News is breaking that delivery firm Yodel, is suffering from a cyber-attack disrupting their services. The full nature of the attack is still unclear, although prominent cyber security expert Kevin Beaumont has suggested the attack was caused by ransomware.
The flaw in Strava’s privacy is a prime example of how cybercriminals can use seemingly innocent applications and infrastructure to gain sensitive information on other users. The fact this is not the first time Strava has been in the firing line for this type of flaw is even more surprising and shows companies – no matter how well-known and how popular their platform might be – still have a lot of work to do to secure their services. All too often, security and privacy are an afterthought in the software design process.
As IoT and wearable devices continue to increase, so does the potential impact for everyday people’s data to be exposed to criminals. Even if they believe their private information is protected, and the device or app settings indicate it to be private. It is the responsibility of the companies creating and selling these devices to improve security and ensure such basic tricks, like spoofing a GPS run, don’t give criminals an easy route to personal data, which could then be used for phishing campaigns or even more concerning actions.
The latest cyberattack on Yodel demonstrates that all organisations need to make cybersecurity a Boardroom priority, if they haven’t done so already. For years, cybercriminals have attacked targets for financial gain, but now we’re seeing an alarming pattern of debilitating attacks on our food, critical infrastructure, and rapid delivery supply chains.
There are several proven approaches that organisations can follow to help prevent cyber attacks:
1) Develop a comprehensive incident response plan.
2) Utilise a solution with ransomware detection and recovery.
3) Educate executive management about ransomware’s impact and the importance of responding quickly to customers’ inquiries about potential attacks.
4) Perform cybersecurity awareness training, which should include implementing effective data protection policies like strong password protection and multi-factor authentication. It’s also critical that end-users understand that any company can be a potential victim, regardless of its size or location.