Curated advice, guidance, learning and trends in cybersecurity and privacy, as chosen by our consultants.

Breaches are bad for business… literally

Expect to see this story featured in lots of security presentations about worst-case scenarios following a data breach. Last month, the Finnish therapy centre provider Vastaamo went into liquidation, having suffered a ransomware infection last year. The criminals responsible blackmailed patients, threatening to publish extremely sensitive information about them. Now Vastaamo may need to file for bankruptcy and could go out of business if it can’t pay its debts. 

Vastaamo is the 21st company destroyed by breaches, and also the largest with 400 employees, says security researcher Adrian Sanabria. He maintains a list of companies forced to close due to security incidents. Small businesses “are most vulnerable and least capable of defending… ransom/extortion is the cause of a third of these 21 business deaths,” Sanabria wrote. If you’re worried about the risk to your business and want to know more about protecting against the threat of ransomware, here’s a link to our free white paper

Data Protection Commission’s annual report 

In 2020, the Data Protection Commission handled more than 10,000 cases, 9 per cent more than the previous year. Its latest annual report (summary here) revealed a 10 per cent increase in breach notifications in 2020. Of the 6,628 valid cases, 86 per cent were due to unauthorised disclosure and 60 per cent were from the private sector. Most cases (90 per cent) were concluded during 2020. By the end of December, the office had 83 statutory enquiries against the likes of Facebook, Instagram, Twitter, Google and others.

Among the interesting nuggets to catch our eye: there are now over 2,000 registered data protection officers in Ireland. The report also noted a continuing trend of organisations and individuals “attempting to misuse the GDPR to obfuscate or pursue other agendas”. The full report runs to almost 100 pages and is free to download. As always, it has useful insights on how companies can improve their GDPR compliance and data protection programmes. 

Securing SMEs and sole traders

The UK National Cyber Security Service has developed a free online tool that produces a customised action plan to help sole traders and small businesses to protect themselves effectively. It takes the form of a short survey which takes a few minutes to complete. Based on the answers, the tool gives advice on follow-up actions you can take to improve security. 

“This will help companies navigate their way through the maze they see around cybersecurity,” said Brian Honan. Writing in the SANS newsletter, he said he hoped other governments would adopt the NCSC’s proactive stance in providing businesses with free and independent guidance on how to keep their systems secure. As ZDNet’s story relates, many small businesses fall victim to cybercrime either because they’re an easy target or for supply chain attacks. A similar tool aimed at home users and families is in the works. 

The online tool is free to access here.

Links we liked

A free security book in PDF form: Building Secure and Reliable Systems. MORE

A new book on ABCs of cybersecurity: awareness, behaviours and culture change. MORE

This chart shows the connections between cybercrime groups. MORE

File under ‘know thy enemy’: a playbook to understand phishers. MORE

A walk-through of ransomware negotiations and the modus operandi. MORE

Lessons for cybersecurity: incident response in the airline industry. MORE

Cyber Ireland’s Cyber Security Skills Report 2021 looks into the industry skills shortage. MORE

Hiring for security roles: the experience dilemma. MORE

An elegant, visually presented roadmap of security certifications from Paul Jerimy. MORE

A deep dive into what you’re agreeing to when you click ‘accept all cookies’. MORE

Have you signed up to our monthly newsletter? Every month we send out the latest cybersecurity and data protection news, trends and advice from around the globe. Sign up here