Accessibility Links

Cat and Mouse Game

Posted by: Laurence Simons 13/06/17

Quite a few tears were shed after the recent WannaCry hack that held computers to ransom by completely locking the user out and removing access to their files. The only way to regain control of the computer was to pay bitcoins to the hacker with no guarantee the device would actually be unlocked.

While the stealing and ‘hacking’ of information has been going on for centuries, stealing data via the internet and networks is a more recent and growing problem. Businesses are not prepared for attacks like WannaCry and other data and privacy intrusions.

Aaron Simpson is the managing partner of the London office of Hunton & Williams who focuses on privacy and cyber security. He estimates that only 20 percent of business are as prepared and protected as they can be against cyber threats.

President of Hunton & Williams LLP's Centre for Information Policy Leadership, Bojana Bellamy finds this percentage rises when the criteria is relaxed. She says up to 70 percent of businesses have incident responses in place but only 20 percent have a full plan which includes retained counsel, retained forensic, retained PR and full cyber security insurance. 

For those with low to no protections in place, Aaron says the very first step a business should take is to develop an instant response plan. Doing this requires a business to think about all the potential issues, put them in a document and summarise their approach. 

Aaron advises that having this document is invaluable as the GDPR reporting requirements and timings are intense no matter how you define them. 

The GDPR was put in place to deal with the escalating risk of cyber-attack. While attacks can come from anywhere, Aaron thinks that nation state issues are much more prevalent today than they were just ten years ago. 

Previously it was lots of low hanging fruit type mistakes, lost laptops and financial crime like stealing credit card details. This still goes on and will always go on. 

What Aaron is now seeing is nation state hacking as essentially war through cyber-attacks. Smaller nation states can’t fight a real battle with the United States or others but they can with computer hacking to a disproportionate effect.

Bojana also warns not to discount industrial espionage and opportunistic attacks via easily preventable thefts of laptops and lost hardware like USBs.

Of course, the real value is in the data. The whole concept of data theft reminds Aaron of a famous American bank robber. 

‘In the early twentieth century America, there was a famous bank robber named Willie Sutton and they asked him "why do you rob banks?" He said, "That's where the money is" And the same is true today, right? The world has changed, we live in the Information Age and data is currency.’

Aaron points out that anyone can take this stolen data and sell it, there’s entire markets in the dark web for all sorts of stolen information, and so it's certainly the case that that is a huge motivator for a lot of people.

But, who is winning the war between hackers and those getting hacked? Aaron says it’s a game of cat and mouse because a lot of the bad guys used to be good guys. The technology is an arms race and there's no reason to believe that it's ever going to change…

If you are one of those 80% of businesses that aren’t fully protected, Hunton and Williams provides bespoke and expert advice regarding cyber threats, development of privacy policy and the effect of the upcoming GDPR. 

You can view Aaron’s profile here and Bojana’s here. 

If you’re looking to recruit a data privacy professional or make a move within the sector you can contact the Laurence Simons team here or browse our latest jobs here. 

 
Add new comment
*
*
*