INDEPTH FEATURE
Cyber Security & Risk Management 2023
April 2023 | RISK MANAGEMENT
financierworldwide.com
Click cover to download
(Subscriber-only password access)
Not a subscriber?
Click here to join the FREE mailing list and receive password access
Every day, companies face a litany of cyber-related threats – from malicious external actors to negligent employees to vulnerable third parties. Threat vectors continue to evolve, becoming ever more sophisticated. Ransomware, phishing and social engineering are among the most common methods employed by cyber criminals, and companies must be on high alert if they wish to repel them. Thankfully, many boards and C-suites are alive to these challenges. Awareness of cyber risk is growing and thus greater resources are being diverted to improving defences. The role of the chief information security officer has been elevated. Use of cyber insurance is on the rise.
UNITED STATES
Hogan Lovells US LLP
“Today’s major cyber threats include ransomware and extortionware, cloud-focused attacks and the evolving threat of how new technologies and targets can be used by attackers. Attackers have evolved from historical encryption ransomware to either a ‘double extortion’ threat of also holding data hostage or skipping encryption and solely threatening to release data if extortion demands go unpaid. As many small and medium-sized enterprises (SMEs) continue to transition to cloud and software as a service (SaaS) offerings, these organisations often fail to appreciate the need to securely set up the offerings.”
CANADA
Norton Rose Fulbright
“Human error remains the primary vulnerability. Despite strong technical safeguards that an organisation may have implemented, we continue to see users as a vulnerability to major cyber threats. Common examples include clicking on malicious links, not following company policies by setting weak or reused passwords, removing data from designated protected locations, failing to verify suspicious requests before carrying out their instructions and so on. Human error opens up the floodgates to lurking threats ranging from malware designed to encrypt systems across the enterprise to social engineering tactics that trick users into divulging funds or sensitive information.”
UNITED KINGDOM
Ankura Consulting Group, LLC
“Ransomware remains the top threat to organisations in the UK. Indeed, we saw a resurgence of ransomware in Q1 2023. Attackers not only continue to encrypt valuable data and demand ransom payments for unlocking the data, they are also extorting victims to avoid publishing stolen data in the public domain – so called ‘double extortion’. Phishing and social engineering remains another top threat due to the increased sophistication of the malicious campaigns that these threat actors use to trick users to divulge sensitive information or install malware.”
FRANCE
Gibson Dunn & Crutcher LLP
“Many companies are regularly subjected to phishing attacks targeting their employees with emails containing fraudulent links designed to convince the recipient that the sender is a trusted business partner or client in order to make that recipient click malicious links, communicate sensitive information, provide access to the company’s network and so on. These attacks are becoming increasingly sophisticated and powered by accurate information, making it more likely that employees will fall victim to such an attack. Another major threat is ransomware.”
SPAIN
Aon Spain
“The main threats companies face today are those they are least prepared for. It is pointless having an elevated level of security for part of the risk if companies leave the door open for another. As we know, 100 percent protection is impossible. There is currently a lot of talk about ransomware as it has been the main attack vector in recent years and the trigger for companies becoming more aware and concerned about the risks related to the use of technologies. We must not forget that one of the main ways of accessing a company is through its employees. Here, protection largely depends on a trust-based decision and not on a physical and objective protection measure.”
ITALY
Hogan Lovells
“European Union Agency for Cybersecurity (ENISA) reports show that 59 percent of notified incidents have been caused by system failures, whereas 29 percent were caused by malicious attacks. Often, vulnerabilities are hidden in the supply chain. A common mistake is underestimating the assessment and contract negotiation process during the procurement phase, especially when relying on a supplier for information and communications technology (ICT) or critical functionalities, or when multiple processes are concentrated in one supplier.”
SINGAPORE
Norton Rose Fulbright (Asia) LLP
“Ransomware is one of the riskiest cyber threats companies face today. With the rise of ransomware and prevalence of cryptocurrency, threat actors have found a way to monetise cyber attacks, thereby creating a financial imperative. The vast sums of money involved have also led threat actor groups to become more specialised and advanced, as we see these groups using increasingly sophisticated tools and techniques in their attacks. These groups are also believed to operate with tacit approval or even at the behest of certain states, often sharing intelligence and information with state intelligence agencies, placing them out of reach of traditional law enforcement efforts to combat transnational crime.”
SOUTH AFRICA
CMS RM Partners Inc
“There has been a rise in companies being targeted by cyber criminals through ransomware, business email compromise (BEC) and phishing attacks. With ransomware attacks, cyber criminals prevent or limit a company from accessing its systems by infiltrating its computer networks and encrypting files. The cyber criminal then demands a ransom payment to reinstate the company’s access to its systems. BEC scams are typically orchestrated through email messages that appear to emanate from known sources making legitimate requests, whereas the source is likely a cyber criminal.”
CONTRIBUTORS
Ankura Consulting Group, LLC
Aon Spain
CMS RM Partners Inc
Gibson Dunn & Crutcher LLP
Hogan Lovells
Norton Rose Fulbright