This week’s Knowledge Update talks about a brute force attack that happened on the Scottish Parliament, a ransomware attack on one of LG’s service centres in South Korea and that retailers need to improve their data security.
Brute-force attack (Scottish Parliament)
The Scottish Parliament faced a brute force attack on the 15th August. A brute force attack is a method used to crack encrypted passwords through mass trial and error. The weaker the password the easier and faster it is to crack it. SC Media reports that “too many of the Scottish Parliament members were using weak passwords. Whilst there are no reports of successfully compromised email accounts, some members may have now found themselves locked out of their accounts.” This attack follows a similar brute force attack on Parliament in June.
Companies should have password policies across the organisation dictating the use of strong passwords as well as incorporating two-factor authentication (2FA) where possible. A guide can be found here.
LG Electronics Company has faced a ransomware attack on one of its service centres in South Korea. “The suggestion is that the WannaCry code may have been uploaded to one of the LG kiosks and started to spread to other systems in the network, but was caught and stopped before infecting the entire organisation.”
Ransomware can affect any organisation regardless of size, to protect your organisation, anti-virus should be installed and operating systems should be kept up to date. Secure and regular backups should be taken of business-critical data and staff should be made aware of the risk of malware. A guide can be found here.
Retailers need to improve data security
The number of retailers reporting data breaches to the Information Commissioner’s Office (ICO) has doubled in the past year, according to law firm RPC. Not only does this risk the retailers’ reputation and their relationship with their customers but also puts them at risk of punitive fines.
Organisations need to ensure that they protect the data they control, becoming cyber essentials accredited offers a solid foundation for data protection (more information on cyber essentials can be found here).
Organisations should also ensure that their staff know how to process and handle data, a guide to data protection can be found here.