The Scottish Business Resilience Centre (SBRC) recently surveyed more than 250 businesses in Scotland about their cyber preparedness and learned that more than a third (38 per cent) don’t feel prepared for a cyber attack.
It’s a worrying trend, especially given that the Sophos State of Ransomware 2021 report found that 35 per cent of British businesses were hit by ransomware attacks in the past year.
A ransomware attack works by cyber criminals encrypting an organisation’s files and holding data hostage until a ransom is paid.
These fees can be extortionate and not every business will be able to pay: DarkSide, one of the more prolific ransomware gangs, has made at least $90m (£63.4m) since August 2020 in ransom payments from fewer than 50 victims.
But even for those who can afford to pay, there’s no guarantee they will get all their data back in
a timely manner. In fact, separate research by Sophos found that companies are only able to restore an average of 65 per cent of their data even after paying a ransom.
Given these odds, it’s clear that businesses should focus their efforts and finances on improving
their cybersecurity defences in the first place and thereby limit the fallout of an attack, rather than assuming they’ll be able to pay a ransom and move on.
The most basic thing that an organisation can do to mitigate this is to check that systems including firewalls and antivirus programmes are up to date. Regular backups are vital, too: organisations are more likely to get their data back by relying on a recent copy than paying ransom.
It’s also important to make sure employees understand that cybersecurity isn’t just the responsibility of the IT department: everyone needs to know at least the basics of cybersecurity, such as not opening attachments or clicking links they weren’t expecting.
A strong cybersecurity strategy goes beyond this, to include role-playing and scenarioplanning that involves a broad range of people in the company to ensure preparedness.
Another consideration as part of a strong cyber strategy is around accreditations, particularly Cyber Essentials. This is a government-backed scheme which can prevent or limit the fallout from up to 80 per cent of common cyber attacks, including ransomware.
The rise of ransomware and what to do I which can prevent or limit the fallout from up to 80 per cent of common cyber attacks, including ransomware.
Only 42 per cent of the businesses we surveyed held the Cyber Essentials certificate – but it’s a simple way for business owners to become more aware of their cyber processes, and could
mean the difference between surviving an attack or losing all their systems and data.
Regardless of the precautions taken, it’s still possible that a business will fall victim to a cyber attack. For those that do, there is support out there, including the SBRC’s Cyber Incident
The sooner you get help after an incident has occurred, the greater the chances of recovery.
Keeping the human connection in general practice
When it comes to healthcare, I’m a firm believer that technology should support the user, not replace the user. There can be no doubt about the vital role technology has…
Tapping into neurodivergent talent could close tech skills gap, says ScotlandIS CEO
In the second column brought to you by Skills Development Scotland about recruiting neurodivergent talent, chief executive of ScotlandIS Karen Meechan gives us her perspective on the subject. In Scotland,…
How blockchain technology could revolutionise the construction industry
Non-fungible tokens – or NFTs – have been around for a while, however their use remains untapped in the construction and architectural sector. Most people will have heard of cryptocurrencies…
Remote learning at university: is it here to stay?
Remote learning – or what we call hybrid learning at the University of the West of Scotland (UWS) – has quickly adapted throughout the pandemic, and it has presented both…
Empowering women to lead digital transformation
The Scottish Government and ScotlandIS – the digital technologies cluster management organisation – have conceived an amazing course to nurture future female talent in the IT industry titled, Empowering Women…
Charting a safe pathway through echo chambers
Teaching young people to navigate
virtual bubbles and life in a ‘digital
bazaar’ is now of critical importance
The rise of ransomware and what to do
It’s no longer just the responsibility
of organisations’ IT departments to
keep business systems safe