Many of us will have heard about the recent ransomware attack on KP Snacks? Why did we hear about it? Because it’s media friendly.
The attack on KP is similar to many many cyberattacks that are happening all the time to very large businesses, and to very small ones. Yes, some of the attacks are reported, but most do not reach the popular mainstream media.
Now that there is a risk we’ll miss out on our favourite snacks for a couple months, the media are widely reporting the story. They know that it will resonate with their audiences as they can identify with the products. It will be the topic of conversation in the pub when their regular supply of McCoy’s isn’t available.
Whilst this is yet another terrible cyberattack story, it is not a bad thing that people are talking about it. Too often cyber security is viewed as too complex to talk about – it is not a regular topic of pub or dinner table conversation. But dare we say that it should be? At the very least it should be regularly on the agenda of board meetings, and understood throughout an organisation of any size.
Both businesses and individuals are constantly facing potential attacks and the consequences can be devastating. We ALL need to be aware of the risks we take when we open an email or click on a link, especially if we don’t have essential cyber security measures in place.
We also need to have a plan in place for minimising the impact of an attack. It’s widely recognised within cyber security circles that preventing cyberattacks is desirable but not always possible. It’s therefore essential that alongside cyber security is ‘cyber resilience’ – how would you deal with an attack if it happened?
In the case of KP Snacks, they reported, “As soon as we became aware of the incident, we enacted our cyber security response plan and engaged a leading forensic information technology firm and legal counsel to assist us in our investigation.
“We have been continuing to keep our colleagues, customers, and suppliers informed of any developments and apologise for any disruption this may have caused.”
KP Snacks are suffering on many levels. Firstly, they’re presumably deciding whether to pay the ransom. Whilst police organisations advise against it, business will no doubt get back to normal quicker if the ransom is paid. Additionally, KP are having to pay for their emergency cyberattack measures. Plus, they’re losing sales whilst they cannot safely process and dispatch orders. They may face a visit and fine from the Information Commissioner’s Office. And long term purchasers may find alternative snacks.
This attack on KP demonstrates how costly and debilitating the consequences can be, as well as having a long-lasting impact. If you’re concerned about the risk of a cyberattack and need more cyber security and cyber resilience, ask Net Primates.