Linedata’s Icon was targeted in a cyber attack on 11th August, 2025. The attack has resulted in reported outages of Icon while the investigation and recovery process are in progress. Their official statement is available here.
The attack highlights that firms should always remain vigilant to an often-quoted phrase, “It’s a matter of when you’ll be attacked, not if”. Such an incident involving a third-party service provider brings about additional planning challenges too as critical or important business functions may have been assigned out, causing operational difficulties during an outage.
What is Ransomware?
Ransomware is malicious software that typically starts on a User’s device like their PC or Laptop and encrypts shared data on a server used by the firm. Ransomware causes major business disruption in that it prevents employees from accessing important files, while being highly visible to users.
Malicious actors will ask for payment to decrypt and restore the data, but there is no guarantee that data will be restored and paying ransoms is strongly discouraged by cybersecurity professionals and law enforcement.
Unfortunately, ransomware is commonly introduced via user actions. Traditionally victims will have interacted with a malicious link or attachment in an email, however increasing numbers are via social engineering. We’re seeing more attacks begin by stolen credentials obtained via a phone call or email.
What should we do?
User training is critical to ensure all staff can identify malicious emails, texts, and social engineering tactics employed by attackers. An employee’s ability to identify and report potentially malicious activity is critical to the cybersecurity ecosystem of a firm. They are the last line of defense.
Ransomware Risk via Third-Party Vendors
Ransomware incidents at key third-party services can leave your firm feeling helpless. Not only are you at risk of your data being released publicly but you are at the mercy of the Vendor to restore your services.
The dangers of outsourcing critical services and the preventative measures taken are often called “operational resiliency”. There are several steps to undertake which mitigate your cyber risks:
- Perform vendor risk assessments at least annually, or more frequently for vendors who store and/or process critical data for your business. These assessments should identify potential risks in the areas outlined above.
- Maintain business impact assessments of critical vendors. BIAs should outline the types of data a vendor stores/processes, impact of an outage with that specific vendor, how long your business could tolerate such an outage, and what operational resiliency plans are in place should that vendor no longer be serviceable due to an incident.
- Part of operational resiliency should also include an assessment of the concentration risk of the Vendor within the firm, your funds and the market in general. Evaluate the impact a vendor outage could have on your firm and the industry. It may also provide insight into the priority of your firm against the client base of the Vendor.
- Discuss business impact assessments with senior leadership at least quarterly to ensure visibility of these risks at an executive level.
How can Drawbridge help?
Drawbridge can manage your vendor risk assessments as well as provide operational resiliency planning via our business continuity planning. In all cases, our team of experts are ready to provide bespoke advice to your requirements. Get in contact with us today and learn how Drawbridge can strengthen your operational resilience!
