After weeks of disruption, Manchester United were finally able to announce last week that they’d fought off hackers who had been holding the club to ransom via a sophisticated cyber-attack. The fact that one of the world’s biggest football teams had been targeted in a sophisticated operation by an organised criminal gang made headlines around the world.
Cyber-gangsters were demanding a multimillion pound payment and threatened to leak secret documents containing sensitive information unless it was paid. The club could have faced fines of up to four per cent of its global annual turnover, if it was found to have breached fans’ rights under data protection laws.
But according to reports, the cyber-attack, believed to have originated from an email phishing scam, is now over. The case once again underlines how important it is for businesses - of all sizes - to take care over all the data they hold. This is all the more vital during a pandemic which has created an explosion in cyber-based hacking attempts.
Here Clive Mackintosh, a data protection solicitor at Harper James Solicitors, provides his expert analysis on what happened, and provides advice on how businesses can better protect themselves.
'In a performance worthy of its football team, the IT security department at Manchester United Football Club was able to thwart and beat the attempts of criminal hackers to infect the club’s networks and servers with malicious ransomware following the attack that occurred last month.
The impact of the cyber-attack could have been devastating to a club that relies on its off-pitch activities as much as it does its on-pitch ones.
A ransomware attack involves hackers deploying malicious software that infects an organisation's networks and computers, leading to the encryption and compromise of its data.
Criminals then offer to provide the victim with a decryption key to enable them to retrieve and restore the compromised data - but only for a very hefty ransom fee in return - often running into hundreds of thousands of pounds.
Ransomware attacks are becoming more prevalent and sophisticated. Any business, whatever its sector, small or large is vulnerable to this form of attack. Just as the players spend many hours on the training ground practising their skills and honing their attacking and defensive strategies, it’s clear that the club’s IT team do likewise.
No organisation, whether it’s Manchester United or any other, can successfully defend itself against sophisticated cyber-attacks without having in place a clear and practiced security breach management strategy and protocol.
Four steps you can take to improve data security
1. Staff training
Train staff and make them aware of the risk of cyber fraud through failing to verify incoming email.
2. Be vigilant
Understand cyber-attacks aren’t just committed by faceless hackers sitting behind computer screens, but through human social engineering.
3. Plan and rehearse
Put in place and rehearse a cyber-attack contingency plan for recovering and restoring your data.
4. Appoint your crisis handlers
Assemble a crisis team and train them to deal with such emergencies.
Putting together a security protocol around these points will help provide a great platform to keep your business safe now - and in the future. For advice specific to your business's needs, contact our data protection legal experts.