Preparing for Evolving Cybersecurity Threats

By , and on April 15, 2024
Posted In Uncategorized

The recent ransomware attack against the Duvel Moortgat Brewery demonstrated the very real risk that cybersecurity incidents pose to the alcohol industry, reportedly halting operations for several days at four of Duvel Moortgat’s facilities in Europe and the United States. This attack comes after other major alcohol producers experienced disruptive ransomware attacks in the last several years. Incidents like these can be devastating for a company’s business and reputation, and hackers’ strategies are constantly evolving to maximize their damage. But companies can be prepared with an information security program designed to prevent successful attacks and quickly respond if one occurs. Experienced partners such as McDermott are critical resources throughout this process, enabling companies to better update and fortify their security programs.

The Growing Threat of Attack

Hackers have extorted companies through ransomware attacks for decades, but hacker strategies have evolved to increase the risks to companies, often resulting in a larger ransom for the hacker. A “ransomware” attack traditionally refers to a strategy in which a hacker gains access to a victim’s computer system, encrypts the information on those systems and demands a ransom payment to unlock that information. Victims may try to avoid paying the ransom by restoring most of their systems from backups, but hackers have recently introduced additional strategies that can complicate that recovery. Today, hackers often try to steal the victim’s information before encrypting it on the victim’s system, so that they can sell or publish the information if the victim refuses to pay the ransom. Hackers also may try to “corrupt” backups so that the victim cannot effectively restore its system without the hacker’s assistance. One ransomware group, AlphV, says that it also reports its publicly traded victims to the US Securities and Exchange Commission if they don’t pay the ransom.

Determining whether to pay a ransom is a complicated decision, with either choice presenting notable risks. The ransom will likely be expensive and must be paid without any guarantee that the hacker will make good on its promises. The decryption software or key may not work, or the hacker may not delete information. One hacking group, LockBit, is believed to save victims’ information after their ransoms are paid despite promising to delete it. The hacker may be willing to negotiate a lower payment amount, but doing so takes valuable time while the victim’s systems likely remain nonfunctional. The hacker may be under sanctions, in which case paying the ransom would be illegal and could result in a fine for the victim. Paying the ransom rewards the hacker, which may increase the risk that the hacker targets the victim again. There is rarely a clear path back to safety after a successful breach, so it is important that the victim make an efficient, informed decision.

Opportunities for Preparation and Prevention

Companies can minimize these risks by maintaining a security program designed to prevent incidents from occurring and to effectively respond if they do occur. The security program should utilize administrative, technical and physical security policies and procedures to enable personnel to detect and report actual or suspended incidents, aggressively monitor the company’s systems for suspicious files and behavior and protect the company’s facilities from unauthorized intrusions. The security program must be regularly tested and updated to identify weaknesses, implement appropriate detection and response solutions, and plan for evolving hacker strategies and business demands. Incident response plans should be regularly tested to ensure that they accurately reflect the company’s resources and priorities and that the responders are prepared to execute the plan if necessary.

Companies should also leverage third-party professionals to improve the effectiveness of their preparation and response. These partners can provide specific knowledge and perspective to help the company appropriately plan for an incident without needing to experience an incident first. For example, an experienced law firm such as McDermott can advise the company on its legal obligations, help identify and address risks in a security program, and investigate and respond to an incident, all while protecting the company’s privilege. By leveraging this support early, a company can find and address its weaknesses before they are exploited, better understand other companies’ approaches to these issues, and ensure that its partners are aligned on the company’s priorities. In the event of an incident, an effective third-party partner can efficiently advise victims on their obligations, options and risks; provide additional resources for a busy team; and help prioritize response activities based on the needs of the business.


Cybersecurity incidents can quickly become expensive, complicated and devastating for victims. Hackers are continuously improving their methods for obtaining larger ransoms, and after an incident has started, the victim often has no way of ensuring that it can completely remediate the problem. Companies can limit their risks by instituting systems to protect against threats and prepare to respond to any incident that arises. Companies should also consult with external professionals regularly to evaluate and improve their protections and ensure that their security program does not become outdated.

David Sorenson
David Sorenson focuses his practice on global privacy & cybersecurity matters. David has experience assisting companies in responding to client and vendor data breaches. Read David Sorenson's full bio.

Michael Morgan
Michael (Mike) Morgan is recognized as one of the nation’s leading lawyers in cybersecurity and data privacy. He has guided clients through some of the largest and most complex data breaches, breaches involving more than 50 million records, incidents affecting persons in over 100 countries around the world, and incidents involving sensitive defense-related information. He counsels clients on compliance with US and international regulations relating to cybersecurity and data privacy, including compliance with the California Consumer Privacy Act (CCPA), the EU’s General Data Protection Regulation (GDPR) and China’s Network Security Law. Mike leads the Firm’s global privacy & cybersecurity practice.Read Michael Morgan's full bio.

Alva C. Mather
Alva Mather is the global head of McDermott’s Regulatory Practice Group and a member of the Firm’s Management Committee, and heads the Alcohol Regulatory & Distribution Practice. As a nationally recognized go-to lawyer for alcohol beverage regulatory, commercial and M&A matters, clients say that Alva “comes to the situation with clear leadership and strong knowledge of the food and beverage industry.” She combines her extensive knowledge of the commercial and legal landscape as well as deep understanding of the beverage industry to help clients mitigate risk, respond to challenges, and capture and pursue new business opportunities. Read Alva Mather's full bio.