Graff Cyber Attack Response – How To Mitigate The Damages Of Ransomware Attacks

BACKGROUND:

It has been reported that some of the world’s most powerful, wealthy and famous people are thought to have had their personal details stolen by a cybercriminal gang which hacked into the computer systems of exclusive UK jeweller Graff. The data theft was carried out by Russian group Conti, believed to be based near St Petersburg, which has already leaked 69,000 confidential documents on the so-called dark web, according to reports. However, it is thought Graff believes the vast majority of people did not suffer any personal data loss – simply their name and address, which are typically available in the public domain from other sources – but not containing details that are considered sufficient to put them at risk of identity theft.

The following security experts have provided commentary on the story:

Subscribe
Notify of
guest

6 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Chris Vaughan
Chris Vaughan , Technical Account Manager
InfoSec Expert
November 2, 2021 12:25 pm

<p>Having the right security defences in place to protect an organisation’s IT infrastructure – including having back up mechanisms which are regularly tested – are crucial to mitigating the damage of a ransomware attack. On this occasion it is reassuring that Graff was able to react and shut down its network quickly to minimise the impact, although it appears the hackers claim to have obtained potentially damaging data that looks to have been leaked.</p>
<p>Companies who hold private information should ensure they have clearly defined security policies and procedures to avoid the leak of information. This starts with employee education, which underscores all effective cybersecurity and data protection strategies and comprehensive best practice guides are critical to protecting information, especially when holding sensitive data on customers.</p>
<p>Endpoint visibility is another important capability for IT teams who are combatting these threats. This allows them to regularly monitor vulnerabilities and any suspicious activity. Such defences can help ensure that sensitive customer data remains safe, which is important in gaining customer trust and avoiding large fines from breaching regulations such as the GDPR.</p>

Last edited 11 months ago by Chris Vaughan
Jen Ellis
Jen Ellis , Vice President of Community and Public Affairs
InfoSec Expert
November 2, 2021 12:21 pm

<p>While Graff may seem like a juicy target for attackers given their A-list clientele and expensive products, in reality any organisation of any size and in any sector can fall victim to a cyber-attack. All businesses have data that is sensitive, confidential, and in some way valuable to them, so any business can represent a payday for a cyber attacker. It\’s essential that business leaders wake up to the realities of this threat and ensure that their organisation has taken the appropriate steps to identify its core data and systems and protect them as needed. While not every organisation will face a ransom demand in the tens of millions, the cost of recovery and disruption is always a major hit. It\’s important to encrypt and segment sensitive data, as well as regularly backing it up offline. Ensure you have appropriate email filtering and identity and access management controls in place, are patching known vulnerabilities quickly, and are educating any users on the risks.</p>

Last edited 11 months ago by Jen Ellis
Matt Aldridge
Matt Aldridge , Principal Solutions Architect
InfoSec Expert
November 2, 2021 12:16 pm

<p>When high-end businesses are attacked and data belonging to the rich and powerful is released, it serves as a timely reminder that cybersecurity is vital for all industries and no one is safe from an attack unless they implement the right software and protection. <u></u><u></u></p>
<p>Organisations need to be reminded that they remain responsible for all information entrusted to them by their customers, whether the data is stored and transmitted internally or is processed by third-party entities. Hackers only need to find one weakness in any system, and this specific attack highlights why defences in all industries must be robust. Client data is very valuable to hackers, with the stolen information often used to commit further crimes like identity theft or more targeted phishing scams.<u></u><u></u></p>
<p>As attackers constantly develop and deploy new technologies to help them access private data, organisations should improve their cybersecurity arsenal to keep their data safe. Smart capabilities, such as machine learning, can be used to intelligently deliver threat protection and help detect and stop attacks, particularly on a large scale. A combination of an intelligent and well-defined approach to security which includes security awareness education, as well as making use of the latest technologies, can go a long way to improving defences.</p>

Last edited 11 months ago by Matt Aldridge
Javvad Malik
Javvad Malik , Security Awareness Advocate
InfoSec Expert
November 2, 2021 12:15 pm

<p>This appears to be a targeted attack which is against high net value individuals. While it may be true that a great deal of personal information may not have been exposed, it can all still be useful to criminals. Data can be considered akin to chemical elements. On their own they may be inert, but combined together, can be devastating. All victims whose data has been affected should be notified in a timely manner.</p>

Last edited 11 months ago by Javvad Malik
Robert Golladay
Robert Golladay , EMEA and APAC Director
InfoSec Expert
November 2, 2021 12:14 pm

<p>Companies tend to downplay the impact of Ransomware attacks these days, implying that they are happening to everyone.  Graff states that the vast majority of customers did not experience personal data loss and stress how they have been targeted by a sophisticated cyber attack “in common with a number of other businesses”. </p>
<p>I would advise companies to provide clear statements on corrective actions, describing how they will invest to keep assets like customer data safe in the future, and restore customers’ confidence with a program to improve their cyber resilience. There should be a call for more transparency with these attacks.</p>

Last edited 11 months ago by Robert Golladay
Information Security Buzz
6
0
Would love your thoughts, please comment.x
()
x