Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Ransomware: how UK businesses can curb the threat in response to a rise in figures

November 2022 by Members of Software Development Association of Poland (SoDA)

At a time of mounting economic pressure, latest research reveals UK organisations experience sixth highest number of global ransomware attacks
Latest research published by the European Union Agency for Cybersecurity (ENISA) reveals just how threatening ransomware poses to the UK and its organisations. The UK is the sixth most attacked nation on the global stage when it comes to ransomware.

The current financial pressures surrounding UK businesses and organisations comes during a period of uncertainty as cybercrime continues to cause havoc following its rise in popularity during the pandemic. Dominik Samociuk, Head of Security at Future Processing, member of Software Development Association of Poland (SoDA), believes that UK organisations can take action to protect themselves from future attacks.

Samociuk said: “Ransomware attacks has become a trending topic in recent years, with some believing we are in the ‘golden era’ for cyber criminals. The rapid development of digital currencies and black markets for malware and viruses has helped individuals or groups of attackers to target people, organisations, and institutions more aggressively.

“In the immediate term, utilising either an internal or outsourced security team alongside the IT department, who have autonomy to authorise device and software updates at any time is a must. Furthermore, security teams must have the power to implement a zero-trust policy across all devices as well. Delegating these measures to a dedicated security team is a first step to minimising the risk of unsanctioned and unpatched applications into an organisation’s infrastructure.

“Humans are still the weakest link in cybersecurity, so there is increased investment on employee’s cybersecurity awareness. This helps to reduce the risk of phishing emails, malicious web links, and virus-laden software. End-users remain prime targets though, so maintaining awareness is crucial to protect an organisation’s entire IT ecosystem.”

Sebastian Mil, QA Team Manager, AllSTARSIT explains: “The rapid pace of ransomware innovation and evolution often outpaces that of many companies’ capacity. Preventative methods such as antivirus or malware detection software to protect endpoints are a core part of many businesses approach. Organisations taking the necessary steps must not take their foot off the pedal when it comes to cybersecurity. Always be prepared with the appropriate backup or ‘Plan B’ if initial measures fail to get the job done. Ransomware attack tactics are in constant change, so cybersecurity strategy must also evolve continuously and cautiously.”

Damian Dworakowski, Security Auditor at ProtectHut outlines the solutions on offer to combat the rising threat: “As ransomware has grown in popularity, so has the plethora of security solutions on offer. But the resources needed to operate these solutions can often be out of reach for many businesses and organisations. It requires skilled teams to operate the tools 24/7. Not every company can afford this, and if it has the resources, it does not know how to start implementing a security operation centre department or at least hire competent, dedicated security officers.

“If a business does not have the resources to implement the physical solutions, then employee knowledge will be the next best form of defence. The security knowledge of technical staff is not the only factor affecting security. Unless outsourcing is used, constant care should be taken to improve staff knowledge. Understanding and awareness of digital risks among all employees should always be taken care of. They are the ones who open emails with potentially malicious attachments, run the macro function in documents, provide login details on various more or less trustworthy systems and websites,” concludes Dworakowski.

Samociuk continues: “Employees’ knowledge of phishing recognition, cyber hygiene, user account protection, password construction, and regular refreshing and testing of this knowledge, can significantly reduce the possibility of an attack on our company.”

For UK organisations, Samociuk believes consistency in cybersecurity operations is critical to ensure they withstand the global threat caused by cyber criminals.

“If UK organisations want to climb down the ransomware attack table, then further education and investment is required. Leveraging the latest solutions will be easier for those with deeper pockets, but this does not mean SMEs and those at start-up level should neglect staff with the necessary training of the threat posed by ransomware. At a time when the cost of running a business is so high, falling victim to ransomware right now could be the difference between sinking and swimming in these choppy financial waters,” concluded Samociuk.


See previous articles

    

See next articles