Business leaders and security teams can learn a lot from the recent $2.1 million settlement reached between the Securities and Exchange Commission and R.R. Donnelly & Sons Co. regarding a ransomware assault. The settlement brought RRD’s negligence to light and emphasises how crucial it is for publicly listed firms to have robust safety policies and procedures in place.
Here are key takeaways that private and public organisations can use to improve their cybersecurity posture and comply with SEC standards.
RRD ransomware attack overview
RRD is a publicly listed international provider of marketing and corporate communication services. The organisation used a third-party managed security services provider (MSSP) to safeguard and monitor their infrastructure. In late November 2021, RRD’s intrusion prevention systems identified odd behaviour and sent notifications to both RRD and their MSSP supplier. Following assessment of these signals, the MSSP opted to escalate three issues to RRD’s security personnel.