The ICO preaches vigilance in the face of possible cyber attacks as a result of the Russia Ukraine conflict.
The ICO preaches vigilance, as the likelihood of cyber attacks increases amid the Russia- Ukraine war. The Commissioner, John Edwards, when questioned on the possibility of Russia- Ukraine cyber attacks spreading to the UK, says that the ICO thought it necessary to remind businesses of the importance of data security and that the conflict has brought with it an increased cyber security threat. According to this article from the Guardian, the Commissioner said that the ICO had yet to see warnings of Russian cyber retaliation for UK support of Ukraine come to fruition, but companies should check their cybersecurity, including reminding employees to report suspicious emails rather than just deleting them.
The ICO advises that firms should step up their vigilance in the face of increased potential for cyber attacks.
Due to the imposition of sanctions on Moscow by London, cyber security experts, including the UK’s cyber security agency, warn that hackers could target Britain. Edwards said: “We have picked up on that heightened threat environment and we think it’s really important to take the opportunity to remind businesses of the importance of security over the data that they hold. This is a different era from blacking out the windows and keeping the lights off. The threats are going to come in through your inbox.” The ICO recorded a total of 1,345 “cybersecurity incidents” in the second half of 2021, including ransomware attacks, where assailants demand payment in cryptocurrency to decrypt the target’s computers, as well as phishing attacks, where the victim is tricked, often via email, into downloading malware or handing over their login details. Compared to the very same period in 2019, this statistic is up by 20%.
Companies risk being fined if they do not take adequate measures to safeguard against cyber attacks.
The ICO has now warned that companies which fail to take adequate measures against cyber attacks risk penalties, which can include multi million-pound fines. The ICO aims to help ensure organisations protect people’s data while enforcing data protection regulation. Other regulators in Europe have taken a similar stance of cautioning companies and organisations. The Norwegian DPA, for example, has released a statement urging all companies that export personal data from Norway to recipients in Ukraine and Russia to reconsider the legal basis for the data transfers. In addition, the Norwegian DPA sought to remind these organizations that Article 24 of the Privacy Regulation emphasises that appropriate technical and organizational measures shall be taken to protect personal data in accordance with the requirements of the Privacy Regulation, and that such measures shall be reviewed and updated as necessary. Overall, authorities are urging organizations to take the necessary measures to protect user data in this current climate, bearing in mind that the increased instability in these countries is more likely to lead to cyber security issues.