If you were following the news at the weekend, you will have undoubtedly heard of the enormous ransomware attack which hit the Florida-based company, Kaseya – an IT management software provider.
This ransomware spread to its managed service providers, which in turn has endangered thousands of clients globally which access these services.
For example, 500 Co-Op supermarket stores in Sweden have been forced to close and nine schools in New Zealand are also reporting some form of disruption to name a couple.
According to the Ponemon Institute, 60% of US and UK companies have experienced a data breach caused by a vendor or third party.
Like most things, criminals do this for money. They will use the “backdoor” they create to steal information, such as personal and financial customer data. This theft can be masked by encrypting the victims’ data to hide what exactly may have been taken. The criminal then demands money for the decryption keys and in the case of Kaseya, REvil, the organisation behind the attack, is now demanding $70million ransom for the decryption key.
Although big businesses are usually the overall target, this is a sobering reminder that organisations, no matter what size, should take steps to limit risk and safeguard their networks and customer base.
What can SME businesses do?
· Make sure that your business is as cyber resilient as possible. Joining the WCRC and achieving Cyber Essentials is a great first step if you are not sure about how to start.
· Know who your suppliers are and ask them about their security. Look for businesses who have a cyber resilience accreditation, such as Cyber Essentials.
· Ensure that your suppliers only have the access that they require. Assume that your supplier will get compromised, what is your plan when this happens?
· Review what damage could be done if your suppliers are compromised. Is there any way to reduce the impact? Consider running business continuity exercises to test your business’ response.
· Have a monitoring system in place to alert you if your anti malware software shuts down. Do you know how to check if yours is running?
Here at the Cyber Resilience Centre for Wales, we offer a range of services for businesses to help identify your digital vulnerabilities and weaknesses.
We also offer a range of membership packages that are designed to help your business become more cyber resilient.