Staying informed about cyber security and cyber threats has never been more important.
Every day our personal lives and the organisations we work for are becoming increasingly digitised. The pandemic has accelerated the move to working remotely: employees are out of the office, and online interactions have never been more important for businesses.
Cyber criminals are using this to their advantage. It’s estimated that between May and June 2020, the UK experienced a 31% increase in cyber crime.
In our second instalment of the Cyber Security from the Inside Out blog series, we begin to focus on breaking down key cyber topics to make it easier for your people to understand and protect themselves against threats.
Today we are focusing on ransomware, specifically what it is, sharing some well-documented examples, and some advice about staying safe.
What is ransomware?
Ransomware is a type of malicious software which, upon infecting your computer, encrypts your files and disables your access to them, or locks you out of your device altogether. As the name would suggest, the malware then demands a ransom to be paid, usually in the form of an untraceable cryptocurrency, for your files to be returned or to regain access to your device.
There are many ways in which ransomware can spread. Here are a few of the most common techniques employed by cyber criminals:
Malicious email attachments or URL’s.
Vulnerabilities in software.
Drive-by downloads (where consent or activation from the user is not needed for malware to infect your device).
Self-propagation (when malware spreads from one device to another within a network).
Ransomware in the news
Ransomware is causing problems for businesses of all shapes and sizes, and big IT budgets are not always the answer in preventing these kinds of attacks. A report by Sophos shows that 48% of surveyed UK organisations were victims of ransomware in 2020.
NHS
In May 2017 the WannaCry crypto worm infected Windows-running computers all over the world, demanding $300 in Bitcoin per device to release encrypted user files. This included thousands of NHS computers, causing major disruption to a number of NHS trusts. Patient files were rendered inaccessible, putting lives at risk. It is estimated that 6,900 appointments were cancelled due to the attack.
University of California
The School of Medicine at the University of California became the target of a Netwalker ransomware cyber attack in June 2020. The higher education organisation paid a huge $1.14 million to the cyber criminals to regain access to its files, negotiating this down from $3 million.
The institution was targeted by ransomware again in April 2021. This time the breach involved a vulnerable third-party file transfer software. Screenshots of personal information were obtained by the cyber criminals.
Harris Federation
The educational institution, which runs close to 50 primary and secondary schools in the London area, was attacked by ransomware in March 2021. As a precaution the trust was forced to shut down its IT services. Telephone and email systems were temporarily disabled, meaning that around 37,000 students could not access their email accounts.
Colonial Pipeline
The Colonial fuel pipeline, which runs from Texas to New Jersey, was targeted by a cyber criminal gang in May 2021. The pipeline is the biggest supplier of fuel to the United States’ east coast. The disruption was huge.
To avoid a shortage of fuel, emergency legislation was even put in place in 18 states to relax the rules on transport of petroleum products by road.
Keeping your organisation safe
Statistics show that 9 out of 10 cyber security incidents are caused by human error. It’s easy to see how this can be the case when further research reveals that less than a third of UK employees have had cyber training in the past year.
It’s crucial that we all think beyond firewalls, antivirus software, and local backups when it comes to staying cyber safe. While these measures are vital, human behaviour is also of significant importance.
In order to truly protect your organisation you have to keep your team engaged with cyber safety and knowledgeable about cyber threats.
Keeping your people safe
There is a lot you can do to keep your people safe from cyber crime. The key, as outlined by Kelvin Murray, Senior Threat Research Analyst at Webroot, is that it’s not just about one initiative or campaign, but a sustained programme of awareness raising combined with the appropriate technology:
‘Security awareness training should be implemented for staff [and students] from day one, ensuring that they are vigilant in scrutinising the types of emails they receive. This should be underpinned by cybersecurity technology such as email filtering, anti-virus protection, and sensible password policies.’
Let us do the work
Our cyber safety communications and behaviour change programme, CyberSafe, contains everything your people need to know to keep themselves and your organisation safe online. It follows science-backed change management and behaviour change methodologies, proven to support long-term behaviour change.
Getting your people on board and engaged with cyber safety is key to keeping your cyber security high, and your cyber security investments worthwhile. What are you waiting for?
Feeling stuck or need help bringing your communications ideas to life? Curious about what CyberSafe could do for your organisation? Send us an email hello@insideoutconsulting.co.uk or visit our website insideoutconsulting.co.uk.