What is the risk?
We have seen a significant increase in sophisticated cyber-attacks from the last quarter of 2022. These include attacks this week on Royal Mail and the Guardian that prompted the Financial Times front page headline: “Attacks on Royal Mail and Guardian stoke fears over surge in cyber crime”.
For the Royal Mail this resulted in a large-scale system closure. At the Guardian, sensitive and confidential details, including financial and personal data of employees and customers have been taken. This data can be used to facilitate fraud or sold on the dark web. We have also seen a resurgence in ransomware attacks that significantly impact company operations.
Our Crisis & Risk team have worked in recent weeks on cyber-attacks that potentially mirror the assault on the Guardian where it is believed an employee password authentication process was replicated and breached in a phishing attack. These attacks target employees, who allow the criminals access to company systems by accepting requests for access and authentication that are sophisticated and seem authentic. Another recent attack led to a company’s confidential data being removed from their servers, including commercially sensitive details on clients and suppliers. This was then ransomed back to the company and the criminals provided notice of the breach to selected stakeholders.
Why is this a reputational risk?
Data breaches, where customer or stakeholder data has been compromised, have attracted low and diminishing levels of media interest in recent years. However, in recent weeks the impact, such as the damage to overseas mail, and scale of attacks, including the increased number and amount of data lost, has generated significant media interest and prolonged scrutiny from journalists.
Reputational risks originate from:
Media interest has also focused on claims the increase in attacks is linked to geo-political issues and state actors including Russia and China. Whatever the reality of those claims, businesses risk significant damage to operations, stakeholder trust and wider reputation in the event of a significant and sophisticated attack.
What should you be doing now?
In light of the increased reputational threat, we would urge organisations to:
Critically you must remind staff of the rising threat of phishing and other attacks.
Should you wish to learn more about this risk or would like support, please contact firstname.lastname@example.org or call Barnaby Fry, Head of Crisis & Risk on 020 3128 8761
By Barnaby Fry
Following the controversial announcement of plans for a Major Conditions Strategy, James Juster and Noah Froud examine the rationale for the strategy, as well as the potential downsides for patients a...See More
As Trump makes his return to Meta following his two-year ban, Ali Goldsworthy, President, Accord, explores the UK’s take on his return, social media as a polarising force and how the moderate point...See More