Cyber-attack on The Works is a warning to others

The recent cyber-attack on discount retailer The Works, emphasises the need for organisations of all sizes to invest in ransomware prevention measures.

Since sanctions were imposed on Russia following the Ukraine invasion, there has been a tremendous surge in cyber-attacks aimed at all sectors of the economy.

Sir Jeremy Fleming, Director of GCHQ, the UK’s intelligence, cyber and security agency, has said the Russian regime is identifying institutions and businesses to bring down and predicts the number of state-sponsored attacks will increase.

It is not just banks and similar high-profile organisations that need to review their cyber security.

In this instance cyber thieves targeted a business that sells books, stationery, craft supplies and toys.

Five of The Works outlets were temporarily closed after an unknown perpetrator gained unauthorised access to its systems, adversely impacting trade and business operations by creating till issues and forcing delays to store deliveries and online orders.

Forensic experts have been hired to investigate the data breach and The Works has notified the Information Commissioner’s Office (ICO) of the incident.

There is a staggering disparity between how well organisations believe they are protected against ransomware, versus the protection that their existing data protection and anti-malware solutions actually provide.

This has grown massively since the start of the pandemic which has triggered global cloud adoption, a huge increase in shadow IT and widespread remote working, leading to extensive new data protection challenges.

Thankfully, in the case of The Works, third-party systems secured their most sensitive customer data, highlighting the need of engaging external third-party providers for data security and backup.

While there is no 100 percent effective way to avoid being a ransomware victim, there are actions you can take to ensure your backup strategy will allow you to recover effectively:

• Air gap – guarantee that the primary and backup storage systems are physically separated. Bad actors are unable to access backup data copies because of this physical break.
• 3-2-1-1 – The most recent best practise calls for three copies of data, two separate backup media, one offshore location to store backups online AND an offsite location for backups offline – all air-gapped.
• Backup data malware detection and removal – ransomware frequently stays idle on a network for long periods of time before encrypting systems, ensuring that it is present in all backup versions, making malware-free recovery impossible. It’s become critical to be able to detect and remove ransomware from backup data, as well as have an isolated area where you can restore data.
• Instant / rapid recovery flexibility – Long periods of downtime can be just as harmful as data loss. A backup strategy must allow users to quickly return to work by allowing temporary access to data, if necessary, with priority recovery of vital data if necessary.

There is no fail-proof technique to thwart cybercriminals, and no means to get rid of ransomware. With the right cloud backup, however, you can ensure that your organisation is not held hostage by their demands.

For more information contact Redstor.