The head of the NCSC (National Cyber Security Centre) has warned that “most of the devastating ransomware attacks against UK targets” originated in Russia and that not enough organisations in the UK are adequately prepared to deal with the threat.
Addressing the Chatham House Cyber 2021 conference to mark her first year as the NCSC’s CEO, Lindy Cameron considered four themes affecting cyber security today: “the ongoing impact of the pandemic; the ongoing threat posed by ransomware; the growth of supply chain attacks, and the strategic technological challenges we face”.
Of these, she called ransomware “the most immediate danger to the UK, UK businesses and most other organisations – from FTSE 100 companies, to schools; from critical national infrastructure to local councils”.
Incident response plans
The reason ransomware is so dangerous, Cameron said, is that too few organisations have incident response plans or test their cyber defences. Moreover, the threat is exacerbated because it is challenging to police it and the attackers’ methodology is “evolving as they seek more effective ways to make money” by threatening to publish exfiltrated data online.
And as long as organisations are willing to pay ransoms, criminals will be motivated to continue carrying out ransomware attacks.
Although the NCSC is “redoubling” its efforts to tackle ransomware, Cameron was clear that victims could also take action: “responsibility for understanding cyber security risks does not start and end with the IT department. Chief executives and boards also have a crucial role – and we have advice for them too. I don’t think any chief exec would get away with saying they don’t need to understand legal risk because they have a General Counsel. I think the same should be true of cyber risk. This is a board-level issue.”
Preparing for and responding to ransomware attacks
Boards that need help preparing for and responding to ransomware and other cyber attacks should look to our cyber incident response management services for all the support they need.
Cyber Incident Response – Emergency Support
If you suffer a cyber security incident, we can support you by:
- Reviewing the evidence of the incident to determine its nature and extent;
- Advising on communications both internally and externally, including to authorities, the media and suppliers;
- Advising on the measures necessary to contain the incident, limiting its spread and reducing the harm;
- Directing the available resources to manage your recovery activities, using those resources to recover from the incident as quickly and effectively as possible;
- Providing key information about the incident and the response to management and staff involved in response activities, and about what your organisation can learn from the incident;
- Gathering and preserving critical information about the incident, which can be passed to authorities and used to prevent future incidents;
- Showing you how to proceed following the incident, including what to prioritise, which resources need to be allocated to resolve the issue, and which internal and external parties need to be notified; and
- Reviewing your incident response procedures following the incident to highlight improvements and inform your planning. This is where our consultancy services can help you avoid incidents and ensure you are appropriately prepared should you be breached again.
The Cyber Incident Response – Emergency Support service is based on a combination of the best-practice cyber incident response framework developed by CREST and the international standard on incident management, ISO/IEC 27035.