What types of businesses have you seen attacked in your market?
Darren Booth, Partner - RSM Australia
No organisation is safe - we’ve seen targeted attacks against retailers, health care providers, financial services organisations, managed services providers, critical infrastructure, education providers and many others. The maturity of the organisations being targeted, in terms of security levels, varies from low (low complexity attacks) to high (higher complexity attacks leveraging multiple vulnerabilities and exploits).
Sheila Pancholi, Partner – RSM UK
What we continue to see is that no one is immune. There is no real pattern to the types of organisations being attacked, however clearly the larger high-profile brands are the ones that receive the most publicity. For the attackers, it is these high-profile brands that will continue to remain a target due to the on-sell value and the potential ransom that the attackers could receive as a result of successfully attacking these organisations. If we look at some examples from 2019 to give us a picture of what the cyber landscape looked like then (noting it is changing rapidly), we would see the scale of the challenge. In 2019, ransomware hackers successfully attacked major cities, governments, businesses, hospitals, and schools around the world.
The majority of cyber-attacks exploit basic vulnerabilities in IT systems and software. Distributed Denial of Service (DDoS) attacks, ransomware, phishing scams and data dumping are examples of some of the most common crimes. While there may be no obvious motivation for someone to target your SME, cyber-attacks aren’t necessarily directed at specific victims. Instead, the attacker might target multiple tens, hundreds, even thousands of people or organisations in the hope of maximising the chance of ‘success’. Therefore, the risks remain the same for any organisation.
Gregor Strobl, Partner – RSM Germany
At the end of 2019, the Federal Office for Information Security (BSI) presented its annual report on the state of IT security in Germany. The report concludes what we, as cybersecurity professionals, experience every day when working with clients. Cyber-attacks have risen to a higher grade of sophistication - on many more levels. Therefore, the IT threat remains alarming. However, it also illustrates that organisations can withstand malicious attacks by consistently implementing IT security measures. For example, ransomware incidents have increased significantly, causing serious disruptions across all sectors. In Germany, production facilities as well as hospitals and municipalities were hit, unlike the federal government’s IT systems or operators of critical infrastructures. The criminal group responsible for the cyber-attack, which has disrupted high-street banks and the foreign currency exchange chain, Travelex, has launched what has been described as a “massive cyber-attack” on an automotive parts supplier. The target was the well-known German manufacturer, Gedia Automotive Group, which employs 4,300 people in seven countries. The company said today that the attack will have far-reaching consequences for the company and that it has been forced to shut down its IT systems and send staff home due to the cyber-attack. In addition, the company was threatened by the hackers with the leak of sensitive information if the ransom was not paid within seven days.