According to the UK's National Cyber Security Centre, ransomware now represents the most immediate danger to the country’s national security.
Ransomware attacks have grown enormously during the Covid period, with estimates that North America has seen a growth of around 160% between 2019 and 2020. The severity of this crisis was illustrated by Lindy Cameron, the head of the UK's National Cyber Security Centre, who told at a recent event that ransomware represents the most immediate danger to UK national security.
"These comments should serve as a stern warning to all companies around the world," says Chris Harris, Europe, the Middle East, and Africa (EMEA) technical director at Thales UK. "As we have seen by the increase in attacks this year and diversity of victims – from SolarWinds to Ireland’s Health Service, Hackney Council, and the Colonial pipeline – no one is immune to a hacking attack and the impacts can be devastating."
Cameron said that cybercriminals are currently viewing ransomware as an extremely attractive source of criminal activity because organizations are not doing enough to protect themselves. Couple this with the growing willingness to either pay the ransom or use dedicated cybersecurity insurance to do so, and it has become an extremely attractive time for criminals to operate in.
Cameron's comments came at Chatham House’s Cyber 2021 Conference, and while the UK has not suffered the same level of high-profile attacks as seen in the United States, the threat is sufficient for her to rank ransomware as the most immediate danger the country faces.
Underestimating the threat
Cameron felt that her stark warning was justified as many organizations are failing to adequately plan, either for securing their systems in the first place or successfully responding to any attacks that do take place. This is often due to a combination of overconfidence in their systems and a lack of understanding about the nature of the threat they face.
“One of the biggest misconceptions around ransomware is that hackers are only after a quick payday and the only real damage done is to a company’s reputation,” Harris continues.
“The reality is that hackers have the ability not just to take files but impact the running of an entire organization – from taking down payroll to compromising critical national infrastructure which can have a detrimental effect on the public. In the worst cases, ransomware can also present a real physical threat to individuals’ lives, for example when hospitals are attacked and patients are put at risk.”
Cameron believes ransomware will continue to be a highly attractive means of attack for cybercriminals so long as the lack of preparedness within organizations continues, especially if this is accompanied by the high willingness to pay that exists today.
This easy retort to cyber insurance to pay the criminal's demands is not something she recommends as an optimum strategy, however.
Indeed, Cameron urges organizations not to pay for fear of emboldening criminal groups still further.
“All businesses must wake up to the wide-ranging risk of ransomware attacks and enact the right security and backup controls to ensure their entire company and its customers don’t become victims of a potential attack,” Harris tells me. “This means understanding where data is held and protecting it at its core with encryption measures that only those authorized can access.”
While the pandemic has provided a perfect storm for cybercriminals to exploit, Cameron believes it has shown the rich seam that ransomware presents, so she expects no let-up in attacks even as the pandemic eases. This is especially so as she believes there is growing interest in ransomware from state-backed groups who are using such attacks to gain vital information or simply to disrupt the operations of a rival.
One of the most pernicious approaches is to use cybercrime as a means of undermining trust in government.
This was certainly evident during the pandemic, where trust was so important to garner support for lockdown measures, vaccination plans, or other Covid-related strategies. Indeed, Cameron argues that criminal groups are regularly using Covid-themed attacks to scam the public.
Of these state-backed actors, she believes that both China and Russia are the biggest threat, although North Korea and Iran should not be discounted. Despite this growing threat, however, she still believes that the biggest threat most organizations will face is from traditional cybercriminals rather than state-backed groups.
Cameron hopes that by raising awareness of the threat posed by ransomware that organizations will begin to take things seriously, both in terms of investing in the cyber skills of their workforce and in the systems and processes to keep things safe.
Optimistically, the latest Digital Defenses Report from Microsoft illustrates that most cybercrime can be prevented by implementing fairly straightforward digital hygiene, such as multi-factor authentication, and ensuring digital devices are fully patched and kept up to date.
While these measures have obvious implications for organizations, Cameron reminds us that they are also increasingly taking on great importance in terms of a country’s national security. Hopefully, that call to arms will encourage more to take the matter seriously.