• Jaap Bosman

When disaster strikes, what do you do?



Do you remember how end of June 2017 business operations of Danish shipping giant AP Moller-Maersk, American pharmaceutical giant Merck, French construction giant Saint-Gobain, German consumer goods provider Beiersdorf, and many other companies were severely disrupted by an unprecedented cyber-attack? The total cost in lost revenue alone is estimated to have been well over a billion Euros.


It was not only large international businesses that were affected by the notpetya malware. On 27 June 2017, the Madrid office of DLA Piper was hit first and within hours, the entire firm was locked down across the world, unable to access phones, emails and other forms of communications. 3,600 lawyers in 40 countries were affected. They were without phones and without email.


The ransomware attack on DLA Piper sounded a different type of alarm for Big Law. The world’s biggest firms are just as prone to ransomware attacks as any other company, and the potential ramifications of a network-crippling malware infection are wide-ranging for a service industry that holds the legal fate of corporations in its palm.


Consider litigators unable to access motions on a deadline. Trial lawyers preparing for arguments without key documents. Transactional lawyers unable to communicate with clients attempting to close multibillion-dollar deals. And of course, anxious and possibly angry clients.


Perfect storm


24 March 2022, White House National Security Adviser Jake Sullivan has warned that a Russian cyberattack on a NATO ally could trigger a collective response: “We could see circumstances in which a collective response by the alliance to a cyberattack would be called by an ally,” said Sullivan. “That is absolutely something where we and other countries could bring capabilities to help a country defend itself and respond.”


Sullivan made the warning a day after President Biden said that “evolving intelligence” suggests Russia is “exploring” revenge cyberattacks for the sanctions imposed on the country following its invasion of Ukraine.


The possibility of cyber warfare has never been higher than it is right now. Given Russia’s reputation and track-record, the effects could be devastating. Of course no one knows what will happen. If it comes to Russian cyber-attacks, western critical infrastructure seems the most likely first target, but an orchestrated attack on businesses, or even law firms, can absolutely not be ruled out.


Any state sponsored sophisticated attack is a serious risk, but it is the combination with the present hybrid (or full-time) working from home, that creates a perfect storm. All high-end law firms are expected to have state-of-the-art cyber-security systems and policies in place. The problem right now is that such high-end defense systems have been designed for the office. When lawyers (and/or assistants) are working from home, the defense is seriously compromised.


Every kitchen table and every shared WIFI-point expands the surface of attack for a hacker to exploit. Structural remote communication by email, phone or Teams, increases the likelihood of clicking on an malicious link. Law firms need to be on extremely high alert!


Ultimately you cannot stop it


Russia is home to some of the most sophisticated hackers in the world. A state sponsored cyber-attack will exploit several zero-day vulnerabilities and will be able to bypass even some of the most high-end defense systems. Even if the attacks would be specifically targeted, there will most likely be a lot of collateral damage, due to the networks by which systems are interconnected. Law firms should not rely on their firewalls and virus-scanners. This is the time to perfect your response scenario and your contingency plan.


Does everyone at the firm know what the drill is, when a cyber-attack hits? For most law firms, the answer would be “probably not”. When the cyber crisis hits, you cannot afford to lose even a millisecond of time. The action needs to be immediate and operate as a well-oiled machine.


1. Draft a cyber-attack response plan*

2. Test the plan and improve if necessary

3. Rehearse until it becomes second nature to every single employee


Besides an established and well rehearsed response, a law firm also needs to have back-up and redundancy systems in place. A dual-server or a back-up server, is of little use, if they can both be down or encrypted at the same time. If email server is down, what is the alternative to communicate with clients? If all mobile phones are encrypted, is there an emergency supply of new out of the box replacements? Paper files, fax machines, a traditional landline, removable data storage, a typewriter, some of the redundancy and back-up systems will probably be antique by today’s standards.


4. Have ‘air-gaped’ back-ups of everything

5. Have redundant communications and production technology


Of all these measures, having a well-rehearsed response procedure is the most important. This must include a method for immediately notifying every single employee across offices that there is a situation in which the pre-practiced plan is in operation. You need to be able to do this if potentially all communications are down. You also need to communicate with your clients.


Time is running out. According to the latest military intelligence, cyber threat is imminent. I recommend that you have a critical look at your plan right now. Let’s hope you won’t need it.




*At TGO Consulting we are not IT or cyber security experts. We do have expertise on all aspects of crisis communication. Making a Cyber Attack Response Plan is teamwork by nature. Our experience and expertise will have added value in such team.