The international hotel chain Omni Hotels & Resorts has confirmed that a cyberattack last month saw it shut down its systems, with hackers stealing personal information about its customers.
In the aftermath of the attack, hotel guests reported that they had been forced to check in on paper, that room keys didn't work, and all phone systems and Wi-Fi were offline.
Any organisation that has tried to recover from a ransomware attack knows that it can be time-consuming and costly. Companies hit by an attack must choose between paying a ransom or recovering encrypted data from a backup.
Unfortunately, ransomware gangs are too aware that they can leverage significantly higher ransoms from their corporate victims if they have also compromise the company's backups. For this reason, we are seeing more and more cyber attacks targeting backups because they know that organisations desperately need them to recover if they want to avoid paying a ransom to cybercriminals.
In October 2023, the British Library suffered "one of the worst cyber incidents in British history," as described by Ciaran Martin, ex-CEO of the National Cyber Security Centre (NCSC).
The notorious Rhysida ransomware gang broke into one of the world's greatest research libraries, encrypting or destroying much of its data, and exfiltrating 600 GB of files, including personal information of British Library staff and users.
To Test or Not to Test? - When it comes to IT disaster recovery and remediation processes, regular testing is not a 'nice to have' - it's absolutely essential!
This isn't hyperbole on my part. You just have to look at the news on any given day. We've all heard the horror stories of organisations in both the public and private sectors experiencing prolonged downtime during disasters due to inadequate preparation, lack of testing, and the unsuitability of their legacy remediation processes and systems.
On the 18th March 2024, the Information Commissioner's Office issued its updated guidance around the issuing of fines when organisations have been found liable for the integrity of their customers' or end users' data being compromised. It is already well-established now that failure to ensure critical data remains secure will result in costly fines, as we have seen repeatedly in multiple high-profile cases over the years.
From day-to-day consumer banking to high-profile asset and wealth management, the way we all access financial services is changing in ways that would have been inconceivable just a few years ago. Online banking is now firmly established, allowing customers to manage their money securely within a few clicks - anytime, anywhere and without the need to visit a branch. A 2022 survey revealed that the quality of the online experience was a key factor in 81% of adults' choice of bank1.
As a long-standing technology partner for multiple financial organisations across the UK, the team at Exponential-e have been observing the sector's evolving relationship with technology for some time - both the growing demand for a higher standard of operational resilience, and an increasing awareness of the challenges and opportunities that Cloud transformation presents.
The Finance sector has always been one of the most dynamic, rapidly evolving industries, and this shows no signs of changing any time soon. But while shifts in the landscape may well open new opportunities, they will also come with new challenges, and it is the organisations who are ready and able to face these head-on who will continue to thrive in the years ahead.
All organisations store data, and regardless of whether it's a recipe or an algorithm, this data is an organisation's most prized asset, which is why hackers make it their target. The Cyber Security Breaches Survey 2019 from the Department for Digital, Culture, Media & Sport (DCMS) found that 32% of businesses identified cyber security breaches or attacks in the last 12 months, which have cost an average of £4,180 in lost data and assets
The healthcare sector generates higher volumes of patient data on a daily basis than ever before - all of which conceals a rich vein of opportunities to optimise efficiency and enhance patient care. The demand for more efficient diagnosis and more effective management of data has naturally led to the rise of digital pathology and - in turn - the Picture Archiving and Communication Systems (PACS) that underpin these initiatives.
In a heightened cyber threat landscape - where ransomware attacks are increasing in frequency and sophistication - and having weathered the challenges of COVID-19 and the resulting move to hybrid working, the Finance sector is still continually challenged to demonstrate to its customers that critical services will remain available no matter what, and that sensitive financial data will remain fully secure at all times.
In spite of the ongoing evolution of cyber security processes and technology, human error is still responsible for 95% of data breaches1. Phishing attacks alone represent a particularly insidious risk, with 91% of organisations experiencing a successful attack in 2021 alone2.
In light of recent geopolitical events, and the increased threat to corporate infrastructure, organisations across the UK must assume that they will be forced to contend with a cyber-attack in the near future and prepare accordingly. Indeed, the NCSC has already set out its own guidance to help organisations bolster their defences, which we strongly advise you to read and implement.
For some years now, Cloud adoption has been steadily on the rise across the UK's Finance sector, with organisations including banks, insurers, and investment firms phasing out increasingly cumbersome legacy systems in favour of more scalable, agile, and cost-effective infrastructure. Indeed, more than 48% of UK banking services are now built on Cloud infrastructure.
In light of numerous dramatic shifts in the geopolitical landscape in recent months, this blog has reiterated the need for organisations across all sectors to strengthen and - if necessary - reconsider their cyber security postures, in order to prepare for the anticipated attacks by global bad actors. The legal sector is no exception, particularly as these attacks are anticipated to specifically target the most high-value data.
