In 2018, one of the biggest threats to law firms is cyber-hijacking. If your data protection strategy is to be comprehensive it needs to include an awareness of the risks of cyber-hijacking, as well as a clear protocol on how to combat it.
What is cyber-hijacking?
Cyber-hijacking is a form of cyber attack, which is defined as a type of network security compromise where the hacker accesses a company’s system and takes control of a communication between two entities, pretending to be the company itself.
Whereas traditional computer hacking compromises company information and assets, cyber-hijacking also threatens to manipulate the company and even puppeteer their accounts, from social profiles to corporate communications.
As the Law Enforcement Cyber Center reports, no company is exempt from this risk. One example occurred when hackers demanded that Sony Pictures not screen the movie “The Interview.” When Sony didn’t meet the hijackers’ demands, they released embarrassing emails from executives, costing the company over $15 million.
Types of cyber-hijacking
There are various forms of cyber-hijacking. One form is known as the ‘man in the middle’ attack. Here, the perpetrator control established connections in progress. According to TechTarget,
“the attacker intercepts messages in a public key exchange and then retransmits them, substituting their own public key for the requested one, so that the two original parties still appear to be communicating with each other directly.”
This form of hijacking is often used to gain access to sensitive messages, or modify them.
Another form of cyber-hijacking is browser hijacking. This can occur in two ways. In one, the attacker will gain access to DNS records on a server, modifying them so that requests for the company’s site are redirected to a fake page that the attacker has created. This looks to the user as if the website has been compromised, when actually only the server is effected.
As the Law Enforcement Cyber Center note,
“in another type of web site hijack, the perpetrator simply registers a domain name similar enough to a legitimate one that users are likely to type it, either by mistaking the actual name or through a typo.”
The risk is that many users and clients will be unable to determine whether or not the misdirection has been caused by the business itself.
What’s the risk?
The consequences of cyber-hijacking can be severe. In 2004, computer hacking cost UK companies billions of pounds, and as Small Business reports, Richard Power, editorial director of the Computer Security Institute, stated that single instances of hacking may cost as much as $600,000 to $7m a day for online businesses.
Cyber-hijacking can also cause significant data loss and leakage, which for law firms can be disastrous. If your client information is compromised, your reputation will be tarnished and you could lose business.
Combatting the effects of cyber-hijacking retrospectively will also take up valuable time, particularly if you try to remedy the situation in-house, costing considerable amounts of employee time.
How to combat cyber-hijacking
As with any cyber security strategy, there are initial measures you can take in-house to prevent cyber-hijacking, such as resetting passwords and presenting credentials to account managers. However, if you want to ensure your company is protected from these risks by experts with all the specialism and technology required to prevent cyber-hijacking, contact us today on 020 3355 7334.