“There are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.”
Former FBI Director
We’re pleased to introduce a newly created strategic partnership between Campolo, Middleton & McCormick, LLP and Flexible Systems to fully service the business community’s legal and technological needs when it comes to cybersecurity. We seamlessly work together, and with you, to help you recover from an attack and plan for remediation; assess your unique legal risk, obligations, and reporting requirements; reduce your risk of falling victim to a cyber attack in the first place; and give you valuable peace of mind.
Learn more about how we work together to handle critical cybersecurity matters in this real-life case study.
Method of attack: Spoof email
How they did it: A client fell victim to a phishing attack by unknowingly downloading malicious software from a spoof email. The software allowed the attacker to penetrate the client’s system and access all incoming and outgoing emails. Eventually, the hacker came across emails calling for a wire transfer of significant funds to be made in connection with an upcoming transaction. The hacker then sent an email – which appeared to come from one of the client’s senior executives – to the company that was supposed to wire the funds to our client. The email contained fraudulent wire transfer instructions in an effort to trick the company into wiring the funds to the hacker’s account rather than our client’s account.
The damage: Fortunately, the company who had received the fraudulent wire instructions sensed something was off and contacted our client before wiring the funds. While the loss of significant funds was averted, the client’s sensitive corporate materials had still been in the hands of the hacker for months.
The response: The client called CMM immediately upon discovering the attack. As a strategic partner, CMM contacted Flexible right away and entered into agreement whereby the parties would work in concert in response to the attack, with CMM directing Flexible with regard to the legal issues involved. (Such an arrangement can help preserve attorney-client privilege should the attack ever become the subject of future litigation.)
Flexible deployed a response team the very same day to ensure the client’s systems were locked down, mitigate against further data breaches, and analyze the attack vector to create a timeline and investigation report detailing exactly what happened, how, and when.
This investigative information was crucial for CMM to then analyze and advise the client on what, if any, legal reporting obligations exist. CMM determined that the client would need to inform its primary regulator of the breach and worked with the client to meet their legal obligations without causing undue alarm.
The takeaway: Many business owners and executives believe they are “too smart” to be fooled by spoof emails and other ploys that hackers use to gain control of your data. Others believe that data breaches affect only major public companies with millions of customers, or small mom-and-pop businesses with owners too naive to properly safeguard their data. But in this case, the victim of the cyberattack was a sophisticated, mid-size technology company led by some of the most brilliant minds in the industry – demonstrating that no one is immune to a cyberattack and that businesses must remain vigilant and proactive.
After the dust settled in this case, CMM and Flexible continued to work with the client to conduct a more thorough risk assessment and strengthen their cyber defenses from both a technical and policy standpoint.
Contact us today to see how we can help you.