Security - Beware of the dark

Until recently cyber criminals would demand money – a ransom – for the ‘safe’ return of data belonging to an organisation. Now the threat has turned into blackmail, as organisations are being asked for a payment in return for the criminal not sharing sensitive information about the company. That type of information might be key financials or customers’ personal data.

Interestingly, these criminal activities have increased significantly in the aftermath of the introduction of the GDPR and other similar regulations worldwide, particularly because of the huge fines now in place. Prior to the GDPR, the maximum fine was £500,000. Now it is 4% of a business’ global annual turnover or €20 million, whichever is the greatest.

This means that if a cyber criminal has captured some key data from an organisation, the company may be left in the precarious position of paying both the blackmailer and the regulator – or perhaps just paying the blackmailer and hoping for the best…

Crooks who were simply encrypting a company’s data have recently found their crimes more difficult to pull off. Some organisations simply won’t pay cyber terrorists – for ethical reasons or because this will simply encourage them to keep coming back. Also, does paying the money even guarantee that a company will get that data returned?

At the same time, organisations have realised the importance of implementing good back-ups and disaster recovery plans – which means they are more likely to be in the fortunate position of recovering large amounts of data in any case, without paying for it to be returned. Hence the reason that criminals are now turning to blackmail.

Stealing sensitive data about a company and threatening to release it into ‘the wild’ has huge implications for businesses not only in terms of fines but in terms of reputational damage too.

In addition, ransomware operators are also apparently not only holding this information to ransom and threatening to tell a regulator but some are auctioning their victim’s data on the dark web if the owner doesn’t pay up!

What can a business do to protect itself? It’s interesting to note that a simple ransomware attack happens in minutes, as malware is employed and data is encrypted. A more modern capture of sensitive data can take longer, sometimes months. This does give companies time to nip it in the bud but they need to know it’s happening to do that.

Having good security is important but an organisation needs to be proactive, not simply relying on alerts from anti-virus software or other security solutions. It’s key to proactively look for signs of any intrusions, such as gigs of data suddenly flowing into an unusual IP or domain.

When it comes to any sensitive data within a company, it is super important to be careful about where the data ‘at rest’ is held. The more locations it sits, the more difficult it is to protect it. If a company has lots of silos of data, that’s not good.

When it comes to data storage, it is sensible to store it in the company’s CRM rather than on the website, keeping any personal information held on a website to the absolute minimum. At Lake Solutions we can help you with this, by changing the way data capture happens on your website, making it harder for criminals to steal your data.

If you’d like to know more about how Lake Solutions can support you to be cyber safe, then get in touch.

Article Details

Ian Jepp
07 October 2020