CD Projekt Red, the studio behind the Cyberpunk 2077 video game, recently fell victim to a targeted cyber-attack. The Polish developer stated that “an unidentified actor gained unauthorised access to our internal network, collected certain data belonging to CD Projekt Capital Group, and left a ransom note”.
Threatening to sell the studio’s source codes, the attacker (known as HelloKitty) demanded to be paid in full. At this stage, the studio has refused to give in, or even negotiate. Instead, they’ve secured their IT infrastructure and insisted that their backup remains intact.
But even so, the reputational damage has already been done. For this reason, it’s never been more important for your cybersecurity to be watertight.
2020 proved to be advantageous for cybercriminals. The slapdash approach many organisations took in transitioning to remote working meant they had holes in their security. Attackers could seize information as it moved between personal devices, and then threaten victims with either deletion or exposure.
In the case of CD Projekt Red, the attackers claim to have access to accounting, administrative, legal, HR and investor relations documents. They allege that these records will hurt the company’s image and drive down stock value. This is in addition to the stolen source code.
Of course, this now enters the realm of data protection. While the developers have said they are working with Poland’s relevant authorities and that customer information hasn’t been compromised, the consequences would have been significant. If CD Projekt Red had failed to protect personal data, they could be fined €20 million or 4% of their annual turnover. These fines increase for failure to alert both the ICO and those affected within 72 hours of becoming aware of the breach.
Only recently, British Airways was fined £20m for a data breach affecting more than 400,000 customers. According to the Information Commissioner’s Office (ICO) report, the airline was processing a significant amount of personal data without adequate security measures in place. This is the ICO’s biggest fine to date and proof of the rising cost of gaps in your security.
Recently, malware-related events have been in steady decline. In a year-on-year comparison through the third quarter of 2020, researchers recorded 4.4 billion malware attacks. This represented a 39% drop worldwide. Ransomware, on the other hand, has increased by 139% since last year, regularly making headline news.
Ryuk is one particular form of ransomware, and it accounted for a third of all related attacks in 2020. The software works by locking your files or systems and holding them to ransom. This is done by encrypting essential files, enabling threat actors to demand large amounts of money.
We know this thanks to the cybercrime helpdesk that exists to support those paying the ransom demand – which is fortunate, as cybercriminals have been focussing on industries that don’t have experience protecting themselves from threats. The 2017 WannaCry attack, for example, targeted the NHS and left them with a £73m IT bill.
The same is true of small businesses. Cybercriminals make easy money from organisations with little-to-no protection, and usually that’s SMEs. According to Verizon’s 2020 Data Breach Investigations Report, 28% of the breaches in 2019 involved small businesses.
Aside from arming yourself with high-grade cybersecurity, insurance and a supportive hosting provider, you can protect your business by following these steps:
Discover how UKFast’s expert security solutions keep your business protected from 2021’s biggest cyber-threats.