Accenture and T-Mobile are the latest victims of cybercrime making the headlines. But according to a recent study from IDC, they’re not alone. More than a third of organizations worldwide were hit by ransomware or a data breach that blocked access to data in the last 12 months. And most of the victims of ransomware have experienced multiple attacks.
Ransomware has become the enemy of the day, demanding organizations of all sizes to pay a ransom to restore access to corporate data. While the average ransom payment was almost a quarter million dollars, a few large ransom payments of more than $1 million skewed the average, according to IDC.
The use of third party vendors to perform key business activities such as accounting, development, or storage might also increase the risk of data exposure via a third party data breach if not handled properly. Kaseya and SolarWinds are some of the most recent examples.
The latest big headlines on ransomware and data breaches below are just a reminder of the devastating effects a cyberattack can have for a business. So the important question is: How to stay ahead? Read on for the top tips on protecting your organization.
The global consulting firm Accenture has recently confirmed it suffered from a cybersecurity incident, though it claims the attack had no impact on its operations or clients’ systems.
“Through our security controls and protocols, we identified irregular activity in one of our environments,” said Accenture spokesperson Stacey Jones in a statement. “We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from backup. There was no impact on Accenture's operations, or on our clients' systems.”
While the firm didn’t explicitly classify it as a ransomware attack, media outlets such as CNN have reported that the LockBit ransomware gang claimed responsibility. LockBit has been operating since 2019, leasing its malicious software in a ‘ransomware-as-a-service’ or RaaS model. Third-party criminal affiliates who use it receive a share of ransoms in exchange for planting the code onto victim networks.
Earlier this week, a seller in an online forum claimed to have 100 million personal records of T-Mobile customers, of which 36 million were unique. The data was put up for sale for six bitcoins, worth about $286,000, and reportedly includes Social Security numbers, phone numbers, names, physical addresses, IMEI numbers, and driver license information.
After conducting its own research, T-Mobile confirmed that ‘unauthorized access to some data occurred’, however they have not yet determined if there’s any personal customer data involved.
According to SC Magazine, the attackers presumably gained backdoor access. This is usually after exploiting a vulnerability or using social engineering to trick an employee into installing an infected file that grants them access. Once inside the network, they can move laterally to locate sensitive data to encrypt and kick off a ransomware attack, or exfiltrate to the web.
The Memorial Health System, a non for profit in Ohio, was hit by a cyberattack on August 15. What makes this case concerning and resonant is its impact on people’s lives: the facility had to operate under electronic health record downtime procedures and divert emergency care patients.
According to their statement, "No known patient or employee personal or financial information has been compromised". The organization continues to work with IT security experts to investigate and remediate the issues.
Memorial Health System was the third victim of ransomware in the US health system in the last two weeks. Downtime and system disruptions go beyond interrupted business processes; they bring serious challenges and devastating impacts to healthcare.
Ransomware will keep evolving in sophistication, elevating privileges and avoiding detection, in order to exfiltrate data and extort organizations. The silver lining is greater awareness has prompted companies to take action.
If you're looking to build a TPRM program or scale one to be more effective, read this guide before you get started. It compiles the five biggest tips for building a scalable process, from mapping to continuous monitoring and analysis, that will save your organization time.
|cookielawinfo-checkbox-analytics||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".|
|cookielawinfo-checkbox-functional||11 months||The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".|
|cookielawinfo-checkbox-necessary||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".|
|cookielawinfo-checkbox-others||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.|
|cookielawinfo-checkbox-performance||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".|