Cyber Security Lawyer

Cyber Security Law

While nothing will make you 100% immune from a cyber attack…

… the single most important element of your security system is your own awareness of the threat.

To keep yourself and your business safe – at least as safe as is possible – you need to understand the risks, understand your own vulnerabilities, and remain vigilant. No matter who you are, you are at risk.

Understanding the threat means you take it seriously. Taking the threat seriously is the first step in protecting your customers, your employees, and your business in general.

Largest Data Breaches
in History

(identities stolen)

0
U.S. Dollars
Cost per Data Breach
0
New Malware Variants Discovered in 2016
0
%
Increase in Email Malware - 2015 to 2016
0
Identities Exposed per Breach - 2016
Get the Cyber Security Law Weekly, a publication from the Law Offices of Brian C. Focht, absolutely free, sent directly to your inbox every week!

Different Industries: Different Threats

cyber security in the hospitality industry

The hospitality industry, which includes hotels, restaurants, and other food service businesses, is a popular target for “opportunistic and financially motivated” hackers. The majority of the victims of cyber attacks in this industry are restaurants, often small businesses with no significant IT resources, but who routinely accept credit card payments for their services. As one would expect, Point-of-Sale attacks are the overwhelmingly most popular choice for attacks in this industry:

Top Cyber Attack Methods (2016)

Point-of-Sale Attacks 82%
Everything Else 4%
Payment Card Skimmers 3%
cyber security in education

Universities and other educational institutions are a popular target for hackers, most likely due to their large repository of Personally Identifiable Information and research-driven intellectual property. Interestingly, while not among the top three cyber attack tactics used against educational institutions in 2016, Cyber Espionage was in the top three methods of attack for successful breaches, suggesting that skilled state-actors are increasingly focusing their attention on America’s educational infrastructure.

Top Cyber Attack Methods (2016)

Denial of Service
Everything Else
Crimeware
cyber security in finance

A broad category of businesses that includes everything from financial analysts to insurance underwriting, there is one main element in common in this industry: control over money. As a result, it’s not too much of a stretch to figure out why these businesses would be a target for hackers. Unsurprisingly, nearly all cyber attacks against financial and insurance institutions are motivated by direct financial gain.

Top Cyber Attack Methods (2016)

Denial of Service
Web App Attacks
Payment Card Skimmers
cyber security in healthcare

The healthcare industry is a veritable treasure trove of information valuable to hackers. Medical records, usually organized in centralized databases or kept on laptops and tablets, have all the information needed to steal an identity. Focusing only on external actors, however, misses a significant threat – 24% of breaches in 2016 were motivated by personal curiosity.

Top Cyber Attack Methods (2016)

Privilege Misuse
Misc. Errors
Lost and Stolen Assets
Cyber Security Information Services Software Telecommunications Internet WiFi

With businesses ranging from software companies to telecommunications companies, cloud-based providers to online gambling, it’s not too much of a surprise to see that the most common attacks consist of attempts to disrupt service. As far as actual data breaches, attacks on the Information sector rely on a wide variety of attacks, making the attacks even harder to prevent.

Top Cyber Attack Methods (2016)

Denial of Service
Web App Attacks
Crimeware
cyber security in manufacturing

These are the companies that, per the Verizon 2017 Data Breach Report, “make stuff.” When you “make stuff, there is always someone else who wants to make it better, or at least cheaper.” As you probably imagine, it’s the information these companies have that hackers want. In fact, although only making up 18% of hacking attempts, cyber espionage accounted for 86% of all breaches – of which 91% of the data compromised consisted of industrial/trade secrets.

Top Cyber Attack Methods (2016)

Crimeware
Everything Else
Cyber Espionage
cyber security in government and public administration

The public sector is difficult to fully analyze, because it is a treasure trove of information. Unlike other sectors, most government agencies are required to report violations, which can create a lot of noise – the fact that a clerk had an unauthorized program isn’t likely to be something that would be reported in other sectors. However, like the Manufacturing sector, the data is interesting for what was tried (see chart), and what succeeded – cyber espionage was the most successful method of actually breaching a public network. Another scary statistic – 60% of the breaches took at least one year to be discovered.

Top Cyber Attack Methods (2016)

Privilege Misuse 35%
Lost and Stolen Assets 26%
Crimeware 24%
cyber security in retail

Comprised of both brick-and-mortar and online retailers, the Retail industry as a whole is a popular target for hackers interested in making quick cash. As far as the methods of attack, the prevalence of Denial of Service and Web App Attacks reveals that online retailers are likely to be much more aggressively targeted by hackers, and the most common way online applications are hacked is using customer credentials stolen as part of phishing attacks.

Top Cyber Attack Methods (2016)

Denial of Service 55%
Payment Card Skimmers 17%
Web App Attacks 9%

Different Industries, Different Obligations

The threats to respective industries are different, so it only makes sense that different sets of rules should apply. Knowing those rules – as well as who writes and enforces them – is essential for proper cyber security.

Healthcare

Most healthcare providers fall under HIPAA’s rules for securing personal information, but other federal and state regulations may apply in certain circumstances.

Financial

The Gramm-Leach-Bliley Act, and subsequent regulations from the FTC, govern the data security requirements for all “financial institutions” – a term that applies to more than just banks!

Legal

While industry-specific laws and regulations will apply to certain law firms, the most pertinent rules will be those promulgated by your applicable state bar ethics committee.

Contractual

Do you have additional obligations imposed by contract? It’s quite possible – especially if you handle data for a client or have a cyber liability insurance policy.

We Can Help Make Sense of It All!

Navigating the rules and regulations that apply to your business can be a legal and financial minefield. You need help from someone who understands the law that applies to your business and the nature of the threats you face. Contact us now to see how our experience can help your business.

So Let’s Get Started!

P.O. Box 18667
Charlotte, NC 28218

Phone: (980) 202-0704
Fax: (833) 202-0705