How do Cyber Attacks Happen?
There are numerous ways in which hackers can gain access to your company’s information assets, phishing is one of the common methods. Phishing is where a cybercriminal sends fraudulent emails in large quantities to individuals which ask for sensitive information such as passwords, bank details, emails, and more. These emails can in fact appear startlingly legitimate and if you are an employee dealing with hundreds of emails daily, it may be easy to fall for this type of scam.
Ransomware is another way in which your company can be attacked. Attackers get into your network, gain control, and plant encryption software. Some also take copies of your data and threaten to leak it. Once data is encrypted, you may not be able to access it. If your company experiences ransomware, it is recommended that they should not pay as you are not guaranteed to get your information assets back, and it makes you more likely to be targeted again in the future.
Targeted cyber-attacks can occur either because hackers specifically want to target your business, or because they may have been paid to do so. These types of attacks can take months to carry out and can be even more harmful to your business as they have tailored the attack perfectly around your business, meaning they could access a higher volume of information.
Data Breach Consequences
Data breaches can cost up to thousands, if not millions to resolve. GDPR (General Data Protection Regulation) is a piece of legislation that came into force to ensure stricter measures around handling data. Although the financial implications of a data breach are far from ideal, the reputational damage can be much worse for businesses. Fines are usually issued to organisations that have breached GDPR.
Some examples of data breaches and their consequences:
Amazon – summer of 2021 saw retail giant, Amazon fined $877 million for breaches of the GDPPR legislation. The fine is believed to have been issued due to breaches around cookie consent.
Instagram – a more recent example in September 2022 involves Instagram receiving a fine from Ireland’s Data Protection Commissioner (DPC). They are said to have received the fine as a result of violating children’s privacy under the terms of the GDPR. The complaint concerned data belonging to minors, particularly phone numbers and email addresses, which was made more public when users who were children upgraded their profiles to business accounts to access analytics tools such as profile visits. A $403 million fine is most certainly a reminder of the GDPR’s power.
T-Mobile – mobile communications provider, T-Mobile announced the terms of a settlement back in July 2022 earlier this year. The lawsuit followed a data breach that occurred back in early 2021, impacting an estimated 77 million people. The incident involved “unauthorised access” to T-Mobile’s systems after customer data was listed for sale on a known cybercriminal forum.
What is ISO 27001?
ISO 27001 is the internationally recognised standard for information security management. The certification is implemented to improve and regulate processes that you may already have in place to ensure secure storage of information and documents as well as confidentiality.
Protection with ISO 27001
With information security management systems such as ISO 27001, your organisation will ensure that your information assets, and your customer’s and other stakeholders’ data are sufficiently protected to save your company from paying costly fines.
Support with ISO 27001
Are you in need of support when it comes to information security management?
If you want to protect your company’s information assets, implement ISO 27001 into your company and receive the benefits.
Here at Candy Management Consultants, we have expert ISO 27001 consultants who can assist your organisation with implementing a bespoke information security management system, enabling you to obtain your certification. With our 100% success rate to date with all clients, you are guaranteed to achieve certification when you follow our guidance.