Ransomware is the key cyber threat facing the UK and the public and business must take it seriously, the head of the NCSC warned this week.
Speaking virtually to an audience at the Royal United Services Institute (RUSI) Annual Security Lecture, Lindy Cameron warned that for the vast majority of UK citizens and organisations the primary key threat is not state actors but cyber criminals.
She noted that the ecosystem is evolving through the Ransomware as a Service (RaaS) model, whereby ransomware variants and commodity listings are available off the shelf for a one-off payment or a share of the profits.
As the RaaS model has become increasingly successful, with criminal groups securing significant ransom payments from large profitable businesses who cannot afford to lose their data to encryption or to suffer the downtime while their services are offline, the market for ransomware has become increasingly “professional”.
The NCSC has published guidance to help organisations protect themselves from malware and ransomware attacks.
We have also recently published a blog post about what board members should know about ransomware and what they should be asking their technical experts.
The NCSC has published Lindy’s speech as delivered in full.
Report highlights pressures on staff working from home
In a recently published report, 36% of staff working from home shared that they felt forced into ‘bad security behaviours’ while working from home.
The report, which polled more than 4,000 employees and IT professionals across UK and US organisations, claims that security workarounds have increased since more people have been working remotely, potentially increasing the risk to their employers.
Over a quarter of those polled admitted to making mistakes but were worried about reporting them for fear of disciplinary action.
And more than half (54%) of senior IT staff said they were worried about infected devices being brought back into the workplace, with the increased risk of ransomware also highlighted.
It is vital organisations encourage employees to speak up, report concerns and assign no blame when it comes to following cyber security practice.
The NCSC’s Board Toolkit provides plenty of resources to help organisations make cyber security a priority, including advice on developing a positive security culture.
Advice on preparing your organisation and staff for home working is available on the NCSC website. A ‘home and remote’ working exercise has also been included in the NCSC’s Exercise in a Box toolkit