Starting in the Ukraine a new cyberattack – similar to WannaCry – has gone global. “Petya” has impacted organisations by encrypting systems and demanding a bitcoin ransom of $300 to decrypt the infected host. It continues the trend of cyberattacks that are now becoming mainstream media news due to their indiscriminate nature and catastrophic effects on organisations.
This latest threat in the ever evolving cyber security landscape also serves as a reminder of the multi-faceted exposures all organisations face, namely:
- IT security deficiencies; and
- The unpredictable fallibility of employees, who unintentionally open the door for organisations to fall victim
Lockton’s partner, Diamond Cyber Security, recently encountered a European variant of the Petya cyberattack. Their outlined technical position provides essential insight on how such attacks work. More importantly they also provide essential mitigation steps for organisations moving forward, which can be read further here.
How is this different to WannaCry?
In contrast to the previous WannaCry attacks, Australia has been impacted on arguably a more significant level with the Petya attacks. DLA Piper, TNT Express and the Tasmanian base of one of the largest confectionary companies in the world have all fallen victim.
The perception within Australia however remains one of relative isolation and protection. This is despite comments by the Prime Minister’s cyber security adviser that businesses cannot continue to rely on luck to avoid damage from the rising tide of global cyber security threats.
What we have learnt
Perhaps the most important take-away from Petya is it’s indiscriminate nature.
News of high profile victims, such as those outlined above, easily reach the media due to their public nature. There is however no way of determining how many SME Australian businesses may have been impacted by Petya and/or other similar attacks. It is easy for Australian organisations to be lulled into a sense of complacency if they are not seeing the direct impact of overt malicious hacking activity.
However, these cyber security attacks show an absence of evidence is not evidence of absence.
The impact on business
Costs associated with an organisation falling victim to the umbrella of a Ransomware attack can be broadly categorised as immediate and post event costs.
Immediate costs to an organisation can include:
- IT/Forensic investigation costs
- Extortion costs
- Initial legal advice
- Public relation costs
- Business Interruption costs
- Customer notification costs
- More general business/IT remediation costs
Post event costs can include:
- Third party litigation expenses
- Fines and penalties
- Long term loss of revenue and customers
- Damage to reputation
If you have fallen victim
The following is an example of what was seen by those who fell victim to an attack;
If you have seen this screen immediately contact your insurance broker or cyber insurer for further assistance.
Ultimately, organisations need to determine if faced with the above, are they prepared meet the initial, ongoing and consequential costs of such an attack.
Alternatively, a tailored and bespoke Cyber Insurance policy can provide protection for such losses. It can provide assistance for organisations suffering from an attack through a team of leading IT Experts, Lawyers, Public Relations and Credit Monitoring Specialists. Coupled with potential coverage for business interruption losses, fines, penalties and potential third party claims, it provides significant protection.