Yesterday’s story comes to mind as well as others recently that puts this issue back to the forefront.
You know that when your company name is in the news for a Cybersecurity breach because your files are publicized by hackers your Cybersecurity practices have not been very effective.
“The ransomware gang pinched files, including AutoCAD drawings, Word documents and accounting docs from refrigerator specialist Dresdner Kühlanlagenbau GmbH (DKA), according to a BleepingComputer report, which said the Nefilim operators had posted two archives with 14GB of files to their leak site.
“This data-leak scenario with Dussmann Group illustrates the importance of not only protecting access to data but also protecting the data itself,” said Trevor Morgan, product manager at comforte-AG. “
There have been reports that discuss past failures of companies, like the Varonis Global Data Risk ReportVaronis Global Data Risk Report:
So the report is chock full of instances of many folders and datapoints not being managed well. This mismanagement is causing problems where there are additional issues (like actual breaches) So failures in privacy of data can be compounded by failure in malware or ransomware attacks.
Unfortunately we are not cataloging how many businesses got both mismanagement of data and malware attacks.
If we take a number as 53% of companies found 1000 sensitive files accessible to every employee.
And now we have an actual ransomware attack from a story at zdnet.com:
The Maze ransomware trickster hackers published 75 GB of data from Xerox and LG networks. So just as we were discussing the crazy lack of data management – only a few days later Xerox and LG with Maze’s help gave us the example of a major failure. Unfortunately the LG systems control many phones and smart TVs etc.
So the ransomware operators are being sophisticated and are going to threaten LG with the data they stole:
“In an email in June, the Maze gang told ZDNet that they did not execute their ransomware on LG’s network, but they merely stole the company’s proprietary data and chose to skip to the second phase of their extortion attempts.”
I have said in the past the hackers are getting more creative to make more money!!
Contact us to discuss your situation in your company.