The recent cyber-attack on Redcar Cleveland Borough Council has shown how vulnerable those in the public sector, and many in the private sector, remain to cyber criminals. Although ransomware attacks appear to be decreasing in number, they are becoming more targeted. We have seen attacks on public services including the attack on NHS in 2017, Lake City in Florida (where the authority signed off a $600,000 bitcoin payment) in 2019. Figures suggest that there were 620 attacks on public services in the US in 2019.
A ransomware attack can quickly turn into a company’s worst nightmare. Within minutes infected devices can encrypt large amounts of vital, and often in the case of the public sector, highly sensitive data. In order to recover their data, organisations are coerced into paying hefty ransoms- typically via untraceable cryptocurrencies such as bitcoin. The more targeted attacks have also led to a steep increase in the average ransom demands. Even if organisations pay the ransom, it is unclear whether all are able to restore their infected data.
The nature of these attacks and the sensitive data held by most public-sector organisations, makes any attack on the public sector particularly disturbing. With consumers more aware than ever about the value of their data held by organisations and the importance of making sure that it secure, any attack is now a high-profile event. Organisations are scrambling to protect themselves before they too are targeted.
The difficulty of this approach is that investing in defence is a losing battle. Cyber-criminals are always one, two if not three steps ahead of those preparing, the nature of an internet-connected system means that attackers always have the advantage. Organisations shouldn’t give up hope though as AJ Thompson, CCO at Northdoor explains:
“When it comes to containing the destructive and disruptive impact of ransomware, the most important capability is a robust, resilient approach to data protection. In this respect, many of today’s best practices are around data backup and disaster recovery offer little to no resistance against a ransomware attack. Continuous data replication to a secondary data centre, for example, is insufficient to protect against ransomware because it offers no straightforward way to identify the point at which the infection began.
Running continuous backups means that it is possible for existing backed-up files to be overwritten by the encrypted versions- potentially leaving the business without a clean copy of data to restore from. This approach also introduces the risk of ransomware software itself being backed-up. In this scenario, even if the business can restore unencrypted data from an earlier back-up, the encryption process may simply begin all over again.
One method that some organisations are exploring in the fight against ransomware is immutable, unchangeable data. By storing data backups in a write once, read many (WORM) format, businesses can ensure that it cannot be encrypted by attackers; allowing for fast, complete recovery and thereby disarming the ransomware threat.”
“The threat from unscrupulous cyber criminals is a real one. There is no getting away from this threat and the fact that they are getting increasingly sophisticated. There are however, ways organisations can take the fight back. The value of data is not going to go down any time soon, it therefore, remains a tempting target for criminals,” concluded Thompson.