Ransomware… Don’t be the next victim!
24th February 2020
Is your business running Windows 7 or Windows Server 2008/2008 R2 without extended Microsoft support? If so, are you aware that your business is vulnerable to security, reliability and compliance issues?
Using unsupported Software? Your Security could be compromised!
With technical support, software updates, fixes, and security updates for Windows 7 and Windows 2008/2008 R2 no longer supported, desktops and laptops have reduced defences making them less reliable and vulnerable to attack.
Ransomware attacks are one of the most prolific and costly forms of cyber-attack. Hackers take control of an organisation’s computer system and scramble their information until a substantial ransom is paid, effectively crippling access to business data and applications, and preventing companies from operating.
The WannaCry malware is a particularly dangerous piece of ransomware that took advantage of vulnerabilities in old Windows operating systems. As such it has infected major organisations, including the NHS, where it disrupted hospital systems across the UK costing the NHS £92m. As reported in the national press, London-based foreign exchange firm Travelex was held to ransom by cyber attackers who said they would expose sensitive customer details unless paid millions by Travelex.
‘WannaCry has infected major organisations, including the NHS, costing £92m.’
It’s now recently been reported that over 135,000 UK residents of Redcar and Cleveland Borough Council have been without online public services for over a week due to a cyber-attack. With the Council’s website and all computers at the authority attacked, external cybersecurity experts including those from the National Cyber Security Centre (NCSC) were drafted in to help. Although the council refuses to publicly specify whether it is a ransomware raid or not, the attack has all the hallmarks.
‘An attitude of it will always happen to someone else, not us, exists – don’t let it be you!’
The serious nature of the attack and impact it has had should raise concern with UK authorities and other large-scale organisations about the need to ensure their IT systems and workspace are secure and up to date with the latest software releases.
Non-compliant? It may cost you!
If your organisation needs to remain compliant with best practice certifications and standards, you should address any Windows 7 or outdated server operating system instances that reside in your environment before your next audit.
‘Being non-compliant with industry regulations such as ISO27001, PCI, GDPR, SOC2, NIS and HIPPA, may result in substantial fines.’
For example, the parent company of Curry’s PC World, DSG Retail Limited, has been fined £500,000 after its point of sale system was breached by hackers, affecting some 14 million customers.
‘Failure in security measures enabled hackers to install malware onto 5,390 computer systems and tills at Curry’s PC World and Dixon Travel outlets.’
The Information Commissioner’s Office reported 5.6 million payment card records used in transactions were accessed as a result, as well as the personal information of 14 million people, including full names, postcodes, email addresses and information related to failed credit checks.
This incident happened prior to the introduction of GDPR in May 2018, falling under the Data Protection Act 1998, which stipulated a fine of £500,000. The company received the maximum penalty due to both the seriousness of the case and due to the disregard shown to customers whose personal information was stolen. Under GDPR, the fine would have been increased to up to 4% of the company’s annual turnover, resulting in a payment of up to £17 million.
‘The fine under GDPR would have been increased to 4% of the company’s annual turnover, resulting in a payment of up to £17 million.’
HTG can help you stay ahead of the regulators and protect your organisation from data breach; prevention is always better than cure.
Contact HTG as your trusted advisor for independent expert advice on how to quickly reduce risk and ensure your business is not impacted as the next victim of a cybercrime attack.
Engaging HTG is Realising Possibility.