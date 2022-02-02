COMMENT: Potential crisps shortage - KP Snacks Ransomware attack

February 2022 by Chris Vaughan, Area Vice President of Technical Account Management for EMEA at Tanium

Following KP Snacks being hit by a ransomware attack and retailers being warned of crisps and nuts shortage, I wondered if you might be interested in the below comment from Chris Vaughan, Area Vice President of Technical Account Management for EMEA at Tanium.

“This ransomware attack on KP Snacks is a reminder that no industry is immune to being targeted by cybercriminals. For the next few hours, damage control will be in full force – and how the business reacts will be critical to ensuring the welfare of the company, mitigating the damage of the attack, limiting downtime of operations, and therefore minimising the predicted supply chain delays and cancellations.

Getting back to the basics of IT operations and security is the first step in helping any organisation avoid the worst-case scenario. Having the right security defences in place to protect your IT infrastructure – including having back up mechanisms which are regularly tested – can significantly mitigate the damage of a ransomware attack. It’s critical that organisations have a high level of visibility of the devices connecting to the corporate network. This will help them identify any weaknesses that could increase the likelihood of a ransomware attack being successful, such as unpatched devices or users adopting risky behaviours. Endpoint security and visibility can also help to limit lateral movement in an environment – helping to limit the spread and damage of an attack once it has breached the corporate network.

Another way to minimise the impact of ransomware attacks is to ensure staff are trained to look out for potentially malicious links in emails. It’s not correct to think that everyone already understands and follows this advice as many successful ransomware attacks begin in this way. My message is that you can’t always stop a sophisticated cyber-attack, but by having a good standard of IT hygiene and training in place you can certainly make it more difficult for the attackers to be successful.”