St. John Ambulance: Non-profit providing first aid and emergency medical service training.
Risk to Small Business: 2.444 = Severe: On July 2, the non-profit organization was affected by a ransomware attack that temporarily blocked St. John Ambulance from accessing training systems and customer data. The charity’s IT department was able to restore data from backups, claiming that normal operations were reestablished in less than thirty minutes. This scenario underscores the importance of installing proactive cybersecurity measures, which enabled St. John Ambulance to avoid paying a ransom to recover their content.
Individual Risk: 2.285 = Severe: The personal information of everyone who opened an account or booked and attended a training course until February 2019 may have been compromised. Although St. John Ambulance expressed confidence that the information was not shared outside of the organization, hackers did gain access to names, course credentials, certificate information, invoicing details, and other course-related content. The company uses a third-party payment processing agent to execute transactions, so no payment information was compromised in the breach. Nevertheless, those impacted should carefully monitor their accounts for unusual activity.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Having the technological capabilities to recover from a ransomware attack should be a top priority for any organization. More importantly, every company needs the capability to verify that sensitive data accessed during a ransomware attack doesn’t make its way onto the Dark Web. Since many ransomware attacks begin with malware delivered through phishing emails, comprehensive awareness training can stop these types of attacks from occurring in the first place.
ClearYolk to the Rescue: Monitoring the Dark Web for stolen credentials is critical for companies and organisations who want to provide comprehensive security to their customers. Our Phishing service compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime.