ARTICLE
19 December 2017

Cyber-Security - The Ransomware Attack On The University Of Calgary

FL
Field LLP

Contributor

Field LLP logo
Field Law is a western and northern regional business law firm with offices in Calgary and Edmonton, Alberta and Yellowknife, Northwest Territories. The Firm has been proactively serving clients and providing legal counsel for over 100 years supporting the specific and ever-evolving business needs of regional, national and international clients.
Explore Firm Details
Kelly Nicholson was the Chair of this panel.
Canada Technology
Field LLP
Your Author LinkedIn Connections

Kelly Nicholson (Field Law) was the Chair of this panel. Panel participants were Linda Dalgetty (Vice President (Finance and Services), University of Calgary) and Justin Fong (Partner, Cyber-Security Division, Deloitte).
 
Justin detailed how cyber-attacks have risen to number five on the world's top threats list. As the data volume of our organizations increases, so too does our risk of attack. There are a number of different kinds of "hackers" (from casual limited attacks to advanced, persistent threats from hostile nation-states). Alarmingly, most cyber-attacks go unnoticed at first: it takes an average of 241 days to detect an attack and begin to respond.
 
In May of 2016, the University of Calgary suffered a catastrophic ransomware attack affecting a number of key areas. Linda Dalgetty discussed the importance of utilizing your resources (including following insurance recommendations) and ensuring your board of governors is ready to respond in a timely manner. It cannot be assumed that everyone involved will understand the IT language and issues presented, and it is important to find a common language between parties in order to develop an effective response. She offered guidance on how to stay proactive and consistent in external messaging, and discussed the risk-balance approach that the University ultimately decided to take. For the University of Calgary, reputational risk was the most important component of their decision to pay the ransom. The nature of the University's research work meant a loss of data could risk the loss of an employee's lifetime of valuable research and development work.
 
Justin and Linda emphasized that there are a number of steps an organization can take to prepare for a cyber-attack and respond in a timely manner. In these situations, the first 24 hours are critical. Running regular, thorough assessments of your operational, reputational, and financial risks will ensure you and your organization are not caught unaware by one of the biggest threats of the modern era.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Person photo placeholder
Field LLP
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More