Ransomware attacks remain the most acute threat to organisations

Hacker using computer virus for cyber attack
© Syda Productions

Ransomware attacks continue to be the most dominant threat to UK organisations and are having catastrophic consequences on critical national infrastructure

The National Cyber Security Centre (NCSC), part of (GCHQ), recently released its annual review reflecting on the challenges and milestones across the cybersecurity industry. In the last year, attack vectors have evolved significantly, with cyber-related fraud incidents reaching up to 2.7 million, resulting in nation-states and non-state actors expanding their cyber capabilities. Amongst these findings, protection against ransomware attacks was identified as a business priority.

Ransomware attacks continue to be the most dominant threat to UK organisations and is having catastrophic consequences on critical national infrastructure (CNI) and other vital services.

As much as 39% of businesses in the UK reported that they had fallen victim to a cyberattack in the last year, with 20% of them facing the consequences, such as a loss of money or data.

While many cyberattacks leave businesses unscathed, 18 ransomware incidents elicited a national-level response or government intervention. The more worrying attacks involved vital services, including a supplier to the NHS 111, which disrupted the provision of urgent medical advice and the South Staffordshire Water utility company.

39% of businesses in the UK reported that they had fallen victim to a cyberattack in the last year

WannaCry: the ransomware legacy

It has been 5 years since the WannaCry attack triggered worldwide disruption amongst banks and healthcare institutions by targeting computers operating on Microsoft Windows in 2017, firmly establishing ransomware as an attack vector to watch. Soon after, many organisations educated themselves and adopted appropriate mitigation methods.

However, despite business leaders’ greatest efforts, ransomware continues to be an acute threat, and newer strains continue to emerge. In fact, cyber extortionists have only adapted and generated more complex ransomware attacks methodology to ensure they can fully monetise their activities and cause maximum disruption.

Given increased geopolitical tensions and a rise in cyber warfare, international leaders and governments have acknowledged this threat at a global scale and the risk it poses to crucial services. Earlier this year, the European Commission proposed new rules to ensure greater consistency and efficiency in cyber and information security measures across EU institutions, bodies, offices and agencies.

In fact, just recently, the White House hosted its global ransomware summit, which brought three dozen nations, the EU, and private businesses together to discuss the threat landscape and this evolving threat vector. Leaders concluded that they need to prioritise enhancing system resilience and developing plans to stop ransomware actors in their tracks.

WannaCry ransomware attack
WannaCry ransomware attack
© Jarretera

The evolving threat landscape: a broader ransomware attack surface

The pandemic forced businesses to adopt flexible working models and more technology than ever before. This has led to increased cloud-based delivery models or multi-cloud environments and increased remote and hybrid capabilities. Ultimately, this presents a new host of devices and systems at companies’ disposal, which, in turn, is accompanied by an increase in risk and exposure with a broader attack surface.

As threats continue to evolve and grow more sophisticated, companies need to review their line of defence and mitigation plans accordingly. CISOs and business leaders must start by implementing a multi-layered security strategy.

This involves far more than regular software updates and bug fixes – that is just basic security etiquette. Security teams should really be conducting regular vulnerability and penetration tests and ensuring that all data is stored on backup systems to mitigate or limit the damage posed by ransomware and other extortion threats.

A multi-layered defence strategy involves reviewing system-level security, that is, your last line of defence, as well as network-level security, such as restricting network access and control to operating systems. Before finally reviewing both application and transmission level security to minimise exposure and protect communications within and across your company networks.

DevSecOps – a business priority for 2023

Early threat detection is becoming more and more crucial. In Neustar International Security Council’s (NISC) latest survey 75% of organisations identified ransomware as an increasing threat, with 72% reporting that DDoS attacks, targeted hacking and social engineering via email were also on the rise. With attacks growing in sophistication and severity, over half (51%) of all organisations favoured government intervention in forcing companies to implement tighter security measures.

NISC also found that 93% of organisations class DevSecOps as a business ‘priority’ for next year, with 86% agreeing that the urgency to prioritise DevSecOps within their businesses has increased over the past 12 months.

51% of all organisations favoured government intervention in forcing companies to implement tighter security measures

DevSecOps is an important strategy that includes automated security at every phase of software development. It includes making application and infrastructure security a shared responsibility among development, security, and IT teams which helps organisations detect vulnerabilities early and enables them to respond to and fix problems faster should they occur. Ultimately, DevSecOps is integral to cybersecurity and proves crucial in preventing cyber challenges.

The GCHQ report highlighted the main cyber challenges in the cybersecurity industry with ransomware being at the front line. It continues to be a prominent threat to businesses at a national level. Moving forward, governments and organisations should make a collective effort to address this issue and prioritise early detection as well as the implementation of DevSecOps into their mitigation and protection strategies.

This piece was written an provided by Michael Smith, field CTO, Neustar Security Services.

LEAVE A REPLY

Please enter your comment!
Please enter your name here