With high-profile casualties including NHS, FedEx, Nissan and Hitachi, 2017 was dubbed ‘year of the cyber-attack’. If one good thing came of the attacks, it was the increased importance of security in the light of upcoming General Data Protection Regulation (GDPR)…
With more than 3 billion records breached in 2016, cybercrime is on the rise. Unfortunately, the arrival of GDPR, is likely to increase the threat. Why? Because hackers may use the regulation as leverage to receive ransom, with companies preferring a payoff instead of GDPR fines.
The Uber hack is a good example of this. In this case, cyber criminals blackmailed Uber to pay over £750,000 to keep the data breach of 57million records a secret. Had this have occurred post May 25, Uber would have had to pay twice. Once for the attack itself and again for the cover-up. And you wouldn’t want to imagine how many £’s that would add up to!
The key lesson learned here is that paying the ransom doesn’t guarantee that your files will be returned undamaged. In fact, only 45% of UK businesses who’ve paid have successfully gained access to their files. But more importantly, GDPR fines will be unavoidable. – Uber’s secret came to light anyway.
When it comes to breaches, the Information Commissioner’s Office (ICO) requires you to put adequate measures in place to prevent a breach. FYI, this is great starting point if you haven’t already started reviewing your processes and data management ahead of GDPR. Of course, there’s always the possibility of an unwanted attack, but if you’re already taking steps to prevent this (such as robust security solutions), then that’s half the battle!
To protect your business against ransomware, you should invest in backups and data encryption. Doing so limits the effectiveness of an attack, as sensitive data is not available to hackers and files can be easily restored. For more tips on how to avoid ransomware visit our blog post here >
Hackers can now skilfully replicate emails that appear to be from your bank, insurance provider, supervisor or co-worker. With those tips it might be easier to eliminate the threat:
As prevention is usually better than the cure, using spam filters will also reduce the amount of spam and phishing emails. Find out more about some proactive security solutions here >
Despite the known risks of software vulnerabilities, most companies have unpatched security flaws in their infrastructure, including servers, desktops and laptops. As an example, the patch that could have prevented the WannaCry attack was released 59 days before the outbreak occurred. As a results, companies like NHS were affected, with a significant disruption to services.
Applying software patches automatically closes that open window before a hacker can use it to access your network. Find out more about patch management tools here >
People still represent the biggest security risk and according to research 95% of cyber security breaches are due to human error. From misaddressed emails to stolen devices and clicking on phishing emails, mistakes can be very costly.
Fortunately, there is a way to prevent most of those nasty attacks. Cybersecurity awareness training ought to be an ongoing exercise – one-and-done won’t suffice. People have short memories so repetition is the key when it comes to cyber security. Find out more on the importance of employee security training here >
This blog post should not be relied upon as legal advice on how to comply with GDPR. We encourage you to work with a legally qualified professional to discuss GDPR, how it applies specifically to your organisation, and how best to ensure compliance.