Posted In: Cybersecurity & Data Privacy & Cybersecurity & Data Privacy
Industry: Technology

Corporate TIPS: UPDATE - Cyberattack on Microsoft Demonstrates Importance of Incident Response

By Craig S. Horbus & Jarman J. Smith on October 1, 2021

October 1, 2021 Update: The original content of this blog was published in Brouse McDowell’s Corporate TIPS blog “Cyberattack on Microsoft Demonstrates Importance of Incident Response Plans” on April 28, 2021.

A wave of highly disruptive cyberattacks have rattled organizations, businesses, agencies and bureaucracies throughout the world. These kinds of attacks can continue to be expected as the frequency and impact of cyberattacks increase. For instance, between 2019 and 2020, cyberattacks rose by 62 percent worldwide.¹ No organization is safe from the risk of a cybersecurity incident, and it is not a matter of “if” an organization will experience a cybersecurity incident, but rather “when” an organization will experience a cybersecurity incident. Examining the response efforts of organizations that have experienced a cybersecurity incident can highlight the importance of conducting proper pre-breach planning in order to establish appropriate cybersecurity incident response procedures ahead of time.

Cybercriminals Exploit Microsoft Security Vulnerabilities

In 2021, tens of thousands of Microsoft customers, including many based in the United States (U.S.), fell victim to a cyberattack orchestrated by a group of hackers from China known as Hafnium. Businesses and government agencies in the U.S. that use Microsoft’s email service were affected as the hackers launched an aggressive attack that initially began back in January of 2021. The hackers escalated their attack between the end of February and March 3, 2021 to reach at least 30,000 Microsoft customers in response to Microsoft’s move to repair its exploited vulnerabilities.² Motivated by fear that the attack could have far-reaching impacts on even more consumers, public officials issued an emergency warning that urged federal agencies to patch their systems.

The hackers exploited vulnerabilities in Microsoft’s Exchange program, which is the company’s mail and calendar server. Exchange has a broad range of users, including many small businesses, local and state governments, and even some military contractors. The cybercriminals were able to steal consumer data, including emails, and install malware to survey the activity of their targets by exploiting a bug that allowed them to access email servers without a password.

To escalate the attack, the hackers later used online stealth tactics to weave together multiple vulnerabilities of Exchange to impact a broader group of victims. The cybercriminal group targeted as many victims as it could, even large credit unions, as it exploited flaws that were previously unknown to Microsoft.

Microsoft worked closely with the U.S. Cybersecurity and Infrastructure Security Agency, other government agencies, and independent cybersecurity companies to handle the aftermath of the attack and provide mitigation for its customers. When the attack on Microsoft was disclosed, a multitude of additional hackers not affiliated with Hafnium began exploiting the exposed vulnerabilities to target organizations that failed to promptly patch their systems. Microsoft’s swift response to the attack and its ability to do so can be attributed to the company having adequate cybersecurity and incident response plans in place, and properly executing those plans.

Benefits of Progressive Pre-Incident Response Planning

As the latest attack on Microsoft demonstrates, it is critical that an organization can identify and promptly respond to security incidents and events. To do so, organizations will need to have an incident response plan in place to mitigate the risks of being a victim of a cyberattack. Incident response plans outline what constitutes a breach, the roles and responsibilities of an organization’s personnel during a breach, steps to be taken to address the incident, methods of investigation and communication, and the notification requirements following. Three essential benefits an incident response plan can provide to an organization include:

1. Protection of Your Data – Your organization can proactively protect its data by following an updated incident response plan. If malicious actors get ahold of your organization’s data via ransomware, they could demand a ransom for its return or leak the information to the public. Protecting data assets through incident response procedures includes securing backups, leveraging logs and security alerts to detect suspicious activity, property identification and access management to avoid in-house misconduct, and heightened attention to patch management.
2. Protection of Your Revenue – An effective incident response plan mitigates your organization’s risk for loss of revenue. When the average cost of a data breach is $4.2 million,³ it’s hard to argue against the need for an incident response plan. Your organization’s revenue is at risk during any data breach, and both small and large organizations could be crippled by the high costs associated with a breach, including costs for legal, remediation, forensic investigation, and regulatory and compliance fines. 
3. Protection of Your Professional Reputation – Having an incident response plan in place may increase consumer trust and confidence in your organization. According to the International Data Corporation, 78% of consumers would take their business elsewhere if directly affected by a data breach.⁴ By following a detailed incident response plan, in the event of a breach, an organization could reduce the risk of impacted individuals and therefore retain a larger base of its customers.

The cyberattack on Microsoft should serve as a reminder that no industry, no profession, and no organization is safe from the risk of a cybersecurity incident. However, steps can be taken to reduce your exposure to attacks and to mitigate risks in the event of a data breach. It is best practice that you develop a plan to respond to such cybersecurity incidents.

How Brouse Can Help

Brouse McDowell’s Cybersecurity and Data Privacy team can provide the guidance and tools you need to establish and maintain relationships with cybersecurity experts and ultimately improve your organization’s network security. We also provide proactive solutions for companies to defend against cyber-attacks. Our cybersecurity team offers a variety of data privacy and cybersecurity services, including pre-breach and cybersecurity planning, cybersecurity and data privacy transactional services, data regulatory compliance services, breach response and disclosure obligation services, cyber liability insurance review, and any related litigation issues regarding cybersecurity and data breaches (investigation, defense, insurance recovery and response). Please contact us for more information and to learn how we can partner with you.

This blog is intended to provide information generally and to identify general legal requirements. It is not intended as a form of, or as a substitute for legal advice. Such advice should always come from in-house or retained counsel. Moreover, if this Blog in any way seems to contradict advice of counsel, counsel's opinion should control over anything written herein. No attorney client relationship is created or implied by this Blog. © 2023 Brouse McDowell. All rights reserved.

Share Article Via