ISS World ransomware attack – who’s next?

Earlier this month we learned that ISS World had suffered a ransomware attack in which 500,000 employees were affected. At the time ISS World published this update on Twitter:

Screen Shot 2020-02-25 at 10.19.27

In line with the company’s standard operating procedure (SOP), ISS World disabled access to shared IT services across its sites and countries to isolate the attack. Company websites and employees’ access to email were affected, although websites were restored by the end of the week. In a press release ISS World said:

“The root cause has been identified and we are working with forensic experts, our hosting provider and a special external task force to gradually restore our IT systems. Certain systems have already been restored. There is no indication that any customer data has been compromised.

“The nature of our business is to deliver services on customer sites mainly through our people and as such we continue our service delivery to customers while implementing our business continuity plans. Our priority is to ensure limited or no disruption while we fully restore all systems.

“We are currently estimating when IT systems will be fully restored and are assessing any potential financial impact.”

If you’re worried about ransomware and the impact these and other cyber attacks might have on your organisation, book a free consultation with me to discuss what solutions you have in place and where you might be vulnerable to attack. Click here to arrange a call >

Thousands of ransomware attacks go unreported

ISS World’s ransomware attack made the news but due to the large number of cyber attacks being conducted on a daily basis, many go unreported. Just because you don’t hear about them, don’t be complacent. Ransomware attacks on UK businesses soared by 195% in the first half of 2019, and the UK is the second most attacked nation after the US. Criminals are focussing their efforts on businesses where the impact of disruption is most likely to result in ransoms being paid.

Events like ransomware attacks can bring a company to its knees with primarily two options available should it happen: Pay Up or restore/rebuild. The problem with paying up is that it funds other criminal activities and it also makes you a target for further attacks.

Instead a Prevent, Detect and Respond approach is the best protection against ransomware attacks:

Prevent

Businesses need to ensure that they have uniform levels of protection across their entire estate, whether that is on premise, Azure, AWS or other hosting provider. If you haven’t already, invest in cyber security solutions to prevent phishing and ransomware attacks.

Also consider the source of these attacks.

Are your employees properly trained to spot unsolicited or suspicious emails? These are designed to trick staff into handing over confidential information or clicking on hostile links and have become increasingly sophisticated. Staff need adequate training with regular refresher courses.

Detect

Do you have the ability to detect attacks, or recognise the indicators of a likely breach? While you’ll know about a ransomware attack as soon as you receive a ransom demand, many cyber breaches go undetected for months.

With the exception of ransomware and DoS attacks, most cyber attacks are designed by their instigators to go undetected. For example, when Ticketmaster was breached between September 2017 and June 2018, it wasn’t until customers received replacement payment cards approximately 9 months later that it became apparent that customer data had been breached.

Real-time detection solutions will help your organisation respond rapidly to attacks and minimise the impact on your business.

Respond

Do you have a clearly defined plan should you become the victim of a cyber attack? The best way to help prevent disaster if you’re hit by a ransomware attack is to set up a simulation attack. This will help you identify problems that might not be documented in your disaster recovery plans, and help you develop a more robust response.

Cyber attacks are happening more and more frequently and many security analysts say it’s inevitable that all organisations across all industries and of all sizes will suffer a security incident at some point. Everyone’s in it together, so it’s important to protect your employees, be transparent and do the right thing. Trying to attribute blame or covering up is not the best approach. Instead preventing, detecting and responding to incidents with transparency and clarity will help you reduce the impact of breaches.

Book a free cyber security call to explore whether your organisation is vulnerable to ransomware attacks and what you can do to prevent, detect and respond to them. Click here >

Cloud Business logo white
Microsoft Gold Partner Logo - Cloud Business

Cloud Business Limited
8 North Street
Guildford
GU1 4AF

2023 © Cloud Business Limited
Registered Company in England and Wales 06798438