New law will force companies to pay financial penalties for WannaCry-type attacks, says IT Governance


IT Governance, the leading provider of information security and data protection expertise, is encouraging organisations to prioritise compliance with the General Data Protection Regulation (GDPR). This comes in response to the recent WannaCry ransomware attack.
Alan Calder, the founder and executive chairman of IT Governance, said: “The WannaCry attack is another wake-up call for organisations worldwide. It is one of the worst and most widespread cyber attacks we’ve seen, affecting organisations worldwide, including the UK’s NHS and a large number of private and public institutions in Russia and China.
“We expect new variants of the ransomware to emerge throughout the week, so it is critical that Windows users protect themselves against this threat immediately. In addition to the financial impact of a ransomware infection, organisations should remember that the GDPR will force companies affected by WannaCry-type attacks to pay financial penalties of up to 4% of annual global turnover or €20 million – whichever is greater.”
In response to this major cyber attack, IT Governance encourages organisations using unsupported versions of Windows, such as Windows 8, Windows XP and Windows Server 2003, to protect themselves by installing the new update that Microsoft has released to patch the SMB vulnerabilities that the WannaCry ransomware exploits, upgrade to a supported version of Windows as soon as possible, and use antivirus software that has the added detection capability to block WannaCry.
To maintain an appropriate level of cyber resilience, organisations should also perform regular online back-ups and closely monitor logs for any suspicious activity across firewalls and antivirus software.
Organisations are also encouraged to implement a staff awareness programme to ensure all members of staff and employees are aware of the current cyber threats, how they manifest themselves and the actions required to mitigate a cyber attack.
The GDPR Staff Awareness e-learning course supports organisations by educating their staff on the requirements of the GDPR. It provides a complete foundation on the principles, roles, responsibilities and processes under the GDPR to all non-technical staff in order to reduce the risk of non-compliance and the financial penalties associated with a data breach under the Regulation.
Individuals responsible for GDPR compliance can take advantage of IT Governance’s wide range of GDPR solutions, including books, tools, online and classroom certified GDPR training courses, webinars and consultancy services.
To find out how IT Governance can help organisations protect themselves against current and evolving cyber threats, please visit the website, email or call +44 (0)845 070 1750. 
This website uses cookies. View our cookie policy