British universities are waking up to last week’s ransomware attack on cloud CRM purveyor Blackbaud – though it appears some haven’t realised the American software company paid the ransom.
As hack notifications started filtering through the world of student and alumni relations management software, news reports emerged this week of universities alerting people to a supply chain attack.
The BBC put together a list of UK institutions subscribing to Blackbaud services. Of those, a dozen had been affected – including the Universities of York, Leeds, Manchester and Exeter among others – while five, including Queen’s University Belfast and University College London, said they had not.
Blackbaud was struck by ransomware in May that locked up files on its “self-hosted” systems and not those running on AWS or Azure cloud environments. As the company admitted in a statement two months later: “Because protecting our customers’ data is our top priority, we paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed.”
According to the law, under General Data Protection Regulation (GDPR) the company is supposed to report a significant data breach to data authorities within 72 hours. Both the UK and Canada data authorities were made aware of a data breach only last week.
ICO (UK’s Information Commissioner’s Office) spokeswoman said: “Blackbaud has reported an incident affecting multiple data controllers to the ICO. We will be making inquiries to both Blackbaud and the respective controllers, and encourage all affected controllers to evaluate whether they need to report the incident to the ICO individually.”
New-school security awareness training can create a culture of security within your organisation, enabling your employees to identify phishing emails and instilling in them the importance of multi-factor authentication.
With thanks to the Cyber Defence Alliance and the Register. The full story is here: https://www.theregister.com/2020/07/24/blackbaud_uk_universities_data_breaches/
Free Phishing Security Test
Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.
Here’s how it works:
- Immediately start your test for up to 100 users (no need to talk to anyone)
- Select from 20+ languages and customise the phishing test template based on your environment
- Choose the landing page your users see after they click
- Show users which red flags they missed, or a 404 page
- Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
- See how your organisation compares to others in your industry
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW