Creating a cyber-savvy workforce that takes information security seriously, while nurturing a culture of trust, will help to eliminate poor security practices as well as diminish the number and scale of incidents

Steve Durbin, Managing Director of the ISF

Carnival Corporation has disclosed that an Aug. 15 ransomware attack accessed the personal data of guests and employees of Carnival Cruise Line, Holland America Line and Seabourn. However, Carnival said there is a “a low likelihood of the data being misused.”

The group said: “While the investigation is ongoing, early indications are that in early August the unauthorized third party gained access to certain personal information relating to some guests, employees and crew for three of the corporation’s brands – Carnival Cruise Line, Holland America Line and Seabourn, as well as casino operations.”

“While how the third party gained unauthorized access has not been disclosed, this is yet another example of the importance of proper investment in cybersecurity programs to protect company and customer data,” says Terence Jackson, Chief Information Security Officer at Thycotic. “Attackers are not taking it easy during the pandemic. They are stepping the attacks up and we have to be ready.”

Steve Durbin, Managing Director of the Information Security Forum, notes that organizations should rethink their defensive model, particularly business continuity and disaster recovery plans to protect against the scale and scope of these types of threats. “Established plans that depend on employees being able to work from home, for example, do not stand up to an attack that removes connectivity or personally targets individuals as a means of dropping ransomware into the corporate infrastructure. Revised plans should cover threats to periods of operational downtime caused by attacks. Creating a cyber-savvy workforce that takes information security seriously, while nurturing a culture of trust, will help to eliminate poor security practices as well as diminish the number and scale of incidents,” Durbin says.