2021 10 19, 09:31

I. Kirklytė. What is a cyber incident and how to handle it?

As many companies moved part or all their business online, it has become crucial to start being increasingly concerned about aspects of online security as soon and as responsibly possible and take the necessary measures to ensure security. It is vital not only to be aware of the ways to protect against cyber attackers, but also how to handle a cyber attack or what might be at stake if a company fails to take appropriate measures.
Irma Kirklytė
Irma Kirklytė / Sorainen

Different companies are subject to different requirements

To gain a better understanding of the dangers online, it is necessary to find out about the different types of such attacks that may occur. Companies are most often exposed to malware, such as Trojans (Trojan horses), ransomware and other viruses that are likely to be distributed not just on websites, but also by email or even via social networks and mobile apps. Likewise, businesses often suffer from the so-called phishing — data dredging (spoofing) — a situation where fake websites are created attempting to extract confidential information. More serious cyber criminals may also attempt to hack into the company’s information systems directly.

It is interesting to note that although every company may encounter these issues, not all of them are, and not in all cases, will they be under the obligation to notify the National Cyber Security Centre, the State Data Protection Inspectorate and the police. Following the provisions of the Law on Cyber Security, cyber incidents must be reported by those companies that control or manage public information resources, e.g. the Centre of Registers. Furthermore, such an obligation lies with those that manage critical information infrastructure, provide public communication networks or public electronic communication services, or offer electronic information hosting services and digital services, such as telecommunications companies, data centres and many others. Incidentally, digital service providers only report major cyber incidents, while those companies which voluntarily report incidents do not have to assess the magnitude of the impact the incident has caused.

The reporting deadlines are also different: in the case of a major incident experienced by a company, the National Cyber Security Centre must be notified no later than within one hour after the incident is detected. Where there has been a moderate cyber incident, it must be reported within four hours of its detection at the latest, for minor incidents, periodically on the first day of the calendar month. What type of incident has occurred must be determined by the degree of disruption it caused to the service, the number of affected service recipients or computerised jobs, the losses, and the fact whether there has been breach of confidentiality and integrity of communications and the information system. All of the above come from the publicly available National Cyber Incident Management Plan. Furthermore, it is worth remembering that even a company under no obligation to report an incident may voluntarily contact the National Cyber Security Centre to help tackle the situation.

Reputational and financial damage

Ignoring cyber threats these days is highly irresponsible as the damage caused by a cyber incident measures not only in the lost data or disruption of website operations, but also financial losses. Cyber attacks may have serious economic implications, including stolen financial information such as bank or payment card details and money, disrupted trade or even lost business. What is more, repairing the affected systems, networks and devices will also come at a cost.

In the event of a cyber incident, the company will most certainly suffer reputational damage too. After all, this weakens trust and willingness to cooperate and may lead to a loss of customers and a decline in profits. It is important to note that cyber incidents frequently also come with legal implications: the laws require that the available data of staff and customers be processed in a responsible manner and their security be ensured. So the companies that fail to do so face fines, constraints and legal proceedings for damages in courts.

Breaches of the Law on Cyber Security – failure to act in a timely manner, failure to cooperate with the authorities or to provide them with information, or ignoring their instructions – may entail a fine of up to EUR 1,950 imposed. However, this is nothing compared to the situation where a cyber attack has been carried out in conjunction with a personal data breach, which must be reported to the State Data Protection Inspectorate and, in certain cases, to the victims themselves, no later than within seventy-two hours after becoming aware of the breach.

Depending on the circumstances in each individual case, a company may be fined up to 4% of the corporate group’s total annual global turnover for the previous financial year. And it does not end there, as in situations where it comes to data leaks, there is a risk of individual or group claims for damages being brought. Knowing all this, it will probably be easier to make the decision on what investments in security are worthwhile, in particular, given the fact that businesses occasionally fail to recover after huge fines and reputational shocks.

What helps protect against cyber attacks and how to handle them?

A cyber attack, which had taken place, will not necessarily become known; in certain cases a cyber criminal will only need specific information they are not intending to sell or make public. That aside, encryption ransomware attacks are the most frequent where a ransom is demanded to prevent the publication of stolen data. A ransom may be also claimed by cyber thieves for the data to be unblocked. There are different views on how this should be handled and there is never any certainty as to whether access or data will be recovered when the ransom is paid.

In order to prevent such incidents or minimise their damage, it is advisable to have a separate encrypted access to the data and an action plan on how to liaise with the public, customers and partners whose data have been leaked or blocked. Contacting the National Cyber Security Centre is always an option as it has developed guidelines on how to deal with and protect against a cyber incident.

For prevention purposes, companies are advised to adhere to the principles of creating and using secure passwords, having strict access control and multi-step authentication, in addition to having a secure wireless network installed. It is also recommended that the HTTPS protocol, antivirus software and a firewall be installed, the software be constantly updated and data backup available. The human factor is also of importance, i.e. that the company’s staff are made aware of cyber risks and that training encourages them to be attentive or they separate work and personal devices. Moreover, it is advisable to take steps to prevent data leaks, encrypt sensitive data, carry out regular cyber hacking tests and have cyber risk insurance cover in place.

Leave the interpreting to us! Translated by Pasaulio spalvos

Report mistake

Successfully sent

Thank you


Lithuanian producers of EPS on the way to circular economy
Gilužio Rivjera by the real estate company Homa – hundreds of apartments and millions in investment
Capitalica fund successfully issued bonds amounting to EUR 5 million to finance the Verde project in Riga


State Progress Strategy 'Lithuania 2050': will Lithuania become the 'Silicon Valley' of social enterprise?
Citus Experts: Planning to Furbish or Brush Up your Home Interior? Get Ready for a Brutal Run
How do the country's most desirable employers nurture IT talents?


Ramūnas Vilpišauskas. The president’s achievements in Brussels were modest
Laurynas Jonavičius. Will the new German government’s foreign policy coincide with Lithuanian interests?
Eastern Partnership ‘beyond westlessness’: a new momentum for the European integration


Taiwanese Minister Ming-hsin Kung – about Lithuania’s strengths and the two countries’ looming plans
The double standards of “values-based policy”: Lithuania did not join the condemnation of Turkey
Behind the scenes of ambassadorial appointments: Seimas looking for clarification on continuing questioning at the Presidential Palace