These days, everyone is talking about cyber security. The topic was trending last year on Census night when the Australian Bureau of Statistics was forced to pull down its website as a result of a series of “distributed denial of service” attacks. Earlier in the year, Prime Minister Turnbull had announced that our reliable source of weather information, the Bureau of Meteorology, experienced a cyber attack in 2015. The PM softened the blow by unveiling $230 million of funding for a national Cyber Security Strategy.
Maybe because we don’t speak the language of cyber security – lawyers often make the dangerous assumption that IT professionals are best left to deal with cyber risks. But, as I explained in my post on cyber resilience, lawyers need to take a leading role in maintaining security in the digital age. Lawyers are desirable targets for cyber attacks and stand to lose a lot from a successful breach. In-house practitioners have an added burden: in their role as corporate gatekeepers, they are expected to stay active in mitigating risks for their organisations – and that includes cyber risks.
|Cyber security||The systems and processes used to protect computer networks from being attacked, disrupted, accessed without authorisation or otherwise damaged.|
|Malware||Short-hand for “malicious software”. It is a broad term that refers to a range of software programs developed to attack computer systems.|
|Ransomware||A type of or way of using malware for extortion purposes. When used for this purpose, it is common for the malware to lock a computer system. The target of the attack then needs to pay money if they want to access their computer system|
|Scareware||Another fraudulent tactic involving the use of malware. Here, the attacker will threaten the target, which is then tricked by the malware into buying software that is unnecessary or even harmful.|
|Trojan||A type of malware that borrows its name from the story of the Trojan Horse in Greek mythology. Just like the horse, the Trojan disguises itself as legitimate software that should be invited onto a computer. The target is then tricked into downloading the software, which is, in fact, harmful.|
|Virus||Another type of malware. Similarly to the use of the word in the medical context, a virus needs human action to spread.|
|Worm||Unlike a normal virus, a worm can reproduce without human intervention. It does so by exploiting weaknesses or ‘vulnerabilities’ in the operating system of a computer.|
|Distributed denial of service attack||This type of attack occurs when a large number of computers make simultaneous requests, with the aim of overwhelming a target system (like a website). A trojan is often on the scene to rally the computers involved in the attack.|
|Redundancy||Additional capacity in a computer network above what is needed for normal operation. The purpose of building redundancy into a network is to provide a fallback option if the network is unavailable for some reason. A bit of redundancy might be helpful if you’re facing a distributed denial of service attack.|
It Doesn’t End There
Understanding the terminology and the common forms of cyber attacks are the first steps in recognising any intrusion warning signs. Obviously, there’s much more to learn about cyber security than this short list of terms, but it’s an important first step. Lawyers in particular need to be proactive about understanding cyber risks and building cyber resilience for their businesses and their clients, due to the nature of their job as trusted advisors and protectors of privileged information.