There’s no data volume too small to cost businesses over a million dollars when a cyberattack occurs. While ransomware and phishing attacks continue to be significant threats, the landscape is rapidly evolving, and businesses can ill afford to be caught on the back foot.
“We saw a breakdown in the threat actor marketplace when war broke out in Ukraine. It had a short-term effect of reducing [ransomware] events we were seeing on a global scale. At the same time, it also introduced many fractured smaller groups,” observed Mike Sarlo (pictured), chief innovation officer at HaystackID, a specialized eDiscovery services firm.
These minor cyber threat actors started aiming for smaller organizations, but they don’t operate with the same business acumen as larger criminal groups, Sarlo noted.
“Some of the rules of engagement have changed, where you don’t know that if you do pay the ransom, your data won’t be leaked on the internet or if you’ll get a decryption tool back. There’s a lot of uncertainty with who we’re dealing with as an adversary,” he added.
To help organizations tackle this dynamic cyber risk landscape, HaystackID has launched its new global advisory practice, consolidating the firm’s consulting branch to provide more comprehensive management for its corporate clients. The alternative cyber and legal services provider serves more than 500 of the world’s leading corporations in North America and Europe, including over half of the Fortune 100.
Sarlo explained the rationale for creating the global advisory group: “We began to find that our offerings – be it in privacy, information, governance, cybersecurity and incident response, or managed services – tended to have overlapping outcomes. Organizing into a single stream to provide our services is unique in the consultancy world. It’s allowed us to offer more holistic programs for our clients to tackle multiple offerings, often the same conversation.”
HaystackID’s industry experts and teams are organized into four dedicated practices. Together, the practices provide solutions for every aspect of an organization’s complex legal and cyber risk needs.
The cyber discovery and incident response services, led by Sarlo, arm organizations with end-to-end reactive capabilities to identify sensitive data during a cybersecurity incident. The knowledge enables organizations to respond to regulatory risk from personal data compromise.
The privacy and compliance group helps clients to maintain individual privacy rights, preserve data integrity, and comply with developing privacy regulations.
The global information governance advisory group empowers organizations to prepare for litigation, regulatory requests, and investigations through a comprehensive data strategy.
Finally, the enterprise-managed solutions group is HaystackID’s longest-running practice and offers programs to mitigate legal costs, systemic security risks, and increased scrutiny related to electronic discovery and compliance.
Additionally, six other specialty groups are offering cross-functional support: artificial intelligence and data science; cyber investigations and custom data solutions; digital forensics and expert witness testimony; enterprise systems and technology; reporting visualization and customization; and HaystackID’s ReviewRight services: technology and security.
“We lead the charge on best practices from a regulatory workflow and defensibility standpoint. We help clients create a defensible process because a breach today could be litigation two years from now. The way that we tackle these issues significantly reduces the risk of litigation downstream,” Sarlo said.
With data breaches costing organizations millions of dollars per year, businesses should be prepared not just from the cybersecurity front but for all scenarios, including legal repercussions. Cybercriminals are also constantly developing new tactics, malware, and encryption methods, of which businesses should stay one step ahead.
“Last year, the landscape evolved into organizations doing what we call ‘big game hunting,’ where different actors and subcontractors were all working to take down major targets,” Sarlo told Insurance Business.
“After the Colonial Pipeline (ransomware attack), we saw authorities on a global scale stepping up their response. These groups realized they needed to change their tactics. Their profile was too large, and the geopolitical risks for miscalculation became too high.”
This shift saw cyber threat actors temporarily set their targets on European and UK businesses during Q1 and Q2 of this year, but now things are switching back. “There was somewhat of a reprieve. We are seeing the activity rise significantly again,” Sarlo warned.
