Technology stocks shuddered Monday, following the New York Times expose of a politically aligned insights group harvesting the data of 50 million Facebook users. While raising fears of regulatory intervention in big tech, this demonstrates how data security and cyber risk need to be front of mind for companies, governments and investors. Over the past few years, an escalating and increasingly concerning spate of data breaches and hackings has come to light, providing genuine cause for concern. In June of 2017, reports of companies falling ill to new hijacking software began filtering through news agencies. Cyber Security firm, Kaspersky, was reporting wide ranging infections of a new malware variant causing material damage to organisations.  The severity of this wave of “ransomware” became more apparent as it spread from little known Ukrainian banks to large Western corporations. This malicious software, dubbed NotPetya, followed hot on the heels of the less damaging, but highly pervasive, WannaCry outbreak.  The gravity and economic impact of this event only became quantified as global listed companies began reporting the quarterly earnings impact of losing access to their data and systems for several days. Maersk, hit so severely that internal communication devolved to WhatsApp messaging, announced a financial impact of US$300m on its third quarter earnings.  FMCG behemoth Reckitt Benckiser, the U.K based manufacturer of household brands like Dettol, acknowledged the incident would reduce like-for-like sales from 3% to 2%, or around £100m, owing to supply chain disruptions and manufacturing down time. Many other listed corporations including FedEx, Merc and WPP joined the chorus of downgrades, and these were just the businesses that were required to under statutory reporting laws. Countless companies were spared the reputational damage of confessing their security breach. The NotPetya catastrophe was an example of a Cryptoworm, designed to encrypt data and storage devices, then demand Bitcoin payments to unlock them.  Malicious software is a continuously evolving beast, driven by a cat and mouse game between hackers, security firms and governments.  A fortuitous development for this illicit craft was the onset of cryptocurrencies, allowing anonymous transfers of digital ransom.  Even paying the ransom may not save your data, as the intent of the malware is often to merely inflict damage. NotPetya’s ability to harvest ransom was also limited as the email address used to receive decryption keys was quickly shutdown by its ISP. The likely resolution in most cases was for I.T staff to simply restore systems to backup images and attempt to resurrect systems to an operating state. Viruses have plagued organisations for as long as computers have enabled data to be…

This article is for members only

To read this article - sign up for a FREE 14 day trial NOW

Blurred Text