In its 2021 review, the National Cyber Security Center said ransomware is now the single most important cyber threat the UK faces – potentially as dangerous as state-sponsored espionage – with frequency and the severity of ransomware attacks showing no signs of abating.
The annual review published by the National Cyber Security Center (NCSC), the UK’s technical authority for cybersecurity, illustrates the severity of the ransomware threat in the UK.
The report reveals that the onslaught of ransomware attacks shows no signs of slowing down in the future. In the first four months of 2021 alone, the NCSC reports that it handled the same number of ransomware incidents as it did for all of 2020 – a number that was already more than three times higher than in 2019.
According to the DCMS Cyber Security Breaches Survey, published in March 2021, 39% of all UK businesses (2.3 million) reported a cyber breach or attack in 2020/21.
The report also highlighted the increased threat of supply chain attacks. Notably, in March 2021, an attack on vulnerabilities in Microsoft Exchange servers resulted in the compromise of at least 30,000 organizations in the United States alone.
This is the fifth annual review published by the NCSC, examining key cybersecurity developments and highlights from September 1, 2020 to August 31, 2021.
The report also highlighted the threat of “double extortion,” a tactic used by gangs that involves the threat of sensitive data leaking online if victims refuse to pay. The report says it is almost certain that such cases of stolen data leaks will increase, and that more UK victims of the double crime are very likely.
Steve Arlin, ProLion, a provider of proactive ransomware and data protection solutions, said: “This report prioritizes the need for action. As an organization puts the right protection in place, the potential impact of a ransomware attack diminishes.
“The latest tactics used by cybercriminals are ruthless, ruthless and potentially deadly for an organization. With the added threat of double extortion, once in a position where ransom payment is demanded, the likelihood of getting your data and reputation back safely is incredibly slim.
“The report presents a truly frightening picture – cybercrime continues to escalate, and as we see time and time again, ransomware is a serious threat to all of us.”
A separate report compiled by Keeper Security – the “2021 Cybersecurity Census Report” – focuses on the experience of the UK retail sector, revealing that businesses have suffered 44 cyber attacks in the past 12 months – approximately one every 8 days.
In light of this, three-quarters (77%) of retailers believe the number of cyber attacks they face will only increase over the next 12 months and, with it, further disrupt the entire ecosystem. of retail.
The retail sector has come under immense pressure over the past 18 months, with retail frontlines battered by the Covid-19 pandemic, closing shops on main streets across the UK and then made worse by the main supply chain issues resulting from Brexit. Now, the increasing number of cyber attacks are causing additional headaches.
The Keeper study found that successful cyber attacks on retailers caused serious disruption to partner and customer operations (34%); the supply chain (33%) and a retailer’s ability to negotiate (29%).
The response from the retail sector has intensified due to this unwanted activity: 41 percent of respondents said IT has been their top investment priority over the past year. The vast majority of retailers (86%) know where the gaps or weak links in their cybersecurity defenses lie, although only 35% claim to fill them all. Some vulnerabilities therefore probably still exist and could be exploited by bad actors.
Senior IT executives in the retail industry would like cybersecurity to become a board-level issue, with four in five (78%) requesting that a board member focus specifically on the cyber wellness of the company. At the same time, retailers are aware that they cannot solve all of their cybersecurity issues on their own, especially since they are currently considering an attack on a cloud provider they could use as their biggest advantage. high vulnerability in cybersecurity.
Darren Guccione, CEO of Keeper Security, said: “Cybercriminals target retailers because they see them as an easy target, and the rewards for a successful breach are vast given the data pools a retailer is likely to have. have on his system.
“More than half of employees working in retail do not understand the cybersecurity implications of poor password hygiene, highlighting how critical it is not only to improve current training in password protection. cybersecurity, but also to ensure that the right IT staff are in place from the start. start.”
Sign up for E&T News email to receive great stories like this delivered to your inbox every day.