62% of cyber leaders in UK critical national infrastructure (CNI) organisations do not have a decision-making plan in place on whether to pay the ransom, despite rising ransomware attacks on CNI, according to new research by UK cyber security services firm Bridewell.
The research, which surveyed 521 cyber security decision makers in the communications, utilities, finance, government and transport and aviation sectors, reveals nearly eight-in-ten (79%) of cyber leaders in UK CNI organisations believe ransomware will significantly disrupt their operations in the next 12 months. Yet less than half have implemented critical measures to help prevent, detect, respond, and recover from ransomware.
According to the research, only 36% have a security information and event management (SIEM) platform that can help to detect a ransomware attack before the attacker completes their objective. Likewise, only 43% say they have implemented technical controls to prevent unauthorised access and stop key directories and files being deleted, overwritten or encrypted.
Gavin Knapp, Cyber Defence Technical Lead at Bridewell says: “All critical infrastructure organisations must be prepared to suffer a ransomware attack and have tailored response plans in place to deal with actors targeting both IT and OT operations. This should encompass third parties and remote access into the OT environment.
“Failure to prepare can result in the loss of IP, interruption to operations, and significant financial and reputational damage. It also often leaves organisations with no choice but to pay the ransom, which aside from being illegal in some countries, only further fuels the crisis.”
Threat groups and actors continue to see significant financial opportunities in the initial access broker and ransomware space, with modern day malware and intrusion frameworks increasingly adopting automated approaches to streamline and improve how they perform attacks. Bridewell is also seeing a significant reduction in the time between vulnerability disclosure and the weaponisation of ransomware, as well as a rise of ransomcloud attacks targeting weaknesses or legitimate functionality in cloud resources.
Yet the research found that only 46% are using cloud storage services with in-built ransomware protection, while just 42% have deployed a cloud access security broker. Concerningly, 84% say they have suffered at least one ransomware attack in the past 12 months, and 4 in 10 have suffered more than 5 attacks – an average of one every other month.
For more news updates, check out our May issue here.
Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922