A lawyer has weighed in on the threat of cyber-security breaches for businesses, with the new year period typically ripe for attacks.
Lander & Rogers partner Lisa Fitzgerald specialises in cyber security and has a firm grasp on just how damaging a breach can be for organisations.
Whilst COVID-19 has prompted many organisations to fast-track technology procurement to mobilise their workforces, bolster online presences and improve supply chain efficiency, Ms Fitzgerald noted there are still some areas where organisations are falling short.
“Technology ‘as a service’ is becoming increasingly common. However, legally binding digital contracts and instant-access systems and software mean the risk assessment undertaken by traditional procurement processes or legal advisers is often bypassed,” Ms Fitzgerald explained.
“With cloud, there is no waiting and no transfer of title that comes with hardware and our traditional concepts of ‘products’ and ‘goods’. If you have an internet connection, a range of cloud services are literally at your fingertips, at the click of a button or, more accurately, at the click of a click-through agreement.
“The safeguards of due diligence, comparing suppliers, negotiating terms and ensuring compatibility with other systems may be sacrificed leaving businesses exposed to risk that was previously managed within effective corporate governance structures.”
Unfortunately, Ms Fitzgerald said, human error remains a common problem when determining risks to cyber security. All too often individuals send emails to the wrong address or attach an unencrypted file containing personal, sensitive and/confidential information.
“In electronic format, that information is easily copied and distributed, and deletion of the file is essentially based on an honour system,” she explained.
“Ransomware-as-a-service (RaaS) is the most concerning cyberthreat. Like other ‘as-a-service’ models, it is an enabler. It is subscription-based and allows even ‘beginner’ cybercriminals to launch attacks expediently.
“In essence, it involves cyber threat actors working together – one identifying the target and data, the other supplying the malware and an intermediary collecting the ransom and splitting the proceeds between them. It is often referred to as a malicious franchise. Another description is ‘acting in concert’ or ‘joint criminal enterprise’.”
Ultimately the time is now to act on implementing effective cyber security measures, according to Ms Fitzgerald, who noted the festive season and new year period are traditionally times of year that are attractive to cyber criminals.
“Cyber criminals can attack at any time, but their impact will be greater if they catch businesses off-guard or when the stakes are high,” she said.
“Cyber criminals are not just dark web junkies – they are sophisticated and business savvy. They target times of year that provide the greatest leverage.
"It’s the perfect time to strike and make demands,” she concluded.
Emma Ryan is the deputy head of editorial at Momentum Media.
Emma has worked for Momentum Media since 2015, and has since been responsible for breaking some of the biggest stories in corporate Australia, including across the legal, mortgages, real estate and wealth industries. In addition, Emma has launched several additional sub-brands and events, driven by a passion to deliver quality and timely content to audiences through multiple platforms.
Email Emma on: [email protected]