Are you treading on the path of Shizotek Ltd?
Shizotek Ltd, a startup fintech firm, was the target of a ransomware attack two months after announcing its newest milestone as the first fintech company to acquire more than 20 million clients in the previous six months. The company got hit by a ransomware attack and lost assets such as financial information, intellectual properties, and all its information entrusted by its customers. Due to the unprovoked sophisticated attack, many of its customers and stakeholders have had to deal with the inconvenience of not being able to access their accounts and make transactions.
The attacker, like other ransomware creators, informed Shizotek’s management they could either pay a huge amount of money to have their assets back or lose them forever. Despite having a strong data backup mechanism in place, the management decided that losing half of the previous business year’s revenue is more bearable than losing its customers’ assets while also damaging the company’s reputation, so they agreed to pay the ransom.
The money requested by the attackers to recover their assets was $2 million in the first week and $4 million in the second week, after which customers’ accounts would be wiped. Furthermore, the attacker demanded that payment be made in Bitcoin, a more onerous process because the country where Shizotek Ltd operates has issued a regulatory directive prohibiting Bitcoin transactions.
Repeated efforts to recover the assets and unravel the identity of the attackers by hired forensic experts and security agencies have all proved abortive and unsuccessful.
Shizotek Ltd is now under intense pressure because its customers are preparing to file a lawsuit against the firm for failing to safeguard their accounts and data. Customers are afraid not just about their information being exposed to a third party, but also about losing their funds.
Shizotek Ltd claims that it has followed all necessary information management legislation, rules, and standards that were proven false following an investigation by the country’s data protection regulator. As a result, the firm was fined $500,000 for misrepresenting its clients and failing to comply with the relevant information security regulatory regulations like the GDPR (General Data Protection Regulation).
However, three months prior to the cyberattack, the management of the company declined a proposal offered by an IT Security Consultant about the need to implement best practices mandated by the International Organization for Standardization (ISO) to manage the security of its assets and avoid data breaches.
This has been a difficult period for the firm as it fights for its existence. How would they meet the attacker’s demand to reclaim the company’s assets? How would they recover the trust of both present and future customers? What can they do to restore the company’s reputation? Where would they get the money to pay the fines levied against the company?
We hope that many organizations will learn from Shizotek Ltd’s tragedy, which is currently on the verge of utter closure owing to its failure to implement simple best practices that would have made this situation avoidable.
Information Security attacks are continually increasing and improving. Proper implementation and management of information security policies and best practices is the greatest form of defence against them. Information security is also a key expectation and requirement of customers, legislators, and other interested parties. When it comes to keeping information assets secure, organizations can rely on the ISO/IEC 27001.
ISO 27001 assists businesses in avoiding the severe fines associated with non-compliance with data protection regulations such as the GDPR (General Data Protection Regulation). Organizations must strictly adhere to GDPR principles, information security, and data privacy policies to keep themselves off the news pages for bad reasons.
Benefits of ISO/ IEC 27001 for an organization
- It helps organizations gain new customers and sharpen their competitive edge.
- Organizations can rely on ISO 27001 best practices to avoid financial fines and damages caused by data breaches.
- It helps organizations to comply with all corporate, legal, contractual, and regulatory obligations.
- It helps in the protection and enhancement of an organization’s reputation
- It helps in the improvement and focus of an organization and reduces the need for frequent audits
- ISO 27001 standard helps to improve an organization’s internal systems, structure, and day-to-day processes and procedures
Obtaining the ISO/IEC 27001 certification is proof of conformity with the standard’s requirements. It proves that the attributed principles have been fulfilled and validated by an organization with adequate consistency, professionalism, and impartiality.
For organizations asking how to achieve the maximum standards and best practices in information security and cybersecurity management, Certfort Limited has the capability to handhold you on this dynamic, complex, and befitting journey.
We support organizations in the implementation and certification across a vast spectrum of ISO and other regulatory standards.