We often warn people that it does not matter how large or small your organisation is, it is no longer a case of if your system is hacked, but when. No brand is immune. In an ironic twist last week, the UK’s data privacy watchdog, the Information Commissioner’s Office, was compromised by an embarrassing cryptojacking incident.
Cryptojacking is a new phenomenon and the cause of yet another headache for IT security experts and company directors alike. This malware does not target company websites, rather weaknesses in bots, plugins and patches that give it access to websites.
The difference with this new malware is that it does not have to be introduced into a specific computer system; it works when someone visits an infected website, downloading itself as secretly as possible onto the new carrier. So instead of hackers having to target 1,000 different companies, which is a hugely time-consuming process, cryptojacking malware can target just one, which then goes on to infect other systems, with the potential of reaching far more systems for a lot less effort.
The spread is therefore random and could affect any company anywhere in the world, capitalising on the vulnerability of systems that do not use up-to-date antimalware.
The reason the ICO website was infected is because it clearly did not follow the rules of best practice. Had the software been up-to-date, the malware would have been far less likely to have compromised the website. It is a similar situation to the one Carphone Warehouse recently found itself in, when its failure to protect customer records from a cyberattack led to a massive fine from the ICO.
The good news is that there are measures you can take to secure your own system. The poor practice of large companies must not prevent us from trying to protect ourselves, however small your business is. As an example, I recently went onto a website when cryptomining malware tried to download into my system. Our security software flagged up the issue and our engineers were able to deal with it quickly and safely. With a managed approach to cybersecurity, you can protect your system against threats and, in doing so, protect your brand and its reputation.
Get in touch if your business may benefit from any IT security services we offer.