Cyber attacks and Civil Litigation

Posted by Emma Klieve

Brabners

Thu 27th, Jul

Over recent years, there has been an increase in the number of cyber-attacks with an aim of obtaining sensitive data. Previously this data was obtained through hacking, as in the 2015 attacks on the website Ashley Madison and network provider Talk Talk. However in 2017, the preferred method appears to be through the use of ransomware with the purpose of causing significant disruption and eliciting funds.

In May, a ransomware attack on the NHS demanded payment of $300, in cryptocurrency Bitcoin, in order to receive a decryption code and regain access to their own encrypted files. This attack was part of a global ransomware attack using malware called “WannaCry”, which infected systems by utilising phishing techniques to trick recipients into opening email attachments and exploiting a flaw in Windows software. This vulnerability in certain versions of the software had been identified by the National Security Agency (NSA) and was exposed to distributors of the ransomware through stolen resources. One month later, there was another ransomware attack on some of the largest companies in the world, this time the malware used was similar to “Petya”. In many cases, the ransom amount increased every hour if a user refused to pay. However, cyber security firms advise victims not to pay the ransom due to fears it could encourage further attacks and that there is no guarantee that all files will be returned intact.

As a result of the attacks, several members of the American House and Senate introduced a bipartisan Bill titled “the Protecting Our Ability to Counter Hacking (PATCH) Act” in America. The PATCH Act would create an interagency review board that will assess the vulnerabilities discovered by government agencies to determine when the government will retain the information and when warnings should be provided about the potential vulnerability of the system. In an increasingly-connected world, the passing of the Bill would require the government to at least consider the exposing of flaws. This reporting of vulnerabilities may reduce opportunities for cyber-attacks in the future by reducing the weaknesses in the software.

There is the potential for victims of cyber-attacks to become exposed to litigation following an attack, especially with the EU’s General Data Protection Regulation (GDPR) introducing tougher penalties for businesses where there has been a breach of data privacy. The significant disruption caused by these global attacks serve as a reminder of the requirement to take appropriate measures to protect their systems and ensure continuity of business. Businesses should also ensure that they have adequate insurance cover to protect them in the event of a cyber-attack.

Leave a comment

Comments...

Posted by Alexandr Lukin

"We are seeing dramatic growth in our viewership every month, including in cricket. hotstar tv movies

Post a comment