It has been reported that Italian luxury fashion giant, Moncler, has suffered a data breach after files were stolen by the AlphV/BlackCat ransomware operation in December and published on the Dark Web. The attack unfolded in the final week of 2021 when the luxury fashion brand announced an interruption in its IT services but assured that the attack would result in nothing more than a temporary outage. A total of 10 days after that, the company released an update on the situation, reactivating its logistic systems and prioritising e-commerce shipments that had been delayed in shipping.
Trevor Morgan, Product Manager at comforte AG, commented: “The trend towards an increasing number of ransomware attacks against high-profile targets in 2022 seems to be moving in the direction that many of us suspected. With news that the Italian luxury fashion giant, Moncler, sustained an attack late last year resulting in stolen files hitting the Dark Web, we can see the organisational characteristics which appeal to threat actors: if your business collects lots of (sensitive) data about employees, partners, or customers, then you are sitting on a gold mine (or oil well, just choose your analogy) that they want to infiltrate. Sure, they want that sensitive information, with which they can do any number of things, but if they can also disrupt business operations with ransomware or other extortion tricks, they multiply their chances of a successful attack.
“If your business is data-dependent – and which one isn’t in this day and age – then you need to assume that you too are a target and it’s just a matter of time before somebody internal or external gets their hands on it. Squirreling sensitive data away behind protected perimeters won’t cut it anymore as a defensive measure. Only robust data-centric security, such as tokenisation or format-preserving encryption applied directly to sensitive data elements, can help mitigate the situation if the wrong hands get a hold of your data. These methods obfuscate sensitive information while still preserving the original data format, which means business applications have a better chance of working with that data in a protected state. No need for de-protecting data just to work with it internally, which is a valuable best practice to uphold. While you may think it’s a luxury to invest into proactive data protection measures such as this, the alternative is the option you really can’t afford.”