…

Ransomware - what it means to your business and the steps you need to take to protect yourself

Ransomware is on the rise. A form of cyber crime estimated to cost the UK £346m per year, there were over 14.6m attacks of this kind – only the US suffered more attacks.1

According to official government statistics, it affects all types of organisations - four in 10 businesses (39%) and a quarter of charities (26%) report having cyber security breaches or attacks in the last 12 months alone.2

What is ransomware?

A type of malware from crypto virology, ransomware sees cyber criminals access your business data and then threaten to publish it or block access unless a ransom is paid.

These types of attacks can have a huge impact on organisations and individuals, needing large amounts of money and time to react, respond and recover.

And they are becoming more and more frequent and sophisticated. The National Cyber Security Centre (NCSC) believes that ransomware will remain a major threat to the UK for the next few years, so businesses of all sizes need to be aware of the risks and how to react.

The evolution of ransomware

Phishing emails, fake ads, fake sites and fake texts are all used by criminals to tempt or trick the victims to download malware. These have increased during the Covid-19 pandemic as test and trace, travel rules, vaccination news and school closures have all been harnessed as subjects of interest more likely to trick the recipient.Behind the scenes, sophisticated and highly skilled back-end developers are constantly creating new variants to evade anti-virus software.

Business blocking

Without access to data, businesses simply cannot operate, which could cost millions of pounds. Recovering the data can take time: Intermedia Research claims that almost 75% of companies infected with ransomware suffer at least two days without access to their own files. Just under a third go up to five days without access. 3

Reputation risk

Customer data or sensitive client information being leaked can have huge repercussions for businesses. Even if this eventuality doesn’t take place, the fact that a business has been breached and threatened in this way is not good PR and can be very detrimental to a company’s reputation and share price.

Prevention and protection

Most business leaders are not cyber security experts, but actions can be taken. Knowing the basics of how ransomware works can at least mean that the organisation is prepared.

The police and government agencies are in agreement that paying any ransom is not the best approach - according to Acronis, over half of the victims who pay do not successfully recover all their files. 4

Cyber security and ransomware should always be on the business agenda, and several steps can be taken to prevent it best. The NCSC provides a free Early Warning Service, highlighting any vulnerabilities in your systems or flagging early signs of cyber attacks on your network.

Strong network and security measures remain top of the list in preventing an attack and segmenting networks that stop the spread of an attack. Keeping all anti-malware software up to date and having a rigorous backup system in place is essential – routine, frequent backup is your best bet.

As we all embrace home and hybrid working, cyber security and the threat of ransomware need to remain a priority for businesses of all sizes. There are now more endpoints for organisations to keep track of and fewer security measures. 

Taking action

Advisable actions that need to be taken include considering some form of cyber insurance to protect against loss of income in the case of an attack. Businesses should also arrange for cyber security risk assessments and audits – as well as train and test staff regularly. In addition, thorough assessments of suppliers’ security measures are also recommended. 

The ongoing threat of ransomware is likely to remain for some time. Therefore, it is vital to be prepared and protected as much as possible.

Sources:

1) digit.fyi/uk-ransomware-attacks-surge-dramatically-in-2021

2) gov.uk/government/statistics/cyber-security-breaches-survey-2021/cyber-security-breaches-survey-2021

3) intermedia.com/blog/ransomware-and-malware-threats-the-state-of-cybersecurity

4) acronis.com/en-gb/articles/ransomware-attacks

 
Tags
Defence in a new digital landscape

The reliance your business has on technology and digital processes will undoubtedly have grown. In parallel, the risks faced by businesses relying on digital technology and data have also increased. Visit our UK Risk Hub to learn more.