Whilst COVID-19 has prompted many organisations, including law firms, to fast-track technology procurement to mobilise their workforces, bolster online presences and improve supply chain efficiency, Ms Fitzgerald noted there are some areas where organisations are falling short.

“Technology ‘as a service’ is becoming increasingly common. However, legally binding digital contracts and instant-access systems and software mean the risk assessment undertaken by traditional procurement processes or legal advisers is often bypassed,” Ms Fitzgerald explained.

“With cloud, there is no waiting and no transfer of title that comes with hardware and our traditional concepts of ‘products’ and ‘goods’. If you have an internet connection, a range of cloud services are literally at your fingertips, at the click of a button or, more accurately, at the click of a click-through agreement.

“The safeguards of due diligence, comparing suppliers, negotiating terms and ensuring compatibility with other systems may be sacrificed leaving businesses exposed to risk that was previously managed within effective corporate governance structures.”

Unfortunately, Ms Fitzgerald said, human error remains a common problem when determining risks to cyber security. All too often individuals send emails to the wrong address or attach an unencrypted file containing personal, sensitive and/confidential information.

“In electronic format, that information is easily copied and distributed, and deletion of the file is essentially based on an honour system,” she explained.

“Ransomware-as-a-service (RaaS) is the most concerning cyberthreat. Like other ‘as-a-service’ models, it is an enabler. It is subscription-based and allows even ‘beginner’ cybercriminals to launch attacks expediently.

VIEW ALL

“In essence, it involves cyber threat actors working together – one identifying the target and data, the other supplying the malware and an intermediary collecting the ransom and splitting the proceeds between them. It is often referred to as a malicious franchise. Another description is ‘acting in concert’ or ‘joint criminal enterprise’.”

Ultimately the time is now to act on implementing effective cyber security measures, according to Ms Fitzgerald, who noted the festive season and new year period are traditionally times of year that are attractive to cyber criminals.

“Cyber criminals can attack at any time, but their impact will be greater if they catch businesses off-guard or when the stakes are high,” she said.

“Cyber criminals are not just dark web junkies – they are sophisticated and business savvy. They target times of year that provide the greatest leverage.

“For retail and online business, Christmas, Boxing Day and the early New Year are periods ripe for retail attack. No one wants to be brought to their knees during the biggest sales period of the year. It’s the perfect time to strike and make demands.”