Policy Monitor

How to protect your organisation against ransomware threats

The UK National Cyber Security Centre defines ransomware as:

“Ransomware is a type of malware which prevents you from accessing your device and the data stored on it, usually by encrypting your files. A criminal group will then demand a ransom in exchange for decryption. The computer itself may become locked, or the data on it might be encrypted, stolen or deleted. The attackers may also threaten to leak the data they steal.”

Malware Embarrassment – Cyber Attacks Go On and On!

The government report Cyber Security Breaches Survey 2024 makes interesting reading. This survey looks across the economy and suggests that the highest cause of cyber crime is phishing. However, the average cost is reported as relatively small which seems to underplay the seriousness of the matter. Of the attacks identified just 6% only were ransomware attacks. Yet the impact of ransomware attacks when they hit an organisation can be significant.

There have been a number of high-profile ransomware cyberattacks this year. Criminals are locking organisations out of their vital systems, threatening to share sensitive data, demanding money and even risking lives. The 3rd June 2024 ransomware attack on a supplier of lab services to NHS hospitals is one of the latest attacks. It resulted in operations being cancelled and may take weeks to fix.

In May 2024 the cyber criminal gang, RansomHub, shut down the website of Christie’s auction house for ten days during an important business period. Christie’s entered into negotiations but ended these without resolution. The business is estimated to have at least half a million high net worth current and former buyers in its databases.  A class-action lawsuit has just been filed by one of these customers describing the data breach as “a direct result of [Christie’s] failure to implement adequate and reasonable cyber security procedures and protocols necessary to protect consumers’ personally identifiable information.”

Last October the British Library was attacked and its systems have still not been restored as it apparently is replacing its entire IT infrastructure.

Attacks are looking for new targets

The attack surface is broadening with the adoption of cloud services, see recent attacks on data transfer technologies such as MOVEit.  Generally, the cloud providers are very secure: the reputational damage to a major cloud provider would be huge.  However, having all your eggs in a single basket, with the success of take up of M365 has to be a worry.  The damage to organisations such as MOVEit and LastPass (attacked twice last year) are significant.

Connectivity across supply chains continues to be a major factor. Indeed, many of 2024’s high profile cyberattacks have been caused by criminals accessing an organisation’s data or systems via a less well protected supplier or service provider.  The British Library attack succeeded through a new Windows terminal server installed to allow third parties access to British Library systems without enabling two-factor authentication (TFA).

The recent data breach at the Ministry of Defence data saw UK armed forces’ personal details accessed by hackers through a supplier. The details of 270,000 armed forces personnel were accessed in a cyber espionage operation targeting a contractor responsible for managing the MOD’s payroll system. This raises specific questions about the security of the UK defence sector supply chain including the procedures used to select vendors and contractors, but does your industry and organisation have similar vulnerabilities?

How can you protect your organisation?

Although some cyber crime is highly targeted, most cyberattacks are opportunistic in nature. Cyber criminals speculatively blast large numbers of organisations and individuals knowing that a few attacks will get through.

Compare this to the petty thief eyeing up all properties on a street in summer and zeroing in on just the houses with wide open windows or piles of mail on the door mat. If a house doesn’t meet the criteria for easy pickings, the thief moves on. Look for your organisation’s ‘open windows’ and the easy steps you can take to increase protection to ensure that cyber criminals move onto the next target.

Easy steps to increase protection

Sales people are always trying to sell businesses the “next best thing” because that is the premium product and where big commissions exist, but that maybe the wrong approach for a business.

Instead look at your organisation for the points of weakness and fix those, for example where security features have not been turned on or the technology is not properly configured or managed. Including failing to implement Two Factor Authentication.

Business leaders are not cyber security consultants! How do you check on these things?  The UK government through the National Cyber Security Centre (NCSC) regularly updates advice and publishes 10 simple steps that will significantly increase your defences. Also certifying your organisation to Cyber Essentials or IASME Assurance national standards will structure and verify your cyber security approach and materially enhance protection.

CE+ certification which includes an audit has a modest cost, perhaps as low as £1500 for a micro-SME.

The Malware Embarrassment

Malware is a particularly damaging threat because it may be out in the wild, not targeted at any particular organisation, and it just gets in because of poor practices in that organisation.

An organisation that follows good practices of “all round defence” by following CE guidance should be able to protect themselves effectively.

That said, contingency plans are important. If malware does get in, it is much easier and faster to recover if your data is backed up in a store which saves changes. You have the option to recover to an historic point in time before the attackers gained entrance. Instigating regular data backups is also a great trigger to delete old data that you no longer need.

Organisations running old and unsupported technology which cannot be patched have a much greater problem.  Apparently, this has been the problem in the NHS.  Organisations in this situation may wish to consider anti-malware products which prevent anything getting into memory or onto disk by integrating into the operating system in a novel manner. These products may incur a greater management overhead because they prevent “anything” getting installed without specific management. This includes Microsoft updates!  For most medium and large businesses this is business as normal, because the organisation tightly controls the rollout of all software including Microsoft updates.  To help SME customers,

some companies include a central management capability to provide the same level of control.

Our Cyber Security Policy Monitor (CSPM) solution is a cost-effective way to help you put the relevant cyber security protections in place and then keep them current. Moreover, we offer advice on how to implement defences against contagion from attacks on suppliers and how to ensure you can recover your data should the worst happen.

Click here to find out more on how to protect your organisation.

References:

https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2024/cyber-security-breaches-survey-2024.

https://www.ncsc.gov.uk/ransomware/home

https://www.england.nhs.uk/london/2024/06/04/nhs-london-statement-on-synnovis-ransomware-cyber-attack

https://www.artnews.com/art-news/news/christies-class-action-lawsuit-client-data-cyberattack-ransomhub-1234708936

https://www.ncsc.gov.uk/cyberessentials/resources