Overview of Cybersecurity Incident
The managing partner of this professional services firm approached our firm, explaining that several outward bank transactions had been effected fraudulently to hackers bank account abroad, aggregating to over €300,000. On inspection, client realised he had acted on instructions contained in an email received from other professionals requesting transfers on behalf of their clients and that these emails had been manipulated by the hackers, having already gained access to client's system for several days.
First Response
A coordinated response to a hacking incident involves two concurrent actions. While our cybersecurity lawyers mobilised with the Cybercrime Police in Malta and in the countries where the hacker's banks were situated, our cybersecurity engineers scrambled on-site immediately, focussed on scanning the IT systems across various offices of the hacked firm, performing penetration testing to ensure identified vulnerabilities and exploits are closed to prevent any further damage.
Followup Action
Further work was carried out to ensure the security of the IT systems of the client company. Furthermore, our lawyers advised on the reporting obligations of such incidents to the supervisory authority, namely the Information Commissioner, within the time frames required by law. We assisted client with the documentation of the incident, of the findings of the various inspections and penetration test, and of the handling and response to the cybersecurity incident to evidence preparedness as well as real action to mitigate damage to the firm and to clients. We are also assisting client in likely identification of the hackers and the pursuing of criminal action against them.
Outcome
With the short emergency response time offered by our cybersecurity lawyers and our integration with lawyers on the ground in over 170 countries, we were able to catch the funds within the hacker's bank before they were paid out to the hacker. We are thrilled at this result as statistics show that such success stories are very rare.
Had things gone Wrong
- Confidential data can be stolen or leaked leading to reputational damage and regulatory responsibility.
- Business data could be encrypted for ransom.
- The hacker could still be in the system without the knowledge or awareness of the client and preparing for the next fraud.
Lessons Learnt
Prevention is better than cure. Preventive cybersecurity audits, both legal and technical, as well as real-life testing in the form of penetration testing can save time, money, reputation and ensure business continuity.
Ensuring employees are trained to detect and identify unusual activity and transactions can significantly ameliorate the chances of recovering funds or assets, allowing an earlier response to the cyber attack. Acting promptly marks the difference between a successful and an unsuccessful cyberattack on the part of the attacker.
