You do not choose when you are hacked – ISO 27001

Why ISO 27001 prevention is better than a hacking cure

South Korean banks and TV stations were victims of a previously unknown hacking group who have identified themselves as “Whois Team”. This attack happened during Wednesday local Korean time. The attack has resulted in the Korean army raising its own state of readiness in response and even one of the banks affected has lost 1% of its share value overnight. This starkly highlights the need for prevention in the form of ISO 27001 Information Security Management Systems because you do not choose when you are hacked.

This represents the latest in a long line of attacks from hackers, some attributing the blame towards a group of 3,000 North Korean soldiers who make up the Pyongyang cyber warfare unit. Regardless of the attacks source, a hacking attack is best planned for and prevented, than fixed after the fact.  Information Security Management Systems that make up part of the ISO 27001 standard are recognised as best practise world wide.

In this instance hackers gained access to the secure systems of KBS, MBC and YTN, three of the main broadcasters in South Korea as well as Shinhan Bank and NongHyup Bank. Computer screens were said to show Skulls and a message explaining that this was only the start of the “Whois Team’s” campaign.

This is particularly worrying for the Banks involved, as according to a survey carried out by Data Security business BotRevolt last year, 40% of all hacking attempts are made with stolen data or personal information.

When Burger King’s twitter account was hacked earlier this year and a malicious message staying that they had been sold to arch-rivals McDonald’s the cause was seen as the loss of personal information when Twitter was hacked in February of this year. The systems that ISO 27001 espouse and require to be put in place protect client’s, customer and employee information. By managing risks to information security effectively the businesses brand is protected.

This 1% loss of share price to the bank represents not only a loss of cold hard cash but also reputation. South Korea’s capital Seoul is largely a cashless society with many users choosing to pay with credit or debit cards. This attack had rendered all non-cash forms of payment impossible if the consumer or the business was customer of any of the banks affected.  To make matters worse ATM’s were struck as part of the sophisticated attack which will have taken between one and six months to organise according to Kwon Seok-chul, chief executive officer of Seoul-based cyber security firm Cuvepia Inc.

The real cost to the businesses could run to millions and millions of Euro and the entire investigation will take months according to Lim Jong-in, the dean of Korea University’s Graduate School of Information Security.

If you feel that putting some of the benefits of ISO 27001 information security systems in place to protect your business is a better solution than trying to fix the problems after a hacking attack then please contact us.

 

Robert Lyons
Robert Lyons

Social
Share

Related ISO Certifications

Certification Europe small Rosette logo symbol

ISO 9001

Quality Management System

Quality Management System ISO 9001 is an internationally recognised global standard that confirms an …
Certification Europe small Rosette logo symbol

ISO 14001

Environmental Management System

ISO 14001 Environmental Management System ISO 14001 is the global standard for organisations wanting …
Certification Europe small Rosette logo symbol

ISO 45001

Occupational Health and Safety

Occupational Health and Safety ISO 45001 is an international standard that specifies requirements for …
Certification Europe small Rosette logo symbol

ISO 50001

Energy Management System

Energy Management Systems ISO 50001 is a global standard for organisations looking to improve …
Certification Europe small Rosette logo symbol

ISO 27001

Information Security Management Systems

Information Security Management Systems ISO 27001 is the international standard for managing risks related …
Certification Europe small Rosette logo symbol

ISO 22301

Business Continuity Management Systems

Business Continuity Management Systems ISO 22301 is the business continuity management system (BCMS) standard. …
Certification Europe small Rosette logo symbol

ISO 20000-1

IT Service Management Systems

IT Service Management Systems ISO 20000-1 Service Management is the international standard for quality …
Certification Europe small Rosette logo symbol

ISO 13485

Medical Devices

Medical Devices ISO 13485 is a globally recognised quality standard that identifies the requirements …
Certification Europe small Rosette logo symbol

ISO 27701

Privacy Information Management Systems

Privacy Information Management Systems ISO 27701 is the global standard for Privacy Information Management …
Certification Europe small Rosette logo symbol

BS 10012

Personal Information Management System

Personal Information Management System BS 10012 provides a framework for a Personal Information Management …
Certification Europe small Rosette logo symbol

ISO 27018

Protection of Personally Identifiable Information (PII)

Protection of Personally Identifiable Information (PII) ISO 27018 is the global standard organisations use …
Certification Europe small Rosette logo symbol

ISO 27017

Cloud Data Protection

Cloud Data Protection ISO 27017 is the global standard used by organisations to strengthen …
Previous
Next

Related Insights

How to make small business sustainability a priority

Small business sustainability is becoming a priority in the drive towards Ireland becoming net zero – here’s…

What is circular economy and what does it mean for organisations?

The circular economy is not a new phenomenon. Read our breakdown of what the circular economy is…
Previous
Next