Details are slim at the moment as to what the cause of the incident is. But judging from the fact that Toll has shut down many systems and reverted some processes to manual, ransomware could be a likely culprit. If it is ransomware, this could be bad news for the company. We've seen cyber criminals get more and more cunning with their ransomware infections. No longer are they just satisfied with encrypting data and demanding payment, but they take the opportunity to steal data and credentials, and use those as extra leverage against the victim organisation. As such, the benefit of having offsite backups or threat detection controls begins to diminish, and it becomes imperative that organisations protect against infection to begin with. When we look at the most common attack vectors, this usually boils down to knowing where all assets are, ensuring public-facing systems are patched, multi factor authentication is deployed where possible, and perhaps most importantly, all staff are provided effective security awareness and training so that they can recognise phishing or other social engineering attacks and report them.  Read Less