Graff Cyber Attack Response – How To Mitigate The Damages Of Ransomware Attacks

BACKGROUND:

It has been reported that some of the world’s most powerful, wealthy and famous people are thought to have had their personal details stolen by a cybercriminal gang which hacked into the computer systems of exclusive UK jeweller Graff. The data theft was carried out by Russian group Conti, believed to be based near St Petersburg, which has already leaked 69,000 confidential documents on the so-called dark web, according to reports. However, it is thought Graff believes the vast majority of people did not suffer any personal data loss – simply their name and address, which are typically available in the public domain from other sources – but not containing details that are considered sufficient to put them at risk of identity theft.

The following security experts have provided commentary on the story:

Experts Comments

November 02, 2021
Jen Ellis
Vice President of Community and Public Affairs
Rapid7

While Graff may seem like a juicy target for attackers given their A-list clientele and expensive products, in reality any organisation of any size and in any sector can fall victim to a cyber-attack. All businesses have data that is sensitive, confidential, and in some way valuable to them, so any business can represent a payday for a cyber attacker. It's essential that business leaders wake up to the realities of this threat and ensure that their organisation has taken the appropriate steps

.....Read More

While Graff may seem like a juicy target for attackers given their A-list clientele and expensive products, in reality any organisation of any size and in any sector can fall victim to a cyber-attack. All businesses have data that is sensitive, confidential, and in some way valuable to them, so any business can represent a payday for a cyber attacker. It's essential that business leaders wake up to the realities of this threat and ensure that their organisation has taken the appropriate steps to identify its core data and systems and protect them as needed. While not every organisation will face a ransom demand in the tens of millions, the cost of recovery and disruption is always a major hit. It's important to encrypt and segment sensitive data, as well as regularly backing it up offline. Ensure you have appropriate email filtering and identity and access management controls in place, are patching known vulnerabilities quickly, and are educating any users on the risks.

  Read Less
November 02, 2021
Chris Vaughan
Technical Account Manager
Tanium

Having the right security defences in place to protect an organisation’s IT infrastructure – including having back up mechanisms which are regularly tested – are crucial to mitigating the damage of a ransomware attack. On this occasion it is reassuring that Graff was able to react and shut down its network quickly to minimise the impact, although it appears the hackers claim to have obtained potentially damaging data that looks to have been leaked.

Companies who hold private information should

.....Read More

Having the right security defences in place to protect an organisation’s IT infrastructure – including having back up mechanisms which are regularly tested – are crucial to mitigating the damage of a ransomware attack. On this occasion it is reassuring that Graff was able to react and shut down its network quickly to minimise the impact, although it appears the hackers claim to have obtained potentially damaging data that looks to have been leaked.

Companies who hold private information should ensure they have clearly defined security policies and procedures to avoid the leak of information. This starts with employee education, which underscores all effective cybersecurity and data protection strategies and comprehensive best practice guides are critical to protecting information, especially when holding sensitive data on customers.

Endpoint visibility is another important capability for IT teams who are combatting these threats. This allows them to regularly monitor vulnerabilities and any suspicious activity. Such defences can help ensure that sensitive customer data remains safe, which is important in gaining customer trust and avoiding large fines from breaching regulations such as the GDPR.

  Read Less
November 02, 2021
Matt Aldridge
Principal Solutions Architect
Webroot

When high-end businesses are attacked and data belonging to the rich and powerful is released, it serves as a timely reminder that cybersecurity is vital for all industries and no one is safe from an attack unless they implement the right software and protection.

Organisations need to be reminded that they remain responsible for all information entrusted to them by their customers, whether the data is stored and transmitted internally or is processed by third-party entities. Hackers only need

.....Read More

When high-end businesses are attacked and data belonging to the rich and powerful is released, it serves as a timely reminder that cybersecurity is vital for all industries and no one is safe from an attack unless they implement the right software and protection.

Organisations need to be reminded that they remain responsible for all information entrusted to them by their customers, whether the data is stored and transmitted internally or is processed by third-party entities. Hackers only need to find one weakness in any system, and this specific attack highlights why defences in all industries must be robust. Client data is very valuable to hackers, with the stolen information often used to commit further crimes like identity theft or more targeted phishing scams.

As attackers constantly develop and deploy new technologies to help them access private data, organisations should improve their cybersecurity arsenal to keep their data safe. Smart capabilities, such as machine learning, can be used to intelligently deliver threat protection and help detect and stop attacks, particularly on a large scale. A combination of an intelligent and well-defined approach to security which includes security awareness education, as well as making use of the latest technologies, can go a long way to improving defences.

  Read Less
November 02, 2021
Javvad Malik
Security Awareness Advocate
KnowBe4

This appears to be a targeted attack which is against high net value individuals. While it may be true that a great deal of personal information may not have been exposed, it can all still be useful to criminals. Data can be considered akin to chemical elements. On their own they may be inert, but combined together, can be devastating. All victims whose data has been affected should be notified in a timely manner.

November 02, 2021
Robert Golladay
EMEA and APAC Director
Illusive

Companies tend to downplay the impact of Ransomware attacks these days, implying that they are happening to everyone.  Graff states that the vast majority of customers did not experience personal data loss and stress how they have been targeted by a sophisticated cyber attack “in common with a number of other businesses”. 

I would advise companies to provide clear statements on corrective actions, describing how they will invest to keep assets like customer data safe in the future, and restore

.....Read More

Companies tend to downplay the impact of Ransomware attacks these days, implying that they are happening to everyone.  Graff states that the vast majority of customers did not experience personal data loss and stress how they have been targeted by a sophisticated cyber attack “in common with a number of other businesses”. 

I would advise companies to provide clear statements on corrective actions, describing how they will invest to keep assets like customer data safe in the future, and restore customers’ confidence with a program to improve their cyber resilience. There should be a call for more transparency with these attacks.

  Read Less
November 02, 2021
Burak Agca
Security Engineer
Lookout

No industry or sector has been left unaffected by the recent spate of ransomware attacks. We have seen countless high profile organisations targeted by ransomware gangs, and Graff is just another name added to the growing list. But, ransomware itself isn’t a new problem, the challenge persists because of how attackers constantly evolve their tactics to get into corporate infrastructure and lock up or steal resources.  Years ago, attackers would use brute force to find a small crack in an

.....Read More

No industry or sector has been left unaffected by the recent spate of ransomware attacks. We have seen countless high profile organisations targeted by ransomware gangs, and Graff is just another name added to the growing list. But, ransomware itself isn’t a new problem, the challenge persists because of how attackers constantly evolve their tactics to get into corporate infrastructure and lock up or steal resources.  Years ago, attackers would use brute force to find a small crack in an organization’s armour, then exploit that to take over their infrastructure.

The issue is that these days, there are much more discreet ways for cybercriminals to find their way into your infrastructure. Most commonly, they figure out how to compromise an employee’s account so they can log in with legitimate credentials that don’t throw any red flags. Credentials are frequently stolen through phishing attacks on mobile devices. On smartphones and tablets, attackers have countless ways of socially engineering individuals over SMS, third party chat platforms, and social media apps. Every day, it becomes more important to be able to secure everything in your organization from the users and devices they use all the way up to the data they access and the apps it’s stored in.

Moving forward it is going to be critical for IT security that organisations understand the nature and technical detail behind incidents fully, and ensure endpoint detection and response is conducted. This must be coupled with a strategy that delivers on a zero trust architecture.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.