, please visit The Bar Association of San Francisco website.
Corporate America and companies around the globe are spending vast amounts of money trying to keep up with all sorts of threats in this new digital age. So, how are companies really doing?
Unfortunately, not so well. Indeed, according to PwC’s 2017 Digital IQ Survey, as reported by PR Daily, barely more than half of IT executives from the US and 52 other countries reported that their companies have a “strong digital IQ.” This is down from 67 percent so reporting in 2016, and 66 percent in 2015. Continue reading Tech Acumen: Many Companies Falling Behind
Most of us are aware that our personally identifiable information, like our credit card numbers, are at risk when retailers are hacked. However, there may be even greater risks. Indeed, the U.S. government has issued a recent warning about a hacking campaign targeting nuclear and energy sectors. Continue reading Are Nuclear and Energy Sectors at Risk of Hacking?
Duane Morris partner Joseph Burton was featured in a video on Bank Info Security on the impact of regulators involved in cybersecurity.
The Federal Trade Commission and the Federal Communications Commission are among U.S. regulators now starting to flex their muscles when it comes to enforcing cybersecurity standards, says Burton. What enforcement trends might we expect to see in 2017?
To view the video, please visit the Bank Info Security website.
The unprecedented cyberattack on October 21, 2016, which crippled many of the Internet’s most widely trafficked sites, should be a wakeup call for businesses about the potential for hackers to weaponize common Internet-enabled devices and cripple businesses.
The cyberattack was caused in part by malware directed to more than 10 million Internet-connected devices, including DVRs, thermostats and closed-circuit video cameras. It caused a distributed denial-of-service attack (i.e., service interruption) that hit in three waves. Dyn, an Internet services company that directs Internet traffic, reported that the attack hit all of its 18 data centers globally. Early reports show that the disruption may be responsible for up to $110 million in lost revenue and sales. Perhaps most troubling is that the group claiming responsibility said the attack is merely a dry run for much larger attacks.
Continue reading What the Recent Cyberattack Means and Ways Businesses Can Protect Themselves
Ransomware attacks are on the rise and expected to reach epidemic proportions. The most publicized attack took place this year at the Hollywood Presbyterian Medical Center when it was forced to declare an “internal emergency” after a ransomware attack locked down its systems. Businesses that are viewed as offering a combination of valuable data and weak security may be seen as attractive to attackers. Some attackers have strictly financial motivations while others may simply be in it for “the data.”
According to Cisco’s Midyear Cybersecurity Report, email and malicious advertising are the primary ways ransomware infiltrates a system. Businesses often pay the ransom but even when paid, files may be lost or altered in ways that could be devastating to the business.
Cisco reports that companies entering into M&A deals often do not conduct enough due diligence on the risk posture of the acquired business and realize their shortcomings after the deal is done, when it is too late to remediate problems or when it’s harder to do so because the networks are intertwined.
What can you do? Robust security is clearly the first step to prevent attacks and that begins with the creation of a comprehensive privacy and security roadmap that addresses high risk areas, compliance gaps and specific tactics for incident preparedness. It is important to involve experienced counsel at the outset to not only advise on the array of federal and state privacy and cybersecurity laws and help develop the policy but also to direct any security investigation so that consultants can report potential vulnerabilities to outside counsel to protect potentially negative findings from discovery in future litigation.
On September 7th, the Federal Trade Commission will begin its series of seminars on new and emerging technologies with a workshop on ransomware.
It seems like we constantly are hearing about Internet hacks and the stealing of personally identifiable information online. At this point, we use the Internet for so many positive aspects of our lives. Given that we inevitably are online, what are some steps that we can employ to keep our private information safe?
Here are just a few simple tips to keep in mind:
First, it is important to protect your credit card information. One way of doing this is to check and see that the website you are logging onto is secure. One thing to look for is whether the URL begins with HTTPS and not just HTTP. Also, it is important to log out of your customer accounts when you are done with transactions — especially financial transactions. Continue reading How to Keep Your Personally Identifiable Information Secure Online
Duane Morris is pleased to announce that Joseph M. Burton of the firm’s San Francisco office will receive a Burton Award for Legal Achievement at a gala ceremony to be held June 15, 2015, at the Library of Congress in Washington, D.C. This honor is given to only 35 authors selected from entries from the nation’s top 1,000 most prestigious and largest law firms. Continue reading Duane Morris Cybersecurity Lawyer Joseph Burton Receives National Legal Writing Award
Hack attacks have been in the news for a while. But the most recent headlines seem to indicate that hackers are far outpacing security efforts to contain them.
In the last week, we have learned that a major health insurer was compromised, possibly exposing the data of 80 million health accounts. Data relating to medical patients is very sensitive, and the number 80 million is staggering in scope. And there have been indications that other health insurers might be vulnerable, meaning that 2015 could be the year of health insurance hacks.
On top of that, we just learned that “Anonymous” hackers have attacked the website of the President of the European Parliament. So, this tells us that not only is medical information unsafe, but government officials are not able to protect themselves from hackers. Continue reading Getting Serious About Cybersecurity