Without a doubt cyberattacks and data breaches are increasing and 2022 is likely to be a record-setting year of attacks around the globe.

Research out of the United States found that phishing and ransomware are the top two root causes for data compromises. In New Zealand, there were 350 or more reported cybersecurity incidents from ransomware to distributed denial of service events.

From our experience of recently helping organisations following a ransomware attack, the perpetrators are agnostic when it comes to their targeted victims in New Zealand; all types of organisations are vulnerable to cyberattacks – from not-for-profits and advocacy groups to health boards and privately-owned firms.

In some cases, a ransom demand is made; in others there is evidence of an infiltration, encrypted files and removal of files but no ransom note.

The attack may be extremely sophisticated, so the target and forensic consultants are unable to determine which files have been removed and what their risk of exposure is.

Our role in a data breach

Wright Communications has been asked several times in the past year to support organisations that have had data breaches or ransomware attacks.

Urgency is normally a top priority as the attack may have taken place up to days or weeks earlier and the organisation is peddling fast in many directions to manage the issue. Generally, a range of IT and forensic IT supporters are involved as well as insurance companies and insurance law specialists.

We use our reporting and listening skills to get to grips with the precise nature of the attack. We then quickly develop a stakeholder communications plan that addresses the needs of all stakeholders. An illegal data exfiltration from an organisation or business can impact a very wide range of stakeholders.

We provide advice on how to communicate the data breach to employees, customers, Board directors, and affiliated organisations.

Out next step is to draft media holding statements, releases, emails, and internal communications.

Given the uncertain nature of the attack, we often draft several media statements covering a range of scenarios, levels of public knowledge and levels of illegal file disclosures.

If customer, funder, or patient case files are impacted, phones calls need to be made and we draft talking points for those phone conversations.

Results

For commercial and privacy reasons, we are not able to disclose the names of organisations that we have supported. Mostly, they have managed their data breach well, have restored customer services and news of the breach has not reached the media.

Our key learning is that all organisations are vulnerable to ransomware and other data breaches whether they choose to pay a ransom demands or not. And most choose not to.

For SMEs and NGOs, maintaining a high level of cyber security can be expensive or cost prohibitive. But it should be as important to the organisation as health and safety standards and systems.

It is vital everyone continues to practice good cyber-hygiene, businesses and consumers, to help reduce the amount of personal information flowing into the hands of cyberthieves.