Law firm partner flags new year cyber-security risks
A partner at Lander & Rogers has weighed in on the threat of cyber-security breaches, with the new year period typically ripe for attacks.
Lander & Rogers partner Lisa Fitzgerald specialises in cyber security and has a firm grasp on just how damaging a breach can be for organisations.
“Technology ‘as a service’ is becoming increasingly common. However, legally binding digital contracts and instant-access systems and software mean the risk assessment undertaken by traditional procurement processes or legal advisers is often bypassed,” Ms Fitzgerald explained.
“With cloud, there is no waiting and no transfer of title that comes with hardware and our traditional concepts of ‘products’ and ‘goods’. If you have an internet connection, a range of cloud services are literally at your fingertips, at the click of a button or, more accurately, at the click of a click-through agreement.
“The safeguards of due diligence, comparing suppliers, negotiating terms and ensuring compatibility with other systems may be sacrificed leaving businesses exposed to risk that was previously managed within effective corporate governance structures.”
Unfortunately, Ms Fitzgerald said, human error remains a common problem when determining risks to cyber security. All too often individuals send emails to the wrong address or attach an unencrypted file containing personal, sensitive and/confidential information.
“In electronic format, that information is easily copied and distributed, and deletion of the file is essentially based on an honour system,” she explained.
“Ransomware-as-a-service (RaaS) is the most concerning cyberthreat. Like other ‘as-a-service’ models, it is an enabler. It is subscription-based and allows even ‘beginner’ cybercriminals to launch attacks expediently.
“In essence, it involves cyber threat actors working together – one identifying the target and data, the other supplying the malware and an intermediary collecting the ransom and splitting the proceeds between them. It is often referred to as a malicious franchise. Another description is ‘acting in concert’ or ‘joint criminal enterprise’.”
Ultimately the time is now to act on implementing effective cyber security measures, according to Ms Fitzgerald, who noted the festive season and new year period are traditionally times of year that are attractive to cyber criminals.
“Cyber criminals can attack at any time, but their impact will be greater if they catch businesses off-guard or when the stakes are high,” she said.
“Cyber criminals are not just dark web junkies – they are sophisticated and business savvy. They target times of year that provide the greatest leverage.
“For retail and online business, Christmas, Boxing Day and the early New Year are periods ripe for retail attack. No one wants to be brought to their knees during the biggest sales period of the year. It’s the perfect time to strike and make demands.”
Emma Musgrave
Emma Musgrave (née Ryan) is the managing editor, professional services at Momentum Media.
Emma has worked for Momentum Media since 2015, including five years spent as the editor of the company's legal brand - Lawyers Weekly. Throughout her time at Momentum, she has been responsible for breaking some of the biggest stories in corporate Australia. In addition, she has produced exclusive multimedia and event content related to the company's respective brands and audiences.
Prior to joining Momentum Media, Emma worked in breakfast radio, delivering news to the Central West region of NSW, before taking on a radio journalist role at Southern Cross Austereo, based in Townsville, North Queensland.
She holds a Bachelor of Communications (Journalism) degree from Charles Sturt University.
Email Emma on: