Of all the scenes in James Cameron’s sci-fi film “Terminator 2,” there’s one in particular we’d like acted out in real like. The one where young John Connor uses a high-tech device to steal money from an ATM.
Free cash being dispensed at your local bank branch as in “Terminator 2” may be science fiction, but ATM hacks are really happening.
This week, a security company claims it uncovered an “unprecedented” number of cyber-attacks on a reported 100 banks, reports the BBC.
The security company, Russian company Kaspersky Lab, claims that first, hackers accessed the banks’ networks by sending spam/spoof emails to staff; then, the hackers manipulated ATM machines to dispense stolen money.
Europol director Rob Wainwright told the BBC the agency had, “issued warnings and intelligence to national law enforcement authorities and European banks through the European Banking Federation.”
“Reported infections in the EU are unconfirmed at this stage, although we are continuing to work actively on the matter.”
Largely out of the limelight, this attack was patient and planned. News sources are trying not to rattle the money market, but the attack was certainly one point for theft, zero for the economy.
“This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert,” one of Kapersky’s directors told the New York Times.
Corporate data security risks are only getting more frequent and more severe. In fact, the news is full of stories about major organizations (Sony, Target, Google, Ebay, Westinghouse, Home Depot, Neiman Marcus) being hacked, with the perpetrators stealing the financial and personal information of clients, customers and others.
While the malicious reason for an attack may not be apparent, one thing is clear: counsel must understand that traditional network security approaches are no longer enough.
Attackers are getting more and more sophisticated and organizations (including law firms) must prepare as if a data breach is imminent. Because it is!
A survey by the Ponemon Institute reports the average cost of cyber crime for U.S. retail stores more than doubled from 2013 to an annual average of $8.6 million per company in 2014. The annual average cost per company of successful cyber attacks increased to $20.8 million in financial services, $14.5 million in the technology sector, and $12.7 million in communications industries.
And, PriceWaterhouseCoopers found that this year is expected to see 42.8 million cyberattacks, roughly 117,339 attacks each day, after cyber-attacks skyrocked in 2014 by 48 percent from 2013.
It’s difficult to prevent cyber-attacks. Your law firm must get involved in prevention; developing good policies and practices to stop an attack once it occurs; practicing mock-breaches with your employees; and creating a public relations plan for your clients in the event your firm falls victim.
The threat may still seem like fiction for your firm, but it is already fact for others.
Try your best to avoid cyber-attacks by attending The Center for Competitive Management’s comprehensive webinar, “Mitigating a Data Breach: Proactively Planning For and Responding To a Cyber Attack,” Thursday, February 26, 2015, from 2PM to 3:15PM EST.
It explores real world data breach scenarios, practical tips for how to proactively plan and respond to a breach, discussion of regulatory enforcement activity and practical advice on:
- Proactive measures to ensure that you (and your clients) are ready in the event that a data breach occurs
- The kind of incident response plan that should be in place after a breach
- What to include in the plan and how to execute it
- How to apply the right blend of legal and IT responsibilities
- Appropriate breach reporting to state attorneys general, insurance carriers, customers, etc.
- The type of crisis experts you must have on file before a breach occurs
- Best practices for company response to lawsuits and investigations that often follow a breach
- Brief overview of a laws and regulations applicable to personally identifiable information – GLBA, HIPAA, State Laws on information security.