The all too regular news coverage of cyber-attacks highlights the damage, not only to IT systems and services but also the damage to trust, that can be inflicted on organisations.
The ransomware threat is neither new nor novel. It is a type of malicious software that infiltrates an endpoint with the purpose of encrypting all the files on it, and then demanding a ransom payment to release them back to the rightful owner. The threat traces back to 1989, when it first emerged on floppy disks sent to unsuspecting computer owners. It has gained disproportionate momentum since 2014, along with the rise of cryptocurrencies used across the globe, which enable cybercriminals to anonymously demand payment from anyone.
Ransomware was the most prevalent online threat in 2016, peaking at over 40,000 attacks per day. IBM X-Force researchers tracking spam trends noted that the rise in ransomware spam in 2016 reached an exorbitant 6,000 percent, going from 0.6 percent of spam emails in 2015 to an average of 40 percent of email spam in 2016. The situation only worsened in 2017. The worldwide outbreak in May was unprecedented in scale, however this type of attack has been affecting organisations for a number of years and is likely to only get more pervasive.
The shift towards financial gain has meant hacking has become a multi-million pound industry that is run like a multi-national organisation. For a relatively small outlay a hacker can expect a conservative return that is ten times the outlay. This can only mean that the attacks will become much more frequent, sophisticated and targeted. As the risk and impact of a security breach is becoming more serious the legal and regulatory landscape will continue to become more stringent as demonstrated by the upcoming General Data Protection Regulation (GDPR). Therefore all businesses regardless of size need to take Information Security seriously. Information Security is no longer an IT issue but now it is a business issue, where fines and reputational damage of a security breach could significantly damage a business.
SCC is constantly looking to evolve its offering based on the real threats faced by its customers and recognises the importance of maintaining a healthy and secure IT ecosystem. As such SCC provides customers with assurances in relation to the services it offers. In response to the well reported ransomware attacks, SCC took proactive steps to ensure all its customers were aware of the issues and the steps to take to minimise the risk. The company worked with
them to protect their IT systems and their data; this included steps customers could take to inform their user base of the threats of social engineering attacks, such as phishing and the steps they can take to protect themselves and their business.
As a member of CESG (the UK government’s National Technical Authority for Information Assurance), SCC receives updates on a daily basis as well as doing its own research of trends from other internet sources such as NCSC (National Cyber Security Centre) and CSO to name a few. These are all valuable sources of intelligence against the many and varied forms of attack vectors helping SCC to focus in the right areas to catch security threats before they reach its customers.