3rd August 2020
There have been several breaches that have come into the public domain recently – for the more athletic amongst us the Garmin services being down for several days would have been an inconvenience, but breaches have serious impacts for organisations.
It was recently reported that the cloud computing company Blackbaud was compromised by ransomware. In this case – and increasingly often – we see the attackers demands being paid in order to secure the data. Without debating the rights of wrongs of this practice, the risk/reward paradigm is compelling: attacks are proving to be profitable, and the chances of being punished remain minimal, a combination that emboldens these attackers and others.
What should you be doing about this breach and future attacks? Ideally, your contracts with third party suppliers stipulate that they must inform you as soon as a breach has been identified or suspected. It is wise to set up google alerts for each supplier so you are notified as soon as a breach becomes public, especially if your contract doesn’t include this clause. However, early knowledge isn’t always surefire protection: in the Blackbaud case, it appears the issue was identified in May and the company let their customers know in July – a long time for data to be mined and employed for nefarious purposes.
You should have clear and specific breach plans in place– some key questions to ask after a breach is identified include:
- Who is on the response team and what are their responsibilities?
- Are you insured, and if so have you contacted your insurance company?
- Do you have to report it to the ICO?
- Are you reporting within the 72 hour window?
- Do you have to let your contacts know?
- What about letting your suppliers know? Media?
With good planning the issue won’t go away but you can try and minimise the impact.
Earlier this month we held a special webinar on IT security for remote working. You can view the recording for tips on preventing fraud here.