Ransomware is just the start of the cyber challenge facing UK businesses in 2022

The National Cybersecurity Centre’s (NCSC) latest report of a ‘hacking epidemic’ in the UK is a stark confirmation of what’s been ramping up over the last two years. Ransomware is just the face of a larger cybersecurity challenge the UK is now facing. The fact is cybersecurity must now be a core element of an organisation’s planning and operations, and they must be doing everything possible to protect themselves from all types of threats. Those that prepare now will be in a much better position to combat an increasingly complicated threat landscape.

IDGConnect_ransomware_UK_cybercrime_2022_ shutterstock_2035174412_1200x800
Shutterstock

This is a contributed article by Ian McShane, Field CTO, Arctic Wolf.

Whether you’re the in-house industry expert or equally a key decision maker in a leading UK business, there seems to be only one word dominating the mainstream cybersecurity agenda for everyone right now, and that’s ransomware. 

It’s understandable too, the UK’s National Cybersecurity Centre’s (NCSC) latest report of a country-wide ‘hacking epidemic’ is just a stark confirmation of what’s been ramping up over the last six months. A greater frequency in attacks - doubling in the past year according to GCHQ - coupled with a particular surge in ransom demands from criminal hackers, means ransomware is the established threat the UK government is finally waking up to, as businesses face more sustained threats to their operations and reputation.

Even insurance companies, that had long underwritten significant cybersecurity policies without really digging into the shifting (and expanding) threat landscape, are quickly growing weary of providing coverage to businesses. A recent report by Reuters shows a 50% reduction in cyber coverage while ransomware payment demands surge in frequency and in size. The result is major losses for insurers, and rising costs for businesses who may no longer even be eligible for protection to begin with.

While the surge in attacks is undoubtedly a grave concern, the other alarming trend is a lack of preparation and forward planning, with many businesses struggling to put sufficient measures in place to defend themselves against these attacks. Our research has found that nearly half of UK executives, just to deal with the problem, are willing to pay at least a five-figure ransom to resume their business operations, while a fifth, incredibly, have knowingly concealed a cyberattack to preserve their company’s reputation. And if the cyber insurance backstop is drying up, the stakes are only getting higher. 

Lindy Cameron, CEO of the NCSC, has urged UK businesses ‘not to pay’ a ransom in the interests of collectively keeping the UK safe. While acknowledging commercial pressures are at play here, there is definitely some logical sense to this. Businesses need to start fighting fire with fire, and flex their cybersecurity confidence in times of adversity. This not only will break them out of a vicious circle of being at the mercy of bad actors, they will also benefit from a healthier bank balance and reduced downtime too. At the same time, calls to not pay ransoms have the potential to cripple a lot of businesses, illustrating just how complicated and complex the cyber threat landscape has become. 

If we’re struggling to cope with ransomware attacks now, what about the other emerging cybersecurity threats that will inevitably land on our doorsteps? While its low barrier to entry and obvious financial gain mean it is here to stay, the basic tactics of ransomware groups are ultimately just the start of a much larger cybersecurity challenge UK businesses are now facing as we head into 2022 - and I’ll explain why.

One discussion currently being significantly overlooked is the ever-more complex and evolving threat landscape that businesses will need to prepare for heading into next year, as the array of emerging and vexing tactics continues to grow. The cybersecurity incident involving the Amazon owned streaming platform Twitch earlier this year, where bad actors exercised extortion instead of ransom demands, is just one serious and significant example of how adversaries are moving the goal-posts to improve the chances of getting paid. With governments starting to add laws and legislation, and advising organizations not to make payments, criminals are now finding new ways to wreak havoc in mature, well resourced systems , without needing to lock this up in ransomware - potentially keeping more of these types of incidents out of the spotlight. It’s a signal that the calculus for businesses in times of crisis is becoming exponentially more complex when a threat actor’s objective is extortion and chaos instead of a straightforward lockup of data and demand for a ransom payout. 

Ultimately, ransomware now has to be viewed as the UK’s smoking gun for a bigger cybersecurity challenge that we must start addressing seriously, and urgently. Reactive, preventive measures won’t be enough; businesses need to prioritise their security operations and technologies, by putting in place more robust response plans to protect themselves from all types of attacks. When the inevitable happens, it’s crucial a company response is battle-tested to minimise impact on their operations.

A positive step that organisations can take is to recognise they don't have a cybersecurity tools problem, but an operational one. Businesses should focus on eliminating alert fatigue using modern threat detection and response technology that gives their security teams the ability to embrace a “quality not quantity” approach to their day-to-day investigations, while also implementing more tailored risk management processes and equipping their non-security colleagues with the knowledge they need to spot attacks. These multiplier forces will have a positive effect on an organisation’s overall security posture, enabling staff to build strategic initiatives and key cybersecurity priorities while also reducing the risk of any type of attack to begin with.

The ransomware and ‘hacking epidemic’ in the UK is just the beginning of a new era for cybersecurity. It's an unfair fight that seems to always grant the advantage to nefarious threat actors leaving a trail of real impact on UK businesses and consumers. However, if those businesses prepare now, prioritise their security operations and make better use of their existing tools and investments they already have, they will be in a much better position to combat a minefield that is progressively becoming more complicated -- earning back the advantage in a very unfair and uneven fight.

Ian McShane has over 20 years’ experience in cybersecurity and operational IT. As a former Gartner analyst, he has advised the largest and fastest growing technology companies in the world as well as tens of thousands of organisations world-wide. McShane is well known as a trusted advisor and popular commentator in our industry, and prior to joining Arctic Wolf he has spent time at Symantec, Gartner, Endgame, Elastic, and CrowdStrike.