NCSC CEO Lindy Cameron has warned UK businesses that ransomware “is the most immediate cyber threat” they face.
During a speech at Chatham House’s cyber conference, Cameron made the remarks, marking one year since she was appointed head of the UK government agency. She cited numerous examples of the real-world damage caused by ransomware attacks in the past year. This includes the attack on Ireland’s Health Service Executive, which led to “months of disrupted appointments and services” and the disruption to vital services at Hackney Borough Council in the UK due to its IT systems being forced offline for months. In addition, she highlighted the notorious attack on Colonial Pipeline in the US, leading to significant fuel shortages across the East Coast.
These examples show why ransomware is the most immediate threat to UK businesses and most other organizations, “from FTSE 100 companies to schools; from national infrastructure to local councils.”
It is the latest in several warnings made by Cameron about the recent threat of ransomware.
Cameron said many organizations “have no incident response plans, or ever test their cyber defenses.”
This needs to change, with the NCSC expecting ransomware attacks to continue growing for the foreseeable future. This issue is exacerbated by increasingly sophisticated methods being employed by some groups, such as multi-extortion attacks, which in addition to closing down an organization’s systems and data, the attackers threaten to publish exfiltrated data on the dark web.
Unfortunately, “we expect ransomware will continue to be an attractive route for criminals as long as organizations remain vulnerable and continue to pay,” continued Cameron, who warned that “paying ransoms emboldens these criminal groups – and it also does not guarantee your data will be returned intact, or indeed returned at all.”
“Paying ransoms emboldens these criminal groups – and it also does not guarantee your data will be returned intact, or indeed returned at all”
She acknowledged the role of governments in tackling ransomware gangs, but noted how challenging it is for law enforcement is in this area due to criminals being able to operate “beyond our borders.” Therefore, organizations need to do much more to enhance their cybersecurity and incident response measures. “Do you know what you would do if it happened to you? Have you rehearsed this? Have you taken steps to ensure your systems are the hardest target in your market or sector to compromise? And if you’d even contemplate paying a ransom, are you comfortable that you are investing enough to stop that conversation ever happening in the first place?” Cameron asked.
In the speech, Cameron also pointed the finger at the Russian state’s “cyber aggression,” and for harboring ransomware gangs. “In addition to the direct cyber security threats that the Russian state poses, we – along with the NCA – assess that cyber-criminals based in Russia and neighboring countries are responsible for most of the devastating ransomware attacks against UK targets,” she outlined.
Commenting on Cameron’s words, Chris Ross, SVP, International, Barracuda Networks comments: “It’s right for the NCSC to identify ransomware as the biggest threat facing UK business, these attacks have the potential to completely paralyze any organization, hijacking critical data and forcing many to handover large sums of money to break free.
“The days of businesses hoping for the best and assuming they won’t fall victim to a ransomware attack are well and truly over, and urgent action needs to be taken to prevent such threats and ensure the necessary backup support is in place to protect compromised data.”
Torsten George, cybersecurity evangelist, Absolute Software, said: “Ransomware is without doubt the biggest threat facing UK businesses and remains a frighteningly effective tool for leaving organisations of all sizes completely at the mercy of cyber-criminals. The risks have dramatically increased with the rise of remote working, with millions of people mixing home and work devices to answer emails and share company data, making it easier for employees to fall victim to scam emails which contain hostile threats.”
During Cameron’s address, she also discussed the threat posed by China in the digital space and the growing danger of supply chain attacks.