The United Kingdom’s National Cyber Security Centre (NCSC-UK), has said ransomware is the biggest cyber threat facing the UK right now. More worryingly, the Cyber Advisory, released by the US, UK and Australian Governments, have highlighted a shift in targets – from big ticket to mid-market.
Eyes on the prize
The frequency of successful ransomware attacks is growing. At the same time, ransoms are getting bigger. Just last year, CNA Financial, one of the largest insurers in America, reportedly paid hackers $40 million to regain control of its network. It is believed to be one of the biggest ransomware pay-outs to date.
This may not come as a surprise. After all, financial services have long been a lucrative target for adversaries. As a provider of essential services with a treasure trove of sensitive information, any disruption could be devastating to their business and customers.
Now regulators are putting financial institutions on standby for retaliatory cyber-attacks should stricter financial sanctions be imposed on Russia as the crisis with Ukraine escalates. Any disruption from ransomware could bring services to a standstill and prove as harmful as state-sponsored espionage.
The mid-market threats
However, it’s not just financial firms that need to be on a heightened state of alert. The joint cyber advisory issued by the UK, US, and Australia points to new trends. Charities, the legal profession, education, local government, and health sectors, are all under attack.
The systemic shift from “big-game” towards mid-sized victims has been a trend for several years. There are 36,000 mid-size businesses in the UK turning over approximately £650 billion a year. These businesses have fewer resources, expertise and tools to defend against attack. Yet, they still have valuable assets that make them a lucrative target for ransomware attacks.
Levelling the playing field
Organisations in the mid-market must work quickly to establish their cyber defence strategies. The focus for mid-sized organisations must be operating at the same speed as attackers to stop threats wherever they proliferate across the network.
The top three successful ransomware infection vectors – phishing, stolen remote desktop protocols (RDP) credentials and exploiting vulnerabilities – are popular with attackers because of the increased use of remote working. Workers are no longer operating inside a defined and protected perimeter. This has widened the attack vector and given adversaries a chance to find ways in across web, email and cloud.
The Cyber Security Advisory misses the point
Many of the mitigation technologies and techniques mentioned in the Joint Cyber Security Advisory relate to advanced cyber security protection methods – which are too costly and complex for mid-market organisations. Of course, large organisations with 24×7 security operation centres can afford to deploy such methods. But, the shift from ‘big-game’ to ‘mid-sized’ victims, means the advice must be adjusted.
What’s needed is an intelligent platform that can integrate security solutions and autonomously take action to stop attacks at any time. Even at the weekend, when hackers are striking. To get started, we’d recommend you protect your largest attack surface first.
- Protect your emails at all costs: 90% of successful attacks originate in emails
- Integrate your defences: Don’t rely on isolated products: defend against multi-layer attacks
- MFA everywhere: Don’t give attackers an inch. Bolster those passwords with MFA
If you are worried about your attack surface, take our cyber health check to see where you stand.