INDEPTH FEATURE

Cyber Security & Risk Management 2022

March 2022  |  RISK MANAGEMENT

financierworldwide.com

Click cover to download

(Subscriber-only password access)

 

Not a subscriber?

Click here to join the FREE mailing list and receive password access

The frequency and severity of cyber attacks have steadily intensified in recent years. Boosted by increasingly sophisticated tactics and the use of cutting-edge technology, malicious actors have prospered. In addition to the threats posed by cyber criminals, companies also face regulatory challenges. Maintaining compliance in a landscape where there is no universal standard across jurisdictions for data privacy and protection requires multinational companies to remain nimble. The process can be expensive and time consuming.

 

UNITED STATES

Guidehouse

“From a risk impact perspective, the environment remains the same, but the frequency of attacks has increased dramatically. Cyber criminals are still using phishing, ransomware and watering hole attacks to compromise their victims. The lack of patching, insecure IT platform configurations and untrained personnel continue to leave organisations’ cyber attack surfaces vulnerable to cyber criminals. Just as cyber defenders are leveraging artificial intelligence (AI) and machine learning (ML) to improve cyber security defences and detect malicious behaviour quickly, cyber criminals are using AI and ML to create more sophisticated cyber attacks while avoiding detection.”

 

CANADA

Norton Rose Fulbright Canada LLP

“Over the last two years, we have seen a significant change in the cyber landscape, both in Canada and globally. Following the sudden shift to working remotely in March 2020, many organisations had to implement new solutions and technology as quickly as possible. The increase in the number of cyber incidents seen in 2020 was not a temporary effect while organisations adjusted to a new work environment; instead, it has become a trend that has stabilised across Canada. In early 2022, we saw an increase in business email compromises where entire mailboxes have been synced to an external device.”

 

UNITED KINGDOM

S-RM

“Although the objectives of cyber criminals have remained constant – maximising profits while minimising efforts – cyber attacks over the previous 12-18 months have exemplified the increasing levels of sophistication among criminal gangs. Ransomware operators, who continue to pose the most prominent risks to organisations, have added new weapons to their arsenals to enhance the likelihood of receiving a payout. Tactics include leveraging double encryption attacks, in which victims’ data is encrypted with two or more, rather than a single, ransomware strains.”

 

FRANCE

Gibson, Dunn & Crutcher LLP

“The most important cyber risk that companies face today is ransomware attack. This risk is even more acute with the increasing use of mobile and personal devices by employees, and the availability of tools, kits and structures to carry out ransomware attacks. This trend has been reinforced by remote working practices which many organisations have had to rely on during the coronavirus (COVID-19) pandemic. As remote working has become more widespread, companies have been exposed to increased numbers of security threats deriving from remote worker endpoints and cloud jacking.”

 

BELGIUM

Gibson, Dunn & Crutcher LLP

“Companies continue to be exposed to traditional cyber threat attacks, such as phishing, ransomware, malware and insider threats. Approximately one third of successful cyber attacks involve phishing, and phishing is instrumental in two thirds of all cyber attacks. Phishing attacks are likely to continue as people increase their online presence, and the social engineering employed to steal user credentials becomes more elaborate. Cyber attackers are also developing sophisticated phishing attempts launched through cloud applications, which have higher trust levels from users and are therefore more effective.”

 

SPAIN

Aon Risk Solutions

“The current cyber risk environment is tremendously challenging. Digitalisation and digital transformation has accelerated during the coronavirus (COVID-19) pandemic, so companies are now even more dependent on software and data than before. The pandemic has allowed cyber criminals to increase their attacks against corporations worldwide. In Spain, cyber attacks increased 125 percent in 2021 compared to 2020. Criminals have taken advantage of new critical vulnerabilities, such as ‘Log4J’, to increase the number and impact of attacks. But the greatest risk has been, and continues to be, ransomware. In the first half of 2021, the number of ransomware attacks surpassed the number recorded in all of 2020.”

 

HONG KONG

Protiviti Hong Kong Co Limited

“The cyber risk environment in Hong Kong has been getting more dangerous over the past 12 to 18 months. Like the rest of the world, Hong Kong is seeing a significant increase in phishing and ransomware attacks. This increase is likely a result of the sudden need for remote working in response to the coronavirus (COVID-19) pandemic. Since February 2020, the working arrangements for many people have changed. Many individuals who were never required to use laptops or VPNs are now using them daily.”

CONTRIBUTORS

Aon Risk Solutions

Gibson, Dunn & Crutcher LLP

Guidehouse

Norton Rose Fulbright Canada LLP

Protiviti Hong Kong Co Limited

S-RM

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.