BizTech Law Blog Banner

BizTech Law Blog

Cyberattack Highlights the Costs of Breach Response and the Need for Preparation
Posted by:

Cyber SecurityIt sounds like something out of a Hollywood screenplay: foreign hackers, possibly from Russia, induce an unsuspecting employee of a major utility company to click on an email attachment that is infected with malware, enabling the hackers to cripple the utility’s computer systems unless a ransom is paid. Unfortunately, this story is fact, not fiction.

You may have read about the cyberattack suffered by Lansing’s Board of Water & Light (“BWL”) in a recent Lansing State Journal (“LSJ”) article. The scenario described above, left BWL scrambling - and racking up a huge bill - to remedy a cyberattack that disabled BWL’s ability to communicate internally and with its customers. According to the LSJ report, BWL incurred costs nearing $2 million for technical support and equipment upgrades in the wake of the incident.

BWL’s experience holds important lessons for other businesses and organizations - the threat of a cyberattack is real and preparation to prevent and recover from an attack is essential. In other words, it is critical to have in place a well-designed breach response and business continuity plan. In a world of ever-increasing cyberattacks, preventative measures and mitigation techniques can be the difference between an enormous bill and a non-issue.

Yet, according to a study by the Disaster Recovery Preparedness Council in 2014, nearly 75 percent of companies are failing in their disaster readiness. That is significant, because as BWL learned, the cost of system failure or disruption is steep. Experts estimate that the cost of losing critical applications can amount to more than $5,000 per minute, a figure that doesn’t take into account lost productivity and damage to business reputation.

We will be outlining recommendations to improve disaster recovery preparedness in future posts, but a quick summary of tactics includes:

  • Identify risks to your IT systems and data, and take steps to reduce or manage those risks.
  • Develop a detailed disaster response plan that will mitigate damages.
  • Regularly update the plan as the systems you are trying to protect changes, and adapt your plan to the ever changing environment of risks.
  • Develop a set of User Acceptance Tests - a list of the functions that the business needs to operate - and stress test them.
  • Test critical applications more frequently to see if recovery can be achieved without significant downtime.

In today’s interconnected world, the threat of cyberattacks and data breaches is real. It is important that businesses and organizations are ready. This means installing preventative measures, developing response plans, and training staff, so that if (or perhaps when) an attack occurs, critical systems remain operational and the cost of remedial action is limited.

To take the first steps toward breach prevention and mitigation, or to evaluate the effectiveness of your current plan, please call us at 517.371.8238.

Authors

Categories

Recent Posts

Jump to Page

Foster Swift Collins & Smith PC Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek