Once infected, the malware prevents organisations from accessing their data holdings unless a ransom is paid.
The story is becoming increasingly familiar and with each high profile attack the protection of personal data held by businesses becomes an ever increasing concern. Cybercrime is fuelled by the sheer volume of data now available, and the increasing use of offsite and cloud storage systems has dispersed that data giving criminals many more points to access it.
Faced with such threats, businesses have been encouraged to review their cyber security and upgrade their IT systems. But technology on its own cannot stop a cyber-attack unless the organisation fully understands the data assets that the technology is trying to protect. An effective cyber security strategy requires a legal analysis of an organisation’s whole approach to data protection – how the organisation controls the collection, use and sharing of its data.
Data protection and cyber security are no longer just IT concerns; they are now board level issues.