One of the most prominent ones is the security of companies’ IT systems since, in a hyperconnected world, chances to fall prey to a cyber-attack multiply.
So, it does not come as a surprise that while crime in general has decreased in the past few years (19.4% decrease from 2019 to 2020 according to the Spanish Ministry of Foreign Affairs), cyber-delinquency has been on the rise. Figures have not stopped growing since the beginning of the Covid-19 pandemic, which due to lockdowns and teleworking created an ideal environment for cybercriminals to scale up their activities.
Moreover, despite the notion prevailing among the general public that cyberattacks are usually only directed against large corporations, the actual data presents quite a different picture: According to Verizon’s “2019 Data Breach Investigations Report”, 43% of victims to cyberattacks were small and medium-sized businesses, which shows that cybercriminals seek to profit from the lack of protection of companies with few – human or material – resources, a lack that renders them especially vulnerable.
Furthermore, contrary to what people generally assume, cybercriminals do not only attack computers: routers, mobile phones, multimedia players, smart TVs and similar digital devices are also a popular target.
Of course, cyberattacks do not only put in danger companies’ assets such as trade secrets and company secrets, the personal data of staff, client and supplier information etc. but, once there has been an attack, a company’s reputation and intangible assets also suffer, for example the trade marks the company uses in commerce.
The most common cybernetic attacks include:
- Attacks on data stored in the cloud;
- Attacks against payment engines;
- Ransomware attacks;
- Phishing attacks;
- Malware (viruses, trojans, worms, etc.);
- MITM (man-in-the-middle) attacks; etc.
It stands to reason that this scenario calls for a new kind of specialist lawyer, someone who is an expert in digital transformation and is versed in information technologies and cybersecurity. This is because, although traditionally everything related to IT system security has been handled by IT departments, due to the changes in legislation and the continuous increase in cybernetic risks, lawyers are becoming ever more important when it comes to working alongside IT staff to assist them with the following:
- Preventing attacks (action protocols and employee training);
- Locating attacks (locating the security breach and identifying potential losses);
- Responding on an internal basis to attacks (reporting to the police, informing clients and suppliers of the security breach); and
- Responding on an external basis to attacks (processing clients’ and suppliers’ complaints, cooperating with the authorities).
As far as the external response to cyberattacks is concerned, prosecuting a cybercrime is not an easy feat: It is hard to locate the offender physically, the trail of the cybercrime fluctuates and disappears quickly and, by and large, the Internet provides too much anonymity. This is why the assistance of an expert in the field is an essential ingredient in an effective approach against these attacks.
In addition, cyberattacks should always be reported. If no complaint or police report is filed, the incident is never notified to the authorities (i.e., police and courts). This implies that the cybercriminal sees no consequences to his/her actions and may very well become a repeat offender.
Reporting an attack will not fall on deaf ears: Spain’s national law-enforcement agencies have specialised units to combat cybercrime, which boast top experts and cutting-edge technologies. Furthermore, our judges are becoming more and more accustomed to prosecuting this type of offences, so that reporting an incident does make a difference.
Indeed, cybercrime and cybersecurity are a very present future. They are increasingly important and compel us to be ever more prepared. As more sophisticated technology becomes available to cybercriminals, IT professionals, lawyers, legal authorities and society at large must be all the more prepared to combat this blight to protect our most valuable data as well as our financial resources.