In this challenging era of digital transformation, organisations of all shapes and sizes are at risk of being impacted by ransomware – a type of malicious software designed to block access to critical data and/or systems until a sum of money is paid as a ransom.
As highlighted in the recent Telstra Security Report 2018, ransomware is on the rise and is becoming increasingly targeted. Key insights coming out of the report include:
- Attacks are increasing – 76% of Australian respondents experienced a ransomware attack in 2017, which is more than in previous years.
- Roll the dice – almost half (47%) of these organisations paid the ransom, despite having no guarantee that doing so would unlock their stolen data.
- No defence – a quarter of respondents globally did not have, or did not know if their organisation had, a security incidence response plan in place to deal with such threats.
With cyber attacks continuing to evolve in complexity and severity, it is essential that a dynamic cyber security strategy is adopted by organisations in order to protect their assets, along with the development of a culture of awareness to ensure they are best prepared to protect against potential threats.
This is especially crucial for those organisations with personal information security obligations under the Privacy Act 1988 which is covered by the new Notifiable Data Breaches (NDB) scheme.
The NDB scheme carries significant financial penalties for serious or repeated interferences with the privacy of an individual – up to $360,000 for individuals and $1.8 million for organisations – meaning that any organisations that collect personal information from their customers and staff cannot afford to neglect understanding how the new laws affect them.
Confused? Don’t worry, we’re here to help.
F1 IT Group (Banks Group’s independent IT partner) has a team of specialists who can help you develop multi-layered strategies in order to mitigate the risks of ransomware in your organisation. F1 IT Group can also help you understand your NDB scheme obligations to ensure you are covered from a technical and internal control (human process) methodology.