Some of the biggest names in global cyber security have come together in Gloucestershire at a recent event hosted by cyber security company Core to Cloud to address the ever-growing threat of ransomware to local and national businesses.
Cyber specialists from international organisations Cybereason, Cylera, Vectra, Stealthbits, now part of Netwrix, and Pentera joined Core to Cloud at their Cirencester offices to exchange intelligence and advice.
The theatre was packed with business owners, cyber students and ransomware specialists all keen to discover ways on how to combat the malicious malware which caused losses of over £353,000 in the South West between 1 June 2020 to 1 June 2021 through 190 reported extortion threats, according to National Fraud Intelligence Bureau reports.
“Ransomware attacks have surged in 2021 and ransom demands are increasing rapidly,” said Adrian Culley, senior sales engineer at Cybereason.
“It’s possible for organisations to defend against ransomware from the earliest stages of an attack. However, this cannot be achieved using legacy technologies that rely on threat intelligence derived from commodity or other ‘known’ attacks.
“The key to ending ransomware attacks is to minimise the period between the moment when a RansomOps attack first infiltrates an environment and the moment when the security team can detect and end it. Therefore, deploy an extended detection and response product on all of your endpoints,” added Culley.
Attacks are reported to be up 900 per cent compared to last year, with Tesco, the Labour Party members’ data, and the luxury jewellery firm Graff among the list of most recent victims.
Mark Liddle, co-founder of Core to Cloud, said: “The ransomware industry costs UK businesses a total of £346 million a year, with the average cost of cyber-attacks on British business at £4,180.
“With the growth of the Internet of Things and the Internet of Medical Things organisations across all sectors are ever more vulnerable to attacks through connected devices, and the healthcare sector is among those at greatest risk.
“So, to help the industry stay on top of the threats, every three months we’re hosting ransomware forums – one for commercial businesses and another specifically for the NHS and wider healthcare sector.
“The forums will bring together the best brains in cyber security and specialists in healthcare security like Cylera, to work as a combined force and knowledge share and stay one step ahead of cyber-criminal gangs.”
David Lomax at Vectra and Shakel Ahmed from Pentera said: “You can never be 100 per cent protected against any cyber threat. The key is to have clear visibility of your network at all times via a detect and visibility platform, continuously validate the security of your entire attack surface, and constantly test, test, test like you’ve already been attacked, so any vulnerabilities are immediately flagged and shut down.”
“Should malware get in, then their dwell time can be anywhere from three months to two years before they take control of your systems,” added Adrian Culley of Cybereason, “so security that also detects, contains and ‘kicks the hacker out’ of your network is important.”
But should you pay up if faced with a ransomware demand? A unanimous ‘no’ from the cyber expert panel as organisations that pay up are at greater risk of being ‘hit’ again.
“Whether to pay the large ransom fee or not is an almost impossible decision for any organisation that can’t operate without their data as well as the fear of a hefty GDPR fine if public data is exposed.
“It’s one that can make or break a business either way but if you pay once, then data shows that cyber criminals will come back for more. Furthermore, less than 10 per cent of businesses get all of their data back,” added Mark Liddle.
The four-point plan to future-proofing your organisation against ransomware:
- Visibility – have a holistic view of your network at all times to uncover any hidden threats and to have a clear picture on what needs protecting and against what.
- Validation – as cyber-attacks become more sophisticated penetration and stress test your IT environment constantly, mimicking an attack so you know that your cybersecurity controls are functioning properly should a threat occur.
- Governance and Control – implement clear governance and control measures so the entire organisation is consistent on its cyber strategy around how you detect, prevent and respond to cyber incidents.
- Incident response – the reality is that sometimes attacks and breaches slip through the cracks, no matter how strong your cybersecurity posture is, so have an organised approach to manage the aftermath with minimal disruption, damage and costs to the organisation.