Cyber Bytes banner RPC law

Cyber_Bytes - Issue 34

07 September 2021. Published by Richard Breavington, Partner and Daniel Guilfoyle, Partner and Ian Dinning, Senior Associate and Rachel Ford, Senior Associate and Christopher Ashton, Senior Associate and Bethan Griffiths, Senior Associate and Ridvan Canbilen, Associate

We hope you enjoy this latest edition of Cyber_Bytes, our bi­weekly roundup of key
developments in cyber, tech and evolving risks.

Cyber security professionals study analyses the effects of law enforcement involvement in ransomware attacks

A study by Talion, a branch of BAE Systems, has reported that 45% of cyber security professionals consider law enforcement involvement to detract from a speedy recovery from ransomware attacks. One reason suggested for this is that law enforcement mechanisms are viewed as insufficiently supportive, being more likely to tie up victims in legal red tape than to lend valuable expertise and assistance; particularly where payment of a ransom is being contemplated.

The #Ransomaware coalition suggests that the introduction of a clear legal framework available to those companies that fall victim to hackers might instead assist and aims to promote collaboration between organisations to mitigate the effects of ransomware attacks.

Click here to read more.

Cyber Insurance may become essential for small to midsized businesses

The COVID pandemic has been a key trigger behind the dramatic increase of remote working over the last year. It is no coincidence that 2020 also saw ransomware attacks rise in frequency by approximately 50%, in part as cyber criminals have taken advantage of the limited security remote working has to offer. Attacks of this kind have led to an estimated $4bn of losses in the last year, though predictions see this number rise to $28bn annually by 2027. In such a climate, where 45% of small to midsized businesses consider their cyber security levels ineffective and where 60% cease operations within 6 months of a data breach, an article by The Tech Register suggested cyber insurance may become a vital commodity in ensuring such companies don't meet this fate.

Click here to read more.

To combat modern and increasing cyber security threats we must create a Cyber Security Culture

For businesses that take online payments, the Payment Card Industry Data Security Standard (PCI DSS) requires various substantive security measures. With Hiscox identifying 43% of businesses being targeted by cyber criminals last year alone, the requirement to have extra measures in place seems sensible. In practice however, it is concerning that 31% of respondents to a SentryBay poll regard PCI DSS as too complex to comply with effectively and 24% criticise the processes as contradictory.

More than half in the same poll admit their organisation is either non­compliant or has previously failed an assessment. It appears that a wider dialogue on organisational cyber security culture may be needed, along with more support and guidance provided to businesses wishing to take payments securely.

Click here to read more.

Cyber supply chain organisations suffer more significant implications to security threats

An article on website Emerging Risks indicates that August's ransomware attack on software high­flyer Kaseya VSA has been considered the largest ever supply chain cyber­ attack, affecting over 1,500 businesses' IT networks. This demonstrates the extent of the detrimental impact that improperly secured third parties can have on cyber supply chains. It is not simply hacking that must be catered for, however, as infrastructure failures can yield similar practical and reputational repercussions. Business should be aware of the effects that supply chain breaches can pose in advance of any attack, so as to effectively mitigate the effects that may otherwise cause costly disputes with stakeholders, clients and insurers.

Click here to read more.

Vast majority of companies expect to fall foul of customer information breaches this year

Of those who responded to Trend Micro's report poll, 80% indicated that they expected to have their customers' information breached in the next 12 months. Part of the reason behind the rising predictions of data breaches is the shift in popularity from traditional to distributed networks that support the increased need for remote working but pose a more complex challenge for IT security. The result is that many organisations are fearful of their potential lack of ability to prevent or even detect cyber breaches and the effects these may have on their customers. Businesses will need to carefully consider whether they have adequate resources aimed at preventing and mitigating the results of attacks on their data stores, given the new ways of working.

Click here to read more.

Be prepared for an incoming wave of AI­targeting cyber­attacks

As the adoption of AI continues to accelerate, cyber­attacks manipulating AI systems are expected to follow a similar trend. An article by The Tech Register, records that the AI industry is alarmingly unready for the wave of coming real­world attacks against AI systems, according to the CEO of security research firm, Adversa. With public perception of how trustworthy AI is having a large impact on further adoption, it is concerning that Adversa's research shows that every "machine learning" model in the top 60 most commonly used models in the industry are prone to at least one vulnerability.

Given the high stakes involved when asking the public to trust "what is essentially a black box". it will not be possible to "bolt security on " according to Oliver Rochford, a researcher and former Gartner analyst. In order for growth of AI " to continue, these security concerns will need to be addressed.

Click here to read more