ThommessenFlow Find people
Legal developments

Cybersecurity Update September 2022

Getty Images 1322201810

Compared to the amount of cyber related incidents in 2021, it has been a relatively quiet summer with respect to high profile ransomware-cases. Yet, our network of cyber experts observe an increased activity in certain areas.

News of ransomware attacks are ongoingly present in the media - the latest example of which is the ransomware attack against the Italian energy industry, for which a hacker group with links to Russia has claimed responsibility (link to Bloomberg article here). Further, statistics indicate a decline in the willingness of organisations to pay in the event of ransomware attacks, as well as a decline in the median ransom payment amount (link to report here).

What’s happening below the surface?

While things seem relatively calm on the surface, our network of experts observe an increased activity by ransomware and information stealer organisations using malware which appropriates valuable information, so-called "Stealer-as-a-Service". They also see an uptick in the amount of information brokers coming onto the market, including the re-emergence of web-based information broker forums, such as “Breached”, in the aftermath of the FBI and international law enforcements agencies’ shut down of “RaidForums”. These information brokers sell login credentials, company sensitive data, such as financial and intellectual property information, and extensive information about employees and their use of IT systems, the latter being used to replicate behavioural patterns in order to increase the success of future ‘phishing’ and cyber-attacks. While much of the collected and brokered data might be less legally relevant information in isolation, it’s value for the criminal networks lies in the aggregation of unprecedented data volumes. It is expected that the amount of ransomware cases, where the content and value of the stolen data will be crucial, will increase in the near future.

Adopting an assumed compromise approach

While increasingly a trend over the past few years, preventive cybersecurity measures have shifted towards an "assumed compromise" posture – a security approach that recognises the limitations of technical security measures and focuses on testing what damage attackers can do once they have managed to access your systems and network environment; even from an account with limited access . As such, from a regulatory, contractual and insurance policy point of view, organisations must demonstrate a high degree of preparedness against assumed compromise, which necessitates demonstrable legal legwork to mitigate damage and losses. This underlines the need for appropriate documentation, incident response plans and training, as well as an overview of regulatory and contractual obligations that may materialise both before and upon the occurrence of an attack.

Our legal services are developed in close collaboration with security experts and tailored to help you test your assumed compromise-preparedness with the right insights and the right legal and technical tools to do it.

Contact persons