The company that owns brands such as KP Nuts and Hula Hoops was recently targeted by a ransomware cyberattack.
The company has reported that this will result in supply chain issues and a shortage of crisps and nuts as the company will be unable to "safely process orders or dispatch goods".
Criminals can launch a cyber-attack using malware to infiltrate an IT system and steal data which they encrypt and demand a significant ransom to release, often millions of pounds/dollars. It was reported that the KP attack targeted highly sensitive information, including credit card statements, employee addresses and telephone numbers.
The UK's National Cyber Security Centre (NCSC) has recommended businesses strengthen their digital security in light of increasing attacks in recent years. They issued a Joint Advisory explaining that "in 2021, cyber security authorities in the United States, Australia, and the United Kingdom observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organisations globally. Ransomware tactics and techniques continued to evolve in 2021, which demonstrates ransomware threat actors’ growing technological sophistication and an increased threat to organisations globally." The NCSC recommends that businesses focus on reducing their vulnerability to attacks in the first place and reducing the impact of any successful attack.
The best way to prevent an attack is for a business to secure their data as strongly as possible by maintaining effective and up-to-date antivirus protection and firewalls; ensuring robust and regular backups so that lost data can be recovered for the business; and to train staff to recognise risks such as clicking on unknown weblinks or opening suspicious emails.
In the event of a cyber-attack, all businesses should have an established cyber security and data protection response to reduce downtime for the business and protect reputation
Most data risk that incurs a data leak or breach lurks in the 90% of communications data such as emails, documents, spreadsheets. Given inefficiencies through human error and employee psychology and less than robust processes, businesses leave themselves exposed to the risk of their cyber insurance policies not covering them - regardless of the strength of any IT security accreditation. Resources spent in prevention would be significantly less than the financial impact of any successful attack.
In the event of a cyber-attack, all businesses should have an established cyber security and data protection response to reduce downtime for the business and protect reputation and share price. Businesses should also consider lessons learned and steps that can be taken to reduce the impact of the attack and prevent future attacks.
The NCSC regularly provides information on cyber threats and advanced malware that is being utilised by criminals. They are currently highlighting the increased security threat from anticipated Russian cyber-attacks which are understood to have been used against Ukraine prior to the military invasion. As a result, they recommend “organisations in the UK to bolster their online defences”. There has never been a more important time for a business to protect their data from attack.
LegalDW can perform an Initial ECS (Efficiency, Compliance and Security) assessment to help you better understand the level of risk your organisation might be exposed to.