Toll Group suspends IT systems following unusual server activity. Cyber Aware’s tips on managing a cyber incident
Before COVID-19 dominated the news cycle, you may have seen that Toll Group, the well-known global logistics network, and freight transport provider, fell victim to a targeted ransomware attack.
As many as 1000 servers were infected during the February attack, and the company received harsh criticism from the public for their prolonged silence regarding the attack.
Key delivery services were majorly disrupted, and while clients experienced significant delays, many were left in the dark; unsure of whether & when they could return to regular operations.
“It’s 10 days overdue, so for the last week I’ve been spending at least three or four hours a day on the phone trying to get some information.” quoted sales manager, Jeff Ward.
While the fallout of a cyber-attack is objectively damaging on a technical and financial level, the reputational damage is what businesses often fail to recover from, with an average of 60% of businesses failing to continue operations following a cyber-attack.
Now it’s May, and the company has reported another security incident, however this time with much more transparency and urgency.
While customers and clientele were left frustrated and unsure during the last incident, this time around Toll appears to have applied the lesson learned on PR and incident management by immediately closing services and alerting the public.
While the specifics are not yet known, and the nature of the damages or incident are yet to be revealed, stakeholders this time around are aware of the current situation, and most importantly, have not been left hanging!
Toll’s cyber-incidents and response this year are demonstrating both the best & worst of incident management, and from this case, your business can learn the following things:
- Prepare a statement in advance, and release it promptly. Much like Toll’s most recent example, your initial statement does not need to disclose a full report of damages, impacted clients or the nature of the attack.
- Have a plan of action. Prepare backups of your key data so you can comfortably recover the damages. Layout a plan not only for the event that you need to cease activity but also for resuming your business activity following a breach.
- Adhere to your country’s regulations, but don’t stop there. As many of us in the cybersecurity industry are aware, in February of 2018 Aus Gov rolled out Mandatory Breach Data Notification laws that laid out the specifics for reporting a data breach, and the associated penalties for failing to do so (cough up to $2.1million cough).
It’s critical that whether you’re operating under GDPR, the NDB, or otherwise, that you are familiar with your obligations and responsibilities following a data breach.
But of course, don’t stop at policy requirements. Consider how you can best reach legal demands while also maintaining trust and responsibility among your shareholders/public-image.
Given the increased vulnerability of businesses during this pandemic, it is crucial that you are prepared not only from a security standpoint but from an operational and reputational perspective as well.
This pandemic has been an immediate and radical change for all of us. Alongside our scattered workforce, shifting work culture, and general pressures as an adapting business, the last thing any of us need right now is a frustrated & disheartened client-base due to poor incident response.
For more information on incident response and cybersecurity awareness, visit cyberaware.com!