The construction company Interserve received a hefty fine of £4.4 million from the ICO due to a security breach. Below is a comment from cybersecurity experts on this large fine and how it will help industry as a whole.
The construction company Interserve received a hefty fine of £4.4 million from the ICO due to a security breach. Below is a comment from cybersecurity experts on this large fine and how it will help industry as a whole.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
The £4.4 million fine from Britain’s data watchdog sends a stern warning to organisations that they must take data protection much more seriously or face hefty penalties. We are continuing to see an increase in these cyberattacks which highlight the need for organisations to take data protection seriously. Businesses deal with sensitive stakeholder information and it is vital that organisations adequately protect it and know exactly where it is stored and who can access it.
Our Mimecast State of Ransomware report found that the average ransomware attack payment for successfully targeted organisations is more than £600,000. The financial penalties for these breaches drastically outweigh the cost of investing properly in appropriate security and data management solutions. It is not just the financial penalties that businesses face but the damage to their reputation. Once this happens, brands often lose the trust of consumers and partners, and this can be a struggle to recover.
It is critical for businesses to have effective, multi-layered cybersecurity measures in place to minimise these cyberattacks from happening. With a well-rehearsed cyber resilience response plan in place and frequent cybersecurity awareness training, organisations will be better prepared for these cyberattacks in future.
The large fine given to Interserve is the latest reminder from the Information Commissioner’s Office (ICO) that they are serious about tackling instances of employee and customer data not being adequately protected. This incident follows a trend that I see when working with organisations to bolster their cybersecurity standards: too many still focus too much on reactive measures rather than preventative ones.
A narrative has emerged across many IT teams that attacks are becoming too sophisticated to be stopped, and that therefore their efforts should be focused on reacting to security incidents rather than preventing them. However, I would encourage them to focus more on preventative measures which can either minimise the impact of breaches or avoid them altogether. A recent Tanium report found that 90 percent of UK IT Directors agreed that ‘the majority of cyberattacks that we have experienced within our organisation have been in some way avoidable’. They are avoidable because breaches are often caused by simple things such as a work device not being patched or a staff member clicking on a link in a phishing email as we saw in the case of Interserve.
All successful prevention strategies rely on having full visibility of the organisation’s network, particularly the devices connecting to it as some will carry security weaknesses. ‘You can’t protect what you can’t see’ is very true when it comes to IT, and unfortunately, it’s a problem that many organisations face. By adopting a proactive approach including this visibility and staff training, organisations will reduce the number of successful attacks and the associated fines from the authorities.