The CEO of the UK’s National Cyber Security Centre, part of GCHQ, says that the main threat facing UK businesses and consumers is ransomware coming from cyber criminals.
This week Lindy Cameron delivered the Annual Security Lecture to the Royal United Services Institute where she stated that:
For most UK citizens and businesses, and indeed for the vast majority of critical national infrastructure providers and government service providers, the primary key threat is not state actors but cyber criminals, and in particular the threat of ransomware.
Ransomware attacks are increasing globally, and this is enabled by the rise of ransomware-as-a-service where criminals sell ‘off the shelf’ ransomware services that can be used by criminals who would otherwise not have the technical ability to succeed.
The NCSC offers advice to boards and business leaders to help them assess their readiness to deal with a ransomware attack:
How would you know?
How would the organisation know that a ransomware attack was underway and would the business leaders be notified promptly? Organisations need both technical controls to spot the attack and staff available to monitor the systems and respond to alerts
How could you minimise the damage?
Steps can be taken to limit and minimise the ability of criminals and ransomware to move around your network. These include strong Identity and Access Management systems to control how user logins are provisioned and managed, and Network Segmentation which prevents a ransomware infection in one part of the network from being able to spread through the whole organisation.
How would you respond?
When the disaster strikes, it’s too late to prepare so create and test a Security Incident Response plan to manage the event.
Ransomware is new and different – are you ready?
Ransomware is a relatively new threat so systems and plans created a few years ago may not give due attention to the risk of ransomware. Review your plans in light of the increased likelihood of a ransomware attack.
Backups are your best defence
Since backups are the best defence against ransomware in most cases – how can you be sure that your backups and the systems that manage them (and the restore operations) are protected against ransomware themselves.