In light of new data revealing UK ransomware attacks have doubled in the past year, Industry leaders reacted below.
While the number of reported cybersecurity breaches in the UK hasn’t increased over the past year, the pandemic has encouraged criminals to embrace digital technologies as part of their strategies. Throughout lockdown, it was difficult for traditional criminals to act due to restrictions such as closed borders, reduced travel and an increased police presence on the streets. In addition, the pandemic drove a massive increase in digital adoption, thus increasing the attack surface and creating more opportunities for attackers. Consequently, for many, cybercrime has become the most accessible, easiest, and most effective means to commit a crime.
Not only this, but we’ve seen a growth in cyberattacks on businesses, as well as critical infrastructures in conflict zones, which has forced government and law enforcement agencies to take action by arresting cybercriminals, confiscating funds and closing active web forums.
However, when it comes to preventing cybersecurity attacks, just having a data protection strategy isn\’t enough. Businesses need an effective cybersecurity assessment and, on this basis, make targeted investments to strengthen prioritised controls. They need to enhance the frequency of monitoring and detection actions as well as ways of rapidly and efficiently dealing with breaches, such as setting up detailed incident response, business continuity and disaster recovery plans. Leaders must educate the C-level and every employee to help them understand the tactics and threats that cybercriminals will present them with on a daily basis. A key component of this is having tabletop exercises so that boards of directors, C-level executives, and employees understand what might happen in a cyber-attack and the steps that they should take.
The continued rise in ransomware attacks is a wake-up call for all sectors – and it’s not going to subside. Our recent research with IDC revealed that 93% of cyberattacks come from financially motivated organised crime actors, with credentials being the most frequent data compromised (44%).
It’s why security must be seen equivalent of liability insurance. You wouldn’t leave your door wide open for someone to walk in, the same must be said with online security. Luckily, a password manager is the simplest tool you can use to help protect yourself. With all passwords secured in an online vault, you can easily access accounts with a mere touch of a button. It sounds so simple, but it really is. It is a basic of online safety and once you get the basics right, you have a solid foundation to build on.
Security starts and ends with employees, but the burden cannot be left on them. The onus is on security teams to be consistently providing information around security awareness best practices to new and current threats. A once-a-year training may check a compliance box but most likely won’t generate a strong security-aware culture – the key is driving consistent communications and real-time learnings helping employees protect themselves as well as the employers .
Ransomware is one of the most serious cybersecurity threats facing UK organizations today. Our recent study found that less than a quarter of board of directors see ransomware as a top priority – organizations must tackle a number of serious threats, not just ransomware, and many just don’t know where to focus their efforts.
As the data from RPC shows, preventing ransomware must become a top concern for organizations, and leadership must focus on building a robust security posture. That includes evaluating overall spend and what’s in the security stack, looking to intelligent technology to tackle sophisticated phishing attacks and other common entry points for malware.
Ransomware is at epidemic levels and there is a disconnect between organisations’ confidence in their levels of preparedness in the face of an attack and what we are seeing on the ground. In fact, our own recent research showed that almost 60% of UK businesses with more than 2,000 employees have experienced a ransomware attack, so it is critical that we elevate this risk within our own organisations.
There are a number of steps that organisations can take to reduce their risk of business impact from ransomware attacks from preventive measures and effective preparation through to detection, disruption, eradication, containment and response. It is critical that we reduce the attack surface, harden our systems, deploy preventive and detective controls, and implement a well thought out incident response plan that extends beyond just the technical requirements. Organisations should be regularly simulating an attack to test the effectiveness of their organisational defences and response plans and adapting and improving before being faced with the real thing.
The wave of ransomware across critical sectors including financial services and education makes clear that cyber criminals have upped the ante—and attacks have gone into stealth mode.
Ransomware has become so effective that many organisations have simply paid ransom, sometimes to the tune of thousands of dollars. To reduce the risk of ransomware, organisations across all sectors must implement multiple security controls. This should be a standard best practice for cyber security and will also reduce the risk of other malicious malware threats.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics