The international hotel chain Omni Hotels & Resorts has confirmed that a cyberattack last month saw it shut down its systems, with hackers stealing personal information about its customers.

In the aftermath of the attack, hotel guests reported that they had been forced to check in on paper, that room keys didn't work, and all phone systems and Wi-Fi were offline.

Any organisation that has tried to recover from a ransomware attack knows that it can be time-consuming and costly. Companies hit by an attack must choose between paying a ransom or recovering encrypted data from a backup.

Unfortunately, ransomware gangs are too aware that they can leverage significantly higher ransoms from their corporate victims if they have also compromise the company's backups. For this reason, we are seeing more and more cyber attacks targeting backups because they know that organisations desperately need them to recover if they want to avoid paying a ransom to cybercriminals.

In October 2023, the British Library suffered "one of the worst cyber incidents in British history," as described by Ciaran Martin, ex-CEO of the National Cyber Security Centre (NCSC). 

The notorious Rhysida ransomware gang broke into one of the world's greatest research libraries, encrypting or destroying much of its data, and exfiltrating 600 GB of files, including personal information of British Library staff and users.

To Test or Not to Test? - When it comes to IT disaster recovery and remediation processes, regular testing is not a 'nice to have' - it's absolutely essential!

This isn't hyperbole on my part. You just have to look at the news on any given day. We've all heard the horror stories of organisations in both the public and private sectors experiencing prolonged downtime during disasters due to inadequate preparation, lack of testing, and the unsuitability of their legacy remediation processes and systems.

On the 18^th March 2024, the Information Commissioner's Office issued its updated guidance around the issuing of fines when organisations have been found liable for the integrity of their customers' or end users' data being compromised. It is already well-established now that failure to ensure critical data remains secure will result in costly fines, as we have seen repeatedly in multiple high-profile cases over the years.

Passwords are often more associated with individual and consumer cyber security, but they are an essential part of an organisation's overall security posture. For example, you wouldn't leave the windows open overnight as this would allow easy access into the building for thieves. In the same way, a weak password offers cyber attackers easy access to your corporate infrastructure, after which they can use these credentials to escalate permissions until they granted themselves administration privileges, at which point the risk of financial and reputational damage becomes truly serious!

With the flexible office model slowly but surely supplanting the traditional working environments in favour of dynamic co-working spaces for a number of years now, we have seen many organisations reconsider the way they think about commercial real estate.

The past year has challenged the UK's education sector in ways that would previously have been inconceivable, with children learning from home the majority of the time since March.

In spite of the ongoing evolution of cyber security processes and technology, human error is still responsible for 95% of data breaches¹. Phishing attacks alone represent a particularly insidious risk, with 91% of organisations experiencing a successful attack in 2021 alone_².

In light of recent geopolitical events, and the increased threat to corporate infrastructure, organisations across the UK must assume that they will be forced to contend with a cyber-attack in the near future and prepare accordingly. Indeed, the NCSC has already set out its own guidance to help organisations bolster their defences, which we strongly advise you to read and implement.

Retailers - be they small local shops, online sellers, or top global brands - generate, transfer, and store more data than ever before, ranging from customer data (both online and in-store, as we have considered in previous articles), to supply chain and asset tracking data. Whether it's shopping online or utilising in-store apps to access the latest savings and special offers, the way customers shop has fundamentally changed forever, with the data they generate online and in person allowing retailers to build up unique personas that drive truly bespoke experiences.