Cyber attacks on Marks & Spencer and other retailers have highlighted the value of data and the risks organisations face. A vital ally in the fight to keep organisations secure is the General Data Protection Regulation (UK GDPR), which provides business technology leaders with the framework for cybersecurity best practice and how to respond to a breach.
The Growing Cyber Threat Landscape
Cyber criminals, often using ransomware, threaten to publish customer data on the dark web to increase the damage they do to your business. This is often done after they have already extracted a ransom from your organisation, an activity known as double-dipping. Cybercrime is increasing as organised crime groups look to exploit the modern business practices of cloud computing and remote workforces. These, largely positive developments in the ways of working, have increased the threat landscape.
Peter Job, Intergence CEO, has seen the impact of just such an attack first-hand. A regional airport suffered a major cybercrime attack, leading to significant delays and an inability to run baggage handling or passenger information systems. "It was absolute chaos. Worse was to come; it took 14 months to get the airport back to where it needed to be," Job says.
The Role of GDPR
GDPR is the law relevant to cyber attacks and should be used as a guide to the cybersecurity strategy of the organisation. "Having robust GDPR measures in place will put you in the best possible place to respond to cyber attacks and minimise the impact of them" advises Helen Tringham, a partner at law firm Mills & Reeve. GDPR insists that organisations process data using the "appropriate" technical and organisational processes required. The lawyer says organisations must, therefore, design and organise their cybersecurity posture according to the type of data they handle. If an organisation handles more sensitive data, say clinical information, it must use more sophisticated techniques like encryption. Tringham also advises minimising the levels of data the organisation holds and having strong and regularly refreshed data security processes in place.
"Knowing how to respond and how to escalate any issue will reduce the impact," Tringham says of processes that define ownership of any data, and expected response methods.
If organisations do suffer a serious data breach, Tringham says they have just 72 hours to inform the Information Commissioner's Office. The ICO levies some hefty fines on organisations that don't have the right cybersecurity training and processes in place.
Cybersecurity best practice
- Patch early and often to prevent malware vulnerabilities
- Identify and train your response team to make sure everyone knows what to do should an attack occur
- Contain any attack and investigate the root cause of it
- Eradicate the threat and restore your systems
- Notify your cybersecurity insurance of an incident to gain their help and ensure you do not invalidate your coverage
- Consider who else to notify and when, for example, the ICO, affected stakeholders and law enforcement agencies
Build a response team
As well as strong cybersecurity partners, organisations need a response team that will look into the breach and lead the recovery. A strong response team at Marks & Spencer is credited by cybersecurity experts for the retailer's ability to largely contain the attack. "You need people to understand their roles and what they are doing when a breach happens. This will put you in the best position to respond swiftly and mitigate any loss or damage " Tringham says.
For more information on how Intergence and Sophos MDR can enhance your organisation's cybersecurity, go to our cyber security managed services page or contact us. We are also offering a free cyber security assessment and infrastructure audit if you are worried about your security posture which you can register for here.