RANSOMWARE ATTACKS in the UK have reached a record high, with the data of more than 5.3 MILLION people compromised from 700-plus organisations.
Sony has been reputedly involved in a ransomware attack by RansomedVC which, if confirmed, will be the second ransomware attack on the company in a matter of months.
The ransomware gang have stated that Sony refuses to pay the ransom and so are threatening to sell it on September 28. In the past, RansomedVC have asked for between $54,000 and $218,000 in ransom, which they state is cheaper than a GDPR fine.
A GDPR fine for Sony could set them back €20 million or 4% of annual global turnover, whichever is highest. In this case, 4% of Sony’s annual turnover would be $3 billion.
Administrators of KNP Logistics Group, parent company of Kettering-based Knights of Old, which went into administration on Monday (September 25) said that a ransomware attack on the company in June had caused “significant disruption” and was a major factor behind the collapse of the business.
Compliance training service Skillcast is warning that SMEs face heightened vulnerability due to weaker security infrastructure and advise owners of small and medium-sized businesses to prioritise their cybersecurity.
SMEs are often seen as easier prey for malicious actors, says Skillcast, and the rising threat of ransomware attacks can often cripple smaller organisations.
Skillcast have provided ten essential safeguarding tips that SMEs should consider:
Regular Backups Frequently backup critical data to offsite locations. Ensure backups are secure and regularly tested for restoration.
Educate Staff Train employees on recognising phishing emails and suspicious links. Employee awareness is your first line of defence, without this they know what to be aware of and can fall prey as phishing emails become increasingly more sophisticated.
Update Software Keep operating systems and software up-to-date with security patches. Cybercriminals often exploit outdated software as it is easier to bypass.
Multi-Factor Authentication Implement MFA wherever possible. It adds an extra layer of security against unauthorised access and will often deter cybercriminals as they search for easier targets.
Network Security Invest in robust firewall and intrusion detection systems to monitor network traffic for anomalies.
Incident Response Plan Develop a comprehensive response plan for cyber incidents and make sure employees know what to do when an attack occurs. This can help a business effectively mitigate, contain, and recover from cyberattacks.
Cyber Insurance Consider obtaining cyber insurance to mitigate financial losses in case of an attack, as this can provide a safety net for unexpected expenses associated with system compromises.
Employee Access Control Limit employee access to sensitive data to only what is necessary for their role and have a system in place to regularly review and update access permissions.
Regular Audits Conduct regular security audits and penetration testing to identify vulnerabilities proactively. This is essential to help a business understand weak spots that cybercriminals may find easier to target.
Stay Informed Stay updated on the latest cybersecurity threats and trends. The landscape can evolve rapidly, with new threats emerging and attackers constantly adapting their tactics to exploit vulnerabilities.
If Sony or any company were to face a GDPR breach, there are a number of factors that influence the size of the penalty.
- Gravity, nature & duration of breach;
- Personal data categories affected;
- Negligent or intentional infringement;
- Actions taken to mitigate the damage;
- Degree of responsibility of data controller/processor;
- Previous data breach infringements;
- Cooperation with supervisory authorities;
- Aggravating or mitigating factors (e.g. financial benefits gained from the infringement).
For more information on compliance audits and training, visit the Skillcast site.