The Information Commissioner's Office (ICO) recommends that businesses and organisations establish incident response, disaster recovery and business continuity plans to address the heightened risk of ransomware attacks.
The
recommendation accompanies ICO's new guidance and a checklist of actions
businesses should review to assess their preparedness against potential
ransomware attacks on their organisation.
Ransomware is
an increasingly prevalent form of cyber-attack. Personal data breaches from the
ICO's caseload during 2020/2021 have seen a steady increase in the number and
severity of cases caused by ransomware. This guidance presents eight scenarios
about the most common ransomware compliance issues the ICO has seen:
●
Scenario
1: Attacker sophistication
●
Scenario
2: Personal data breach
●
Scenario
3: Breach notification
●
Scenario
4: Law enforcement
●
Scenario
5: Attacker tactics, techniques and procedures
●
Scenario
6: Disaster recovery
●
Scenario
7: Ransomware payment
●
Scenario
8: Testing and assessing security controls
Ransomware
payment and data protection compliance
In its
guidance, the ICO supports the position of law enforcement in not encouraging,
endorsing or condoning the payment of ransom demands to criminals by businesses
who have lost access to their systems and data. The ICO also does not consider
the payment of a ransom as an 'appropriate measure' to restore personal data in
the event of a disaster.
Businesses that
choose to pay the ransom to avoid the data being published should still presume
that the data is compromised. They should take actions accordingly to mitigate
the risks to individuals even though the ransom fee has been paid, and – where
necessary – inform the ICO of the breach.
No comments:
Post a Comment