Skip to main content Skip to navigation

Information Security, Risk and Compliance

Information Security awareness blog

Welcome to the Information Security awareness blog, your go-to resource for the latest in cybersecurity awareness. This blog offers practical tips, expert advice, and up-to-date information to help you stay secure in the digital world. Whether you're a member of staff or a student, you'll find valuable content to enhance your cybersecurity knowledge and practices.

Get in touch

If you'd like to submit an article for the blog or suggest discussion topics, please contact us: .

Show all news items

One Weak Password, 700 Jobs Lost: The KNP Cyberattack Wake-Up Call

What Happened?

In the world of cybersecurity, we often say, “You're only as strong as your weakest link.” For KNP, a 158-year-old printing and logistics company in the UK, that weakest link was a single password—and it cost them everything.

What Happened?

KNP fell victim to a ransomware attack that exploited a weak employee password. Once inside, cybercriminals encrypted the company’s systems and demanded a ransom. The attack was so severe that KNP couldn’t recover. The result? 700 employees lost their jobs, and a historic company was forced to shut its doors.

The most chilling part? The employee whose password was compromised still doesn’t know it was theirs. As one of the directors put it:

“Would you want to know if it was you?”

Why This Matters

This wasn’t a sophisticated zero-day exploit or a nation-state attack. It was a basic password vulnerability—something every organisation can and should defend against.

Lessons For Everyone
  1. Passwords are not enough
    Weak or reused passwords are a hacker’s best friend. Ensure you use strong password and password managers to help manage your password more securely.
  2. Enable Multi-Factor Authentication (MFA)
    Even if a password is compromised, MFA can stop attackers in their tracks. Never share them with anyone else.
  3. Completion of Training
    Everyone constitutes a first line of defence. We are as strong as our weakest link. Undertaking regular bite size security awareness training can help us recognise risks and adopt safer behaviours.
  4. Have a recovery plan and let us know when you think something is wrong
    Backups, incident response plans, regular drills and informing IDG or your school IT, can mean the difference between recovery and collapse.
Final Thoughts!

The KNP story is a tragic reminder that cybersecurity is not just an IT issue—it’s a business survival issue. One weak password can bring down an entire company. Don’t let ours be next.

For more details on this real world example, see BBCLink opens in a new window

Mon 21 Jul 2025, 13:01 | Tags: News and updates Case studies

Let us know you agree to cookies

We use cookies to give you the best online experience. Please let us know if you agree to functional, advertising and performance cookies. You can update your cookie preferences at any time.

Cookie policy