This is a real story: A cyber attack at Christmas

I share a real story about a cyber attack I dealt with last year during Christmas, hopefully giving some useful information on how to deal with cyber risks during the holiday season.

A real story: A cyber attack at Christmas

A few days before the last Xmas, my phone rang as I sipped on my beer and reminisced with old friends at a pub. It was my criminal law partner, and he had urgent news.

One of our retail clients had just suffered a devastating ransomware attack, crippling their operations during the busiest time of year. Without hesitation, we sprang into action. In just 20 minutes, we were on a call with the client’s head of compliance, and within an hour we had assembled a team to handle the crisis.

For the next six months, we worked tirelessly to negotiate with the threat actors the payment of the ransom, advise our client on regulatory actions in over 40 jurisdictions, and protect their reputation. It was a frenzied, challenging, and unforgettable Christmas season.

The rise of cyber risk during the holiday period

As the holiday season approaches, businesses must be on high alert for cyber threats. The chaos and distractions of the season can make employees more vulnerable to cyber attacks, and with 95% of cyber attacks being caused by human error, it’s important to stay vigilant.

One of the biggest risks during the holiday season is the increase in phishing scams, which can lead to malware being downloaded onto victims’ computers and potentially allowing threat actors to launch ransomware attacks.  Also, public Wi-Fi networks, often unsecured, can also pose a risk to sensitive business information as employees travel and work remotely.

The holiday season is also a time of increased risk for retail businesses, as analysts have observed a 70% average increase in attempted ransomware attacks during the November-January period, a time when retailers are more likely to pay ransoms to avoid losing a significant portion of their income during their most profitable period of the year.

Overall, the Christmas season is a time of increased risk for businesses regarding cyber-attacks.  Most of the company’s employees are off during these days and which means that the level of protection is lower during a period of large volumes of transactions, especially in the retail business. 

You need to be prepared to react to a cyber-attack during the holiday season

It’s essential for companies to have an incident response plan in place and to test it through simulations of ransomware attacks.  The worst thing that could happen is discovering gaps in your plan during the urgency of a real attack or making panicked decisions like shutting down all servers.  To be ready to react to a cyber attack, it’s helpful to have access to external consultants with experience dealing with similar situations and who can provide prompt advice on the appropriate actions to take.

To better support our clients, we offer specific cyber attack response services, including:

1. Dedicated hotline email address available at the address databreachsupport@dlapiper.com ensuring availability for the first call of assessment of the case within four working hours that are meant from 8 am to 10 pm, Monday to Sunday, including bank holidays;
2. Assessment of the cyber attack and of the arising obligations in all the impacted jurisdictions both under data protection and cybersecurity laws, also through our legal tech tool Notify and our cyber law mapping report covering cybersecurity laws of several countries;
3. Management of the cyber attack and of the relevant obligations towards authorities and affected individuals in all the jurisdictions involved through a single point of contact and a dedicated project manager with the support of cybersecurity/data protection, litigation, and criminal lawyers of the DLA Piper offices and, in the countries where DLA Piper does not have an office, of the best friend law firms, also making sure that the criteria required under local laws to establish the legal privilege are fulfilled;
4. Support in the negotiations with the threat actor on the payment of the ransom, also assessing the compliance of the payment with the relevant laws;
5. Calculation of the potential sanctions in terms of regulatory fines, including GDPR and privacy-related fines, as well as claims, including class actions, also through our GDPR fine calculator that takes into account the criteria set out by the European Data Protection Board;
6. Assistance in dealing with the insurance company in case the company holds a cybersecurity insurance coverage, also with reference to potential disputes that might arise on the matter; and
7. Legal support in disputes with regulators and against affected individuals and suppliers arising from the cyber attack.

These services are just a few of those that we can provide in relation to a cyber attack, including a ransomware attack.  If you want to know more, please contact us.

On a similar topic, you can find interesting the article “Have board directors any liability for a cyberattack against their company?“.

Photo by Nahel Abdul Hadi on Unsplash