ARTICLE
21 April 2021

Litigation Outlook Blog Series: Cybersecurity

SS
Seyfarth Shaw LLP

Contributor

With more than 900 lawyers across 18 offices, Seyfarth Shaw LLP provides advisory, litigation, and transactional legal services to clients worldwide. Our high-caliber legal representation and advanced delivery capabilities allow us to take on our clients’ unique challenges and opportunities-no matter the scale or complexity. Whether navigating complex litigation, negotiating transformational deals, or advising on cross-border projects, our attorneys achieve exceptional legal outcomes. Our drive for excellence leads us to seek out better ways to work with our clients and each other. We have been first-to-market on many legal service delivery innovations-and we continue to break new ground with our clients every day. This long history of excellence and innovation has created a culture with a sense of purpose and belonging for all. In turn, our culture drives our commitment to the growth of our clients, the diversity of our people, and the resilience of our workforce.
As the global pandemic begins to show signs of waning, cyber risk is showing no such easing. In fact, in a recent survey, over 68% of business leaders reported believing that their cybersecurity...
United States Technology

As the global pandemic begins to show signs of waning, cyber risk is showing no such easing.  In fact, in a recent survey, over 68% of business leaders reported believing that their cybersecurity risks are increasing, despite their own mitigation strategies. Organizations in this coming year will continue to face a constantly evolving threat landscape and increasing threat actor sophistication. Catastrophic supply-chain breaches in 2020 have made organizations begin rethinking what devices, software, and hardware is trustworthy in their environments. While nation-state actors with significant resources appear to have carried out the recent major supply chain attack(s), even "script kiddie" threat actors are expanding their capabilities and improving their techniques. Several trends are on the horizon for this next year.  They are as follows:

Ransomware Is Evolving to Data Exfiltration and Extortion

Historically, ransomware focused on infiltrating organization endpoints and locking the organization out of their own data. While temporarily paralytic, organizations generally made it through those events by either paying the ransom, or recovering their data from disaster recovery or backup media. Tactics have changed for many ransomware threat actors, however, and now many seek to exfiltrate data in addition to deploying ransomware. They do this so that if an organization fails to pay the ransom amount, then they can fall back on the exfiltrated data to extort the organization. If the organization still fails to pay the new extortion ransom, the data is then leaked, usually on the Dark Web. In the first instance, effective incident management with experienced professionals is critical to managing your way through the incident. In the event of disclosure of data, there are also many issues that arise including potential disclosure of attorney-client communication, work product, trade secrets, and PHI/PII. Our prior blog post covers this specific situation in more detail.

Email Compromise Events Will Rise Along with Wire Fraud

Incidents involving threat actors gaining access to organizational email accounts will continue to rise in 2021. This increase can be attributed to password re-use, credential harvesting attacks, data leaks following a breach or extortion event, malware, phishing, smishing, etc. Motivation for these attacks typically involve obtaining information that can be used to facilitate other types of attack. Threat actors steal signature lines, email recipient metadata, prior dealing information, and payment information. This allows a threat actor to set up convincing-looking emails/invoices to perpetrate bank fraud. This comes in the form of requesting a fake invoice be paid or bank information changed. Unfortunately, this person-in-the-middle type attack often goes undetected by the legitimate employees involved. In 2021, organizations should focus on employee training to increase awareness, sophistication, and "cyber-suspicion" of their employees. Organizations will benefit from taking a closer look at their email system logging to ensure that requisite logs are available to conduct investigations following a business email compromise.

To review Seyfarth's full 2021 Commercial Litigation Outlook, click here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More