Even though ransomware attacks dominate cyber law headlines, businesses should still guard against simple attacks
Successful ransomware attacks have increased considerably in prevalence with the advent of remote working, with such attacks making up the majority of cybersecurity incidents over 2020 and 2021. However, they’re not the only cyber attacks businesses should be concerned about, cyber law experts warn.
“Business email compromise is still a significant threat for businesses, leading to invoicing fraud. We tend to see this pick-up in volume during busy times of the year, where targets are more likely to click through without questioning, say, a phishing email,” said Kieran Doyle, who leads the cyber team at Wotton + Kearney.
He points out that while phishing attacks are simple, they are also very effective; thus, businesses need to watch out and prepare for them. MinterEllison partner Paul Kallenbach echoes this sentiment, noting that as per MinterEllison’s Perspectives on Cyber Risk 2021 report, phishing remains the most common method by which cyber attackers try to obtain company data.
And it’s not just companies that need to be careful – while the adoption of tech has been hugely beneficial to the profession, law firms also need to be mindful of cyber threats, as recent ransomware attacks against global firms have demonstrated.
“Ransomware has increased in prevalence during the last 18 months – attacks against big and small businesses. You could say that this is the second pandemic of the last 18 months, which the government and opposition are now looking to address,” Doyle said.
In particular, ransomware with exfiltration capability has posed challenges for organisations everywhere.
“The threshold issue of whether to pay the ransom is challenging enough without the overlayed complexity of potentially stolen personal information,” Kallenbach said.