Legal Implications: Cyberattacks!

Legal Implications: Cyberattacks!

Technological advancements drive us to new frontiers. The internet has opened many new doors for companies, allowing them to grow and succeed in unprecedented ways. However, every major advancement has its share of risk. The weekend of May 13th -14th 2017 marked one of the clearest examples of how vulnerable users are to those that have mastered cyberattacks. The malware “wannacry” or “wannacrypt” was the biggest cyberattack on record affecting more than 200,000 victims in over 100 countries. Government agencies, private companies and individual users are all among the victims of this recent attack. Wannacry is the newest ransomware that merges freezing of files with use of online currency. It locks down a user’s computer and encrypts all of the files located in the system while demanding a payment of 300 dollars in Bitcoin to regain access to the files.

Security analysts have stated that the malware is traveling through the internet and infecting networks that have a Microsoft Windows weakness known as “Eternal Blue.” Windows launched a patch back in March of 2017 to fix this potential weakness, but as this previous weekend shows, many companies and government agencies have not kept up with the updates suggested by Microsoft. Among the victims are Hospitals in the United Kingdom that were forced to postpone important patient procedures to avoid putting human lives at stake.

As of this moment, there is still mass confusion in the world as to how to effectively counter this kind of threat. Given the potential negative impact this kind of ransom could have on major companies, experts warn everyone to update their Windows system to make sure the weakness is no longer present in your system. This however will only guard against this specific attack. Cyberattacks have been shown to increase in complexity and coordination as time goes by. As a result, it is imperative that companies take all security updates seriously, and take any and all preventive measures to ensure their systems are safe from cyberattacks. It is critical that IT professionals have secured systems to guard its files, as well as regular secure backups on different servers where files may be recovered in the event of an intrusion.

Legally speaking, at this point, it is hard to say whether the attackers are criminal organizations, criminal individuals, or hostile foreign states. If these prospective “defendants” are ever identified, it may be hard to recover assets from those groups. But with increased hacking and ransomware, it is incumbent on businesses to make sure they are using commercially reasonable efforts to guard their client/customer information with suitable precautions. There are many instances now where large businesses (and the government) have had data breaches compromising private data. Arguably, institutions who fail to take reasonable precautions to guard private data could become liable for damages to those victims. In most civil negligence claims, a criminal act can cut off liability to a plaintiff, but if criminal activity is foreseeable, it might change the game.

Buche & Associates, P.C. is a law firm specializing in proprietary information and technology. The attorneys of the firm handle civil tort and intellectual property litigation. Article by Jorge Zamora, J.D. candidate University of Houston, and John Buche, J.D.