New Wiper Malware Highlights Threat to Law Firms and Consultancies

DLA Piper's breach by the Petya malware should be a wake-up call to companies that deal with sensitive information. Among large corporations, some protection is common – but is it enough, and how can smaller businesses manage this threat?

Last week, DC-based law firm DLA Piper was hit and disabled by the Petya malware, taking their email and other systems offline from 27 June to 3 July. While the firm had good controls in place allowing early detection and containment of the problem, leading them to assess that client data was not breached, this should be a wakeup call for DLA Piper’s peers.

Companies dealing with sensitive industrial information – like consultancies and law firms – have been targets of industrial and state-level espionage for decades. These firms tend to be smaller, and more data-driven than most companies. And in many cases, they don’t have the sorts of policies in place that helped DLA Piper avoid catastrophe. They also tend not to bounce back from serious attacks: according to the The Ponemon Institute, the average cost for a small firm to recover from a major attack is $690,000. Many small businesses close their doors within 6 months of a major incident.

Governments and industry should work together to improve the cyber resilience of small businesses. Whether it’s a leading law firm that manages the intellectual property of key economic drivers, or the small-town manufacturer that may grow into an international business with time, every company is a data driven company with key assets that are vulnerable online.

Large companies can dedicate resources to participate in information sharing regimes and maintain relationships with government and industry cybersecurity communities. But smaller companies have less availability for formal arrangements, and instead are often going it alone, with guidance from government and industry groups. In the US, the Small Business Administration and National Institute of Science and Technology (NIST) have developed some resources to help, but these are limited. In other countries, resources are even harder to come by. Industry should work with governments to help coordinate policies that drive cybersecurity across the economy, support small and medium enterprises, and build collaborative security practices that can be easily integrated to small firms’ IT policies.

Related Articles

Channel News Asia: How Video-Streaming Platforms Feed Hate and Sow Divisions and What We Can Do About It

Channel News Asia: How Video-Streaming Platforms Feed Hate and Sow Divisions and What We Can Do About It

This article was originally published on Channel News Asia on 19 September 2021. Any story about terrorism usually begins with...

20 Sep 2021 Opinion
UK Prime Minister, Boris Johnson, Lays Groundwork for Domestic Reform Agenda

UK Prime Minister, Boris Johnson, Lays Groundwork for Domestic Reform Agenda

Following Wednesday’s PMQs, Boris Johnson revealed his first major re-shuffle of his senior ministerial team. Johnson made use of this...

17 Sep 2021 Opinion
Digital Latam

Digital Latam

The September edition of Digital Latam takes an in-depth look at the latest digital developments in the leading regional markets....

15 Sep 2021 Opinion
Access Alert: First “Anti-Google Law” Passed in South Korea – Who Regulates the Digital Gatekeepers?

Access Alert: First “Anti-Google Law” Passed in South Korea – Who Regulates the Digital Gatekeepers?

On 14 September, 2021, the proposed amendments to the Telecommunications Business Act (TBA) – more affectionately termed the “Anti-Google Law”...

14 Sep 2021 Opinion