The Schwartz Report

Blog archive

Victims of Cyber Attacks Lawyer Up

It's no secret to anyone in IT that the number of reported cyber attacks is on the rise. And while victims have historically avoided at all costs disclosing the fact their systems were penetrated, some now have to do so.

The result, The Wall Street Journal reports today, is that many victims are hiring law firms or seeking legal counsel so they can invoke attorney-client privilege. I'm not a lawyer or an expert in compliance but my first thought was: "really?" In one of several such examples cited by the Journal, Nationwide Insurance disclosed a breach in which customer records were accessed. Nationwide reported the breach in compliance with new state laws and under strong urging by the Securities and Exchange Commission that they do so.

The FBI investigated further, even while class action suits were filed on behalf of customers saying that Nationwide failed to protect their information. In response, the insurance giant hired the law firm Ropes & Gray and then declined to comment further, citing the litigation.

While companies need to act in the best interest of their shareholders and customers, clamming up is a dual-edged sword. Certainly disclosing more information has its own risks but hopefully companies like Nationwide are quietly sharing information with the proper authorities that can help better protect themselves and others, as President Obama ordered back in February in his State of the Union Address.

The number of breaches disclosed over the past two years has increased 40 percent, according to accounting firm KPMG, the Journal noted, adding that hackers have penetrated 681 million records between 2008 and 2012. I obtained a copy of the KPMG report, which also noted that 60 percent of all incidents reported were the result of hacking.

The report does show an encouraging development: the healthcare sector, which just a few years ago accounted for the highest percentage of data loss incidents (25 percent) saw that drop to just 8 percent last year. It looks like health care providers are doing something right.

With the recent spate of attacks, such as last week's Spamhaus distributed denial of service (DDoS) attack reported Friday or the recent and quite significant strikes I noted back in March:

We're under siege purportedly by the Chinese, Iranian and Russian governments. Organizations including the Federal Reserve Bank, The New York Times, NBC News, Apple, Facebook, Twitter, heck even Microsoft itself, have all recently sustained cyber-attacks.

As the President noted in his State of the Union Address, "We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy."

As long as we continue to fight back, IT needs to contend with the fact that hackers and cyber-terrorists will only get smarter and find new ways to attack our systems. So what are you doing or what do you feel needs to be done? Drop me a line at [email protected]

Posted by Jeffrey Schwartz on 04/01/2013 at 1:15 PM


  • Sync Issues Can Arise for PCs with Poor VPN Connections

    Microsoft this week reminded IT pros that PC connections through virtual private networks can sometimes lead to time synchronization issues, possibly causing reduced functionality for end users.

  • HoloLens 2 Borrows Its Killer Feature from Windows

    Turns out the secret to the HoloLens 2's success has nothing to do with holograms.

  • Microsoft Simplifying VPN Configurations for Its Video Streaming Services

    Microsoft this week announced that it is working on a more simplified way for an organization to leverage local end user Internet connections when accessing Microsoft Stream and Microsoft 365 Live Events video feeds.

  • Microsoft Previews MSIX App Attach for Windows Virtual Desktop

    Microsoft this week indicated in an announcement that the MSIX App Attach capability in the Windows Virtual Desktop service can now be tried via a preview of the Windows 10 Enterprise Multisession operating system.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.