Extortion and espionage are the two largest growth areas of Cybercrime within 2021. The COVID-19 pandemic has accelerated this growth, as businesses quickly mobilised for home working to retain operational capability. Whilst technology has been a shining light within the Lockdown environment, the sudden switch of systems, working and our digital behaviour has created opportunities for criminal gangs and fraudsters.
One particularly worrying area of growth is the continued rise of ransomware, an insidious software which encrypts data and systems, rendering them inoperable. Ransomware continues to evolve, with latest variants built to ‘discover’ the organisations backups in an attempt to corrupt them and leave an organisation with a bitter pill to swallow; pay up or lose everything. Further, ransomware is now designed to exfiltrate data, with attackers threatening to release confidential personal, financial, contractual and IP data within the seedy underbelly of the internet. This opens the door to litigation, regulatory fines, reputational damage and the potential loss of both clients and suppliers. With these severe consequences exposed, the UK government estimate that ransom amounts have tripled threefold, since the start of the pandemic.
Espionage by foreign states has also seen a dramatic rise. As the connected world becomes more global, governments have discretely turned to shadowy gangs and illegal organisations, as a method to steal highly confidential state secrets and expensive R&D projects. The 2021 SolarWinds attack, a company who provide services to many of the world’s governments and bodies highlights this perfectly. By compromising a security patch SolarWinds had created, attackers were able to target a single company and use that as a vehicle to access confidential data of numerous enterprise level businesses and public bodies.
I often describe Cyber Security as a complex puzzle made up of lots of simple pieces. Effective security is layered across People, Process, and technology and more often than not, simple measures can be used effectively to repel the majority of attacks. Awareness is key, and that starts by recognising that Cyber Risk is now the key risk any organisation faces, and effective mitigation is best achieved through cultural awareness and change, throughout the whole of an organisation.
William will be presenting at our Cyber Seciruty Webinar 9 June 202, register your place here.
Guest Blog provided by William Taaffe- COO Lockdown Cyber Security