Published on April 1st, 2022 📆 | 5676 Views ⚑
0Law Firms Warned of Heightened Cybersecurity Threat Amid Russia’s War
After a raft of debilitating Western sanctions on Russia and the exodus of global firms from Moscow, Russia-originating cyber attacks are a growing concern concern among law firms, as the war delivers the loudest reminder yet to both firms and their clients that they must be prepared.
Given the increased friction between Russia and the West could put firms at risk, said Peter Craddock, a Brussels-based partner at Keller & Heckman focusing on privacy and cybersecurity.
âCoupled with the sanctions, this has put a bigger target on Western organizations and authorities than previously, simply because thereâs that potential for retaliation,â he said.
He stressed that the current crisis is a âclear reminderâ that organisations should be prepared.
âIt doesnât matter if itâs in this context â the war in Ukraine â or another context; it is going to happen,â he said. âSome of the biggest attacks we had over the past year, Colonial Pipeline for instance, had nothing to do with world events. They were just interesting targets.â
Craddock noted that law firms can be particularly interesting given the sensitive material they tend to hold, such as business dealings, confidential processes shared with law firms for evaluation, or upcoming transactions that could affect share prices.
âAll sorts of confidential information is being shared with law firms on a daily basis,â he said. As such, they have must put in âa significant effortâ to ensure their systems are properly tested and stay up-to-date.
Finally, Craddock said it was important to keep aware that even when a business is not directly targeted, the fallout can still cause indirect impact through the supply chain or infrastructure.
Examples such as the NotPetya virus unleashed by Moscow against Ukraine in 2017 quickly spread around the world, infecting multinational companies such as global shipping company Maersk, pharmaceutical giant Merck, and FedExâs European subsidiary, among others.
In Italy, Stefano Mele, a partner at Gianni & Origoni specializing in ICT, privacy and cybersecurity law, said that the risk at this very moment is low, with Russia occupied by real armed conflict, but warns that there is a real risk of future danger, such as retaliatory attacks.
âIf the financial market crisis, the heavy sanctions imposed and the fact that multinationals are abandoning Russia are considered, different risks for European companies can be underlined,â he said. âIn this context, the risk of cyber-attacks by Russia and its proxies is high, especially in response to economic sanctions,â he said.Â
According to Mele, European private and public entities are particularly at heightened risk.Â
âIndeed, an increase in economic extortion to generate revenue to compensate for economic impacts should be seen, as well as retaliatory attacks that are focused on inflicting widespread or targeted economic harm and other disruption,â he said.
The Italian partner also emphasized that risks can spread through a supply chain: âIt is important to highlight that the consequences of cyber-attacks can affect also the suppliers of the attacked actor,â he said.
Mele agreed that law firms are at the forefront of supporting and advising companies in dealing with cybersecurity incidents, particularly in terms of privacy, IT and cybersecurity.
He noted that it is often the âfrantic hours following a cyber-attackâ that require prompt but careful attention, advising on companiesâ and boardsâ obligations and supporting decision-making which needs to be made and implemented in a very short time frame.
The digital borderless nature of cyber issues also means, as Mele noted, that firms providing advice in this area, such as Gianni & Origoni, must increasingly assist clients not only in the compliance with the national and European cybersecurity regulations, but in concert with major national and multinational players and considerations.
In Germany, lawyers at Noerr said the German Federal Office for Information Security (BSI) reported an increased âabstractâ risk, rather than specific risk associated with the war, but this has nevertheless prompted clients to seek advice on preparation measures.
âWe havenât seen any increase of cyberattacks in the last three weeks, and we do not have any indications that it will go that way,â Daniel RĂźcker, a Noerr partner specialised in data protection and IT law, said.Â
âThereâs this abstract increased risk, but it hasnât been realized, at least, so far â it may change any day,â he said. âNevertheless, weâve received requests from clients who saw the BSI warning and are seeking support for dealing with cyberattacks, should they occur, as best as possible.â
In that sense, RĂźcker saw this as a positive response from business, as, in general, many (but not all) companies still have much work to do in improving their cyber resilience.Â
âOften, there is quite some room for improvement,â he said.Â
In that respect, law firms are able to support businesses in various capacities regarding cybersecurity.
âYou need guidelines on all the relevant legal aspects, and this is what we are currently doing for several clients,â RĂźcker said. âA framework is necessary, which includes employees being instructed on each and every aspect and on how theyâre supposed to act in certain scenarios. Such as a data breach policy, which outlines, in detail, strict guidelines, step-by-step.â
âYou can plan for these scenarios, and you can plan communication strategies, at least on a high level,â he said.
Gloss