By James Holton, Trustmarque’s Cyber Security lead.
Ransomware is back in the news, which is bad news. But the good news is, you can significantly reduce your risk by following some straightforward ransomware guidance. Unfortunately, there is no silver bullet, and relying on one single solution is likely to leave you at risk. A measured approach, delivered in depth is the guidance given by Trustmarque, Capita, and the NCSC.
Very simply speaking ransomware is a type of malware that holds your data for ransom and demands a payment (normally in a crypto currency like bitcoin). It can affect anything from a single isolated laptop, where the inconvenience is minimal, to a mission critical server which holds sensitive data, and if it does then the criminals ransomware demands can jump from the hundreds to tens of thousands and the organisation is left crippled.
When data is the new gold, ransoming that data is big business.
It’s big news and it’s big business. This could explain why we’re seeing a rise in enterprise ransomware against an overall decreasing number. The average organisational ransom in 2019 was between £10,000 and £28,000.
One of the most infamous examples is WannaCry in the NHS – the Department of Health and Social Care has put the cost of WannaCry in the NHS at a cost of £92m in direct costs and lost output and it affected at one-third of NHS trusts and approximately 8% of GP practices in England.
Our strong advice to our clients is not to knee jerk and buy a single technology thinking it will solve the threat in one fell swoop. It’s likely that approach and overconfidence will leave you more exposed than before. Here we’ll provide some guidance on how to balance your approach and how you can deliver that security in depth with your vendors and partners.