Vitanium’s Technical Director, Paul Houselander, on Ransomware and the National Cyber Security Centre’s Latest Speech

Is ransomware the most serious cyber threat?

A lot of people have asked my opinion of the recent speech given by Lindy Cameron, the chief executive of the National Cyber Security Centre (NCSC). She said ransomware “presents the most immediate danger” of all cyber threats faced by the UK right now. People have been horrified reading about the potential danger that ransomware and cyber-attacks might pose to the country, but I have to say that I’m not shocked, I’ve been in the business for twenty-five years, so while it’s certainly on the increase,  it’s nothing new for us.

Ransomware and cyber-attacks are very real, at Vitanium we see at least a few cases every month of people who were unprotected and now need our help to restore their data. Yes, we’ve all heard about the highest profile attacks like Solar Winds, and the devastating effects they can have, but what concerns us, as a business with many SME/SMB customers, are the cases of ransomware and data corruption that don’t make it into the newspapers. People have got the idea that ransomware only happens to large and powerful companies but, as I always tell clients, the automated systems make no distinction they are simply looking for a route to exploit, a way into your device or network. Then the cyber criminals will decide exactly how to exploit you and what that might be worth.

Do you want to be forced to make a choice between losing money or data, or even both?

Ransomware is real, it’s not going anywhere, in fact the scale and type of attacks are getting more and more sophisticated.  Quite often we see clients who don’t know how the attack happened by the time they talk to us. They need assistance in restoring data after realising they’ve been hacked. There’s no one way those criminals get into your systems, typically, it might start with a phishing attack although we are also seeing more and more cases of social engineering as a way of people gaining access; targeted attacks from disgruntled or compromised employees, hackers pretending to be IT departments, deep fakes etc.  As an IT business, we know that what Lindy Cameron outlined in her speech is a reality for everyone.

What can you do? First, realise that it can affect you and your data, whether you’re an individual or a company. Basic security is essential and if you’re not doing the following things, it’s only a matter of time before you fall victim to an attack:

Basic security

  • Patch management is vital – keeping your devices and software up to date.
  • Antivirus, spam filters and virus filters.
  • Cyber security awareness training for all staff.
  • Device encryption, a device with sensitive information is easy to grab and go.
  • Use Password Managers.
  • Enable Two Factor Authentication where available.
  • Apply the Least Privilege Principal in terms of who needs access.
  • Regular backups – essential but only if they’re done correctly!
  • A proper data audit.
  • Tested – a backup isn’t a backup unless it’s been tested. Build in a restore test schedule into any strategy.

Often with ransomware or data loss, the main problem we see isn’t just the attack itself, it’s the lack of awareness most people have around their data and the fact that this realization only dawns in a moment of panic.

I would advise everyone to do a thorough data audit, then act on it.

At Vitanium, we see too many situations where people only stop to take stock of their data once there’s a problem. One thing I’m keen to do is create more awareness about this. A lot of companies will admit they have a disaster recovery plan but it’s not worth the paper it’s written on. And there are some serious factors at play here for businesses, from a Recovery Point Objective (RPO) you should be asking, at what point do we restore our data from? What’s the value of it, the laws surrounding it?  Then there’s the Recovery Time Objective (RTO) – how long will it take you to get up and running again? If the answer is a week or more, how much business have you lost? These are important factors for any business to consider and they’re not difficult to plan for with the right back up in place that is regularly being tested.

After listening to the National Cyber Security Centre speech, it’s clear that ransomware and cyberattacks are going to get worse before they get better. We’re going to see an increase in the frequency and sophistication of attacks, and everyone whether a private individual or a company needs to make sure they have the basics covered.

From my perspective, at Vitanium, we see enough weekly evidence from customers to know that there is a real and dangerous threat to everyone who owns a device. Attackers don’t differentiate, they look for a weakness to enter a system then exploit it however they can.  We would never advocate paying a ransom for data, so the only option is to protect yourself.

I think it’s worth asking yourself the question, would you want to be put in the impossible position of either losing your data, or losing money and not even getting your data back? Without having backups in place, these are the decisions you may be forced to make. I’d like to see every user acting now before it’s too late, and I hope the media coverage this speech has generated motivates people to put a backup plan in place today.