Victims of Cyber Attacks Lawyer Up
It's no secret to anyone in IT that the number of reported cyber attacks is on the rise. And while victims have historically avoided at all costs disclosing the fact their systems were penetrated, some now have to do so.
The result, The Wall Street Journal reports today, is that many victims are hiring law firms or seeking legal counsel so they can invoke attorney-client privilege. I'm not a lawyer or an expert in compliance but my first thought was: "really?" In one of several such examples cited by the Journal, Nationwide Insurance disclosed a breach in which customer records were accessed. Nationwide reported the breach in compliance with new state laws and under strong urging by the Securities and Exchange Commission that they do so.
The FBI investigated further, even while class action suits were
filed on behalf of customers saying that Nationwide failed to
protect their information. In response, the insurance giant
hired the law firm Ropes & Gray and then declined to comment
further, citing the litigation.
While companies need to act in the best interest of their shareholders and customers, clamming up is a dual-edged sword. Certainly disclosing more information has its own risks but hopefully companies like Nationwide are quietly sharing information with the proper authorities that can help better protect themselves and others, as President Obama ordered back in February in his State of the Union Address.
The number of breaches disclosed over the past two years has increased 40 percent, according to accounting firm KPMG, the Journal noted, adding that hackers have penetrated 681 million records between 2008 and 2012. I obtained a copy of the KPMG report, which also noted that 60 percent of all incidents reported were the result of hacking.
The report does show an encouraging development: the healthcare sector, which just a few years ago accounted for the highest percentage of data loss incidents (25 percent) saw that drop to just 8 percent last year. It looks like health care providers are doing something right.
With the recent spate of attacks, such as last week's Spamhaus distributed denial of service (DDoS) attack reported Friday or the recent and quite significant strikes I noted back in March:
We're under siege purportedly by the Chinese, Iranian and Russian governments. Organizations including the Federal Reserve Bank, The New York Times, NBC News, Apple, Facebook, Twitter, heck even Microsoft itself, have all recently sustained cyber-attacks.
As the President noted in his State of the Union Address, "We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy."
As long as we continue to fight back, IT needs to contend with the fact that hackers and cyber-terrorists will only get smarter and find new ways to attack our systems. So what are you doing or what do you feel needs to be done? Drop me a line at [email protected].
Posted by Jeffrey Schwartz on 04/01/2013 at 1:15 PM