The admission by the courier firm TNT Express, a subsidiary of FedEx, that the ‘NotPetya’ ransomware attack in June caused permanent loss of data has raised worrying questions for cybersecurity experts.
On top of that came the news this month that the number of data breaches reported to the UK Information Commissioner’s Office had doubled in the past year.
Andrew Foxcroft, of cybersecurity services firm Radware, sent us this comment. Andrew is Radware’s regional director for UK, Ireland, Nordics and Middle East, where he leads the teams supporting some of the UK’s largest names in retail, finance, telecoms and gaming, as well as public sector organisations, with their application and network security.
“The rise in the number of data breaches reported is worrying stuff with GDPR on the horizon.
“But the news that the ‘NotPetya’ ransomware attack caused TNT permanent loss of data has sent a jolt through the cyber security profession – the predictions were coming true.
“Generally, most companies worry about the effects of being out of business for a few hours, and the reputational damage of data theft. But ransom attacks can go further. NotPetya exploited a software weakness Microsoft had made public, and seems to have gone on to ‘brick’ a network and render it useless.
“While we don’t know what the repercussions of the TNT breach were for its customers, it must surely have made retailers and manufacturers consider how close their data could have come to loss. Indeed the domino effect in a supply chain could be devastating for business.
“Ransomware attacks highlight the need to consider how IoT strategies will influence the cyber security plan. As more ‘things’ like handheld scanners used on the shop floor and in the warehouse are connected to a network so the risk of attack rises. You just need one device to miss an application software update, or connect to an insecure network, and the whole company is exposed.
“It’s so easy for hackers today. They can buy attacks from as little as $19.99 a month and they don’t need to think about the nuts and bolts of how it’s made, they simply hit return on the keyboard to run it. What’s more the white hat hackers researching the vulnerabilities that need to be shut down are doing the job for the black hat hackers – as soon as a threat is known the criminal hackers can jump on it and cause chaos.
“That’s why many companies are turning to ex-hackers to help with the race to find weaknesses. Their expertise means that they can spot a threat from miles away. But they are still only human so automatic detection systems that respond instantaneously to changing dynamics and even learn how to react, are also being deployed.
“It’s a Matrix-style situation no one wants to believe but it’s becoming the norm. The most vulnerable will be those who are dependent on other companies to run their business. Retail, manufacturing and logistics a prime example and the sooner the industry collaborates on threats the better.”