Skip to main content
|

Add a bookmark to get started

Bookmarks info
  • Home
  • Insights
  • Heightened cyber threats in times of crisis - be prepared
3 March 20227 minute read

Heightened cyber threats in times of crisis - be prepared

Written by:David SpratleyJordan DeeringRyan BlackRebecca von RütiStephanie WrightStephanie,Wright

The governments of both Canada and the United States have warned of increased cyberattack risk in light of tension in Eastern Europe and the spike in ransomware and other cyberattacks as a result of an increasing reliance on the internet for work-from-home and online commerce.

A recent open letter from the Canadian federal government states that: “Across the world, we have seen a marked rise in the volume and range of cyber threats - and Canada is no exception…we have seen a growing number of organizations targeting Canadian small and medium-sized businesses, healthcare organizations, utility organizations and municipalities.” Similarly, an advisory issued by the US Cybersecurity & Infrastructure Security Agency warns that “…[the] attack on Ukraine, which has involved cyber-attacks on Ukrainian government and critical infrastructure organizations, may impact organizations both within and beyond the region”.

Governments are urging businesses to be prepared to respond to disruptive cyber activity. While usually intended to benefit the malfeasor, they can also be used to disrupt commerce or for collateral purposes including the financing of criminal or unsanctioned activities (such as via Ransomware). Cyberattacks can have severe and far-reaching impacts, including: business downtime; permanent data loss; intellectual property theft; privacy breaches (a common impetus for litigation and class actions); reputational damages; and recovery costs. The risks associated with these incidents require a robust cybersecurity program in order to manage the fast-changing risk and remain in compliance.

Virtually all businesses, their suppliers and their customers are potential targets for cyber attacks as a result of today’s interconnected world.

Now is the time to prepare for disruptive cyber activity

Businesses should revisit security postures, policies, and procedures to ensure that they are protected against cyberattacks, have effective response plans in place, and are positioned to mitigate liabilities and ensure business continuity.

There are tools available that inform and assist businesses with drawing down risks, reducing impacts and taking preventative actions associated with cyberattacks. The Canadian Internet Registration Authority (CIRA) has published the CIRA Cybersecurity Awareness Training platform, including published results that help contextualize the role that cybersecurity can play in all organizations. 

Additionally, the Canadian Centre for Cyber Security has published the Ransomware Playbook that provides information to consider when articulating business and security requirements and implementing relevant policies and procedures related to ransomware and other types of cybercrime. The Ransomware Playbook recommends best practices for both prevention and recovery, including as follows:

Prevention

  • Develop your backup plan. Organizations should implement an offline backup process for their data. Backups that are not connected to your network or devices will ensure that a cyber actor cannot locate and delete your backups. Having segregated backup files available creates an increased chance of recovering and getting back to business faster if you are the victim of a cyber incident.
  • Develop your incident response plan. Organizations should develop an incident response plan that can help lessen the impact of a cyber incident. A response plan may include: developing a response policy that establishes authorities, roles, and responsibilities for the organization; establishing a cyber incident response team (including legal and forensic advisors); and ensuring that the organization is prepared to alert third parties such as clients and managed service providers that may be impacted by an incident. Having an effective response plan to minimize risk of cyber attack is the best defence if any litigation results from an incident.
  • Develop you recovery plan. Organizations should have a recovery plan that outlines how the organization will recover and resume critical business functions after a cyber incident. A recovery plan includes: ensuring that proper cyber insurance is in place; identifying key stakeholders who may need to be informed of a cyber incident; defining back up and recovery strategies; and engaging IT security specialists to weigh in on your response and recovery efforts.
  • Implement security controls. Organizations should implement and maintain layered security controls through their networks to protect security, confidentiality, integrity and availability of your networks, devices, and information. Some security controls may include: providing cyber security training to employees; implementing multi-factor authentication for organization devices; and ensuring that systems connected to the Internet are protected with encryption, firewalls, and frequent vulnerability assessments.

Recovery

  • Immediate response actions. If a cyber incident occurs, organizations should take immediate steps to respond. This can include: assembling and mobilizing your cyber incident response team; identifying the data and systems affected; containing the security breach; and reporting the incident to law enforcement and regulatory authorities.
  • Recovery actions. Once the immediate response has taken place, and an organizations devices are clear of any malware or virus, the recovery process should begin. This can include: implementing the organization’s backup plan; restoring your systems; engaging with cyber security professionals where appropriate; and informing affected stakeholders.

How We Can Help

Our multidisciplinary team of lawyers in Canada, the United States and internationally comprehensively advise on all issues surrounding cybersecurity, from implementing protective measures, through incident response and post-incident remediation. We work with businesses on overall strategy, cybersecurity, and practical policies, providing advice on breach response, communications, risk management and many other aspects of any dynamic and evolving situation.  For example, you can stay in touch with our privacy experts by following DLA Piper’s international Privacy Matters blog, including this recent piece on heightened cyber concerns: Ukraine Crisis - Heightened Cyber Threat - Be Prepared.

A comprehensive and well-orchestrated plan that strives to mitigate potential damages is the best defence in the unfortunate event of any post-incident litigation. Recent court decisions have maintained that, in order for a class action related to a privacy data-breach to be successful, there must be some evidence of “real proof of actual harm, whether of first instance loss or post-breach loss”. There needs to more than an allegation of future harm. Here are just a few of the ways that we can assist in preparing and responding to disruptive cyber activity:

  • Implementing protective measures. We can assist by ensuring that you have appropriate measures in place to manage cyber risk and respond effectively to an incident, preserve legal privilege, and mitigate potential litigation and reputational risks. This can include: supporting the design and implementation of corporate governance structures to protect companies and their directors; evaluating and enforcing cyber-liability insurance policies; and providing contract support for vendor and supply chain management.
  • Responding to an incident. We can assist by providing advice on reporting obligations to the relevant authorities, regulators, and individuals to remain in compliance. We can also provide strategic advice to contain and remediate adverse impacts on businesses and protect the impact on company brands.
  • Mitigating liabilities. We can help mitigate the impact of any claims or liabilities resulting from an incident. Our team includes employment, investigation and seasoned litigation lawyers that advise on a wide spectrum of issues relevant to data incidents, including: third party claims and potential class actions; director and officer liability; product and supplier liability; and where relevant, employee disciplinary action.

Our Data Protection, Technology, Privacy and Security group and our Litigation Class Action group creates a highly skilled team that brings a depth of experience in privacy and cybersecurity compliance as well as the advocacy skills to handle a cyber security incident of any size. Please contact us for additional information and follow Privacy Matters for more up-to-date developments.

This article provides only general information about legal issues and developments, and is not intended to provide specific legal advice. Please see our disclaimer for more details.

Related Capabilities

Data, Privacy and CybersecurityIntellectual PropertyLitigation, Arbitration and Investigations
Print
Legal noticesPrivacy policyCookie policyModern slaverySitemap

DLA Piper is a global law firm operating through various separate and distinct legal entities. For further information about these entities and DLA piper's structure, please refer the Legal Notices page of this website. All rights reserved. Attorney advertising.

© 2024 DLA Piper