Businesses hiring in-house attorneys and compliance officers need candidates who can do more than simply understand, interpret and implement specific industry laws and regulations; they also need to be prepared to meet today’s cyber-security challenges head-on. Cyber threats impact more than just the IT department; legal and compliance staffers play key roles in prevention, training and handling any potential fallout that can come with a breach or attack.
Looking back at 2017, businesses across industry lines were impacted by costly information security incidents. Here are four of the costliest attacks, and how they could have been prevented:
WannaCry Ransomware Attack
The WannaCry attack, which spread across the globe affecting computer users in more than 100 countries within 24 hours, was damaging and costly – to the tune of approximately $4 billion.
The attackers behind WannaCry sought to exploit a Microsoft Windows security vulnerability that Microsoft had identified and patched already. However, the
Having legal and compliance staff who could work closely with IT to verify users had installed the Microsoft patch right away could have limited the extent of the WannaCry attack.
Equifax Data Breach
The news over the summer that credit monitoring giant Equifax had experienced a massive data breach was shock and a wakeup call to other businesses. An estimated 143 million consumers were affected, scrambling to deal with the news that their social security numbers, birth dates, addresses and even details like driver’s license numbers had been compromised and were potentially in the hands of
Knowing the agency that was supposed to be guarding personal information was impacted by attackers should be a wake-up call for all businesses. While there is no guarantee that having more or different legal and compliance personnel on staff would have helped, it’s obvious that there was some sort of breakdown in policies and process that allowed the breach to occur. Hiring skilled legal and compliance staffers to interface with skilled IT professionals could help protect your business from being the next data breach news story.
Petya/NotPetya Ransomware Attack
Similar to the WannaCry virus, the Petya/NotPetya attack had a catastrophic impact on the businesses it affected, including FedEx and Maersk, who both estimated their lost earnings from the attack at a whopping $300 million.
The methodology behind this ransomware attack was similar to the WannaCry attack. Once the virus was on a user’s computer, it encrypted all of the user’s data, demanding payment before
Washington State University Hard Drive Theft
Finally, a different sort of attack impacted Washington State University when an unencrypted hard drive that included personal information for about 1 million people was stolen.
While the first three attacks listed in this article were made possible by technology vulnerabilities, the Washington State University breach occurred because the
Legal and compliance personnel usually play key roles in handling required state and federal government notifications, as well as notifying affected customers after data has been compromised. Because it’s impossible to completely prevent the loss or theft of hardware, having the right personnel on your team who can coordinate and handle required notifications can provide peace of mind knowing you’re meeting your obligations under the law.
Need Legal and Compliance Cybersecurity?
For an employer creating or adding to an existing internal legal or compliance department, understanding the risks of
If your company needs