A ransomware attack has hit a prominent NYC law firm with a client list that includes top celebrities, musicians, sports stars and media companies. The attackers are demanding an undisclosed ransom or they will begin leaking data in a phased approach, putting the affected parties at greater risk for additional exposure and fraud. A previous victim of the same type of attack paid $2.3M in ransom.
What does this have to do with you? What data does your organization store or have access to? Are you meeting your obligations to protect it?
State and local governments have data on taxpayers, employees, social services recipients, criminal justice files. For small towns, the town and school networks are often intertwined, which means greater exposure if one side is breached.
Educational institutions have student data, which holds a high value for resale as it takes longer to detect identity theft with a clean credit history, so the social security numbers sell for up to 50x the typical rate for adults.
Professional services (legal, accountants, IT service providers) not only store data on their clients but may also have access to the client networks, adding another level of risk. A breach of a single provider can expose the data of many of their clients, making them prime targets.
Manufacturers that have contracts with the government are being forced to comply with higher data protection standards than ever before because of the risk of data exposure from lax security. Even those without data that could harm the government or customers may have proprietary information on their customers, their pricing models or product secrets that could cause losses that they can’t recover from.
Regardless of which category you fall under, CyberSecurity as a Service (CSaaS) can help you to determine where you are most at risk, prioritized steps to reduce risk, and ongoing solutions for detection and response. Data protection blindspots can be identified and addressed.
