Accenture and T-Mobile are the latest victims of cybercrime making the headlines. But according to a recent study from IDC, they’re not alone. More than a third of organizations worldwide were hit by ransomware or a data breach that blocked access to data in the last 12 months. And most of the victims of ransomware have experienced multiple attacks.
Ransomware has become the enemy of the day, demanding organizations of all sizes to pay a ransom to restore access to corporate data. While the average ransom payment was almost a quarter million dollars, a few large ransom payments of more than $1 million skewed the average, according to IDC.
Data breaches continue to be everyday news as organizations go global and embrace digital transformation. More data in the cloud means a wider attack surface and more assets to protect.
The use of third party vendors to perform key business activities such as accounting, development, or storage might also increase the risk of data exposure via a third party data breach if not handled properly. Kaseya and SolarWinds are some of the most recent examples.
The latest big headlines on ransomware and data breaches below are just a reminder of the devastating effects a cyberattack can have for a business. So the important question is: How to stay ahead? Read on for the top tips on protecting your organization.
Accenture
The global consulting firm Accenture has recently confirmed it suffered from a cybersecurity incident, though it claims the attack had no impact on its operations or clients’ systems.
“Through our security controls and protocols, we identified irregular activity in one of our environments,” said Accenture spokesperson Stacey Jones in a statement. “We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from backup. There was no impact on Accenture's operations, or on our clients' systems.”
While the firm didn’t explicitly classify it as a ransomware attack, media outlets such as CNN have reported that the LockBit ransomware gang claimed responsibility. LockBit has been operating since 2019, leasing its malicious software in a ‘ransomware-as-a-service’ or RaaS model. Third-party criminal affiliates who use it receive a share of ransoms in exchange for planting the code onto victim networks.
T-Mobile
Earlier this week, a seller in an online forum claimed to have 100 million personal records of T-Mobile customers, of which 36 million were unique. The data was put up for sale for six bitcoins, worth about $286,000, and reportedly includes Social Security numbers, phone numbers, names, physical addresses, IMEI numbers, and driver license information.
After conducting its own research, T-Mobile confirmed that ‘unauthorized access to some data occurred’, however they have not yet determined if there’s any personal customer data involved.
According to SC Magazine, the attackers presumably gained backdoor access. This is usually after exploiting a vulnerability or using social engineering to trick an employee into installing an infected file that grants them access. Once inside the network, they can move laterally to locate sensitive data to encrypt and kick off a ransomware attack, or exfiltrate to the web.
Memorial Health System
The Memorial Health System, a non for profit in Ohio, was hit by a cyberattack on August 15. What makes this case concerning and resonant is its impact on people’s lives: the facility had to operate under electronic health record downtime procedures and divert emergency care patients.
According to their statement, "No known patient or employee personal or financial information has been compromised". The organization continues to work with IT security experts to investigate and remediate the issues.
Memorial Health System was the third victim of ransomware in the US health system in the last two weeks. Downtime and system disruptions go beyond interrupted business processes; they bring serious challenges and devastating impacts to healthcare.
Ransomware will keep evolving in sophistication, elevating privileges and avoiding detection, in order to exfiltrate data and extort organizations. The silver lining is greater awareness has prompted companies to take action.
What can you do to stay ahead?
These are some of the top tips to protect your organization from ransomware and data breaches:- Have an always up-to-date backup of your critical data that’s easy to restore and externally stored. Ransomware encrypts files on every drive that’s mapped
- Use a reliable anti malware solution
- Train your staff on cybersecurity awareness, especially around phishing, social engineering, and business email compromise
- In emails, show hidden file extensions, block executable files, and instruct your team to not open links and messages from unknown sources
- Implement certified security and data protection/recovery practices
- Ensure your partners, suppliers, and third party vendors adhere to your security standards with a robust risk assessment and third party risk management (TPRM) program
- Periodically test your cybersecurity response procedures
- Get buy-in from your board of directors to support your security practices
Don’t let third parties jeopardize your network
If you're looking to build a TPRM program or scale one to be more effective, read this guide before you get started. It compiles the five biggest tips for building a scalable process, from mapping to continuous monitoring and analysis, that will save your organization time.
