The Scottish Business Resilience Centre (SBRC) recently surveyed more than 250 businesses in Scotland about their cyber preparedness and learned that more than a third (38 per cent) don’t feel prepared for a cyber attack.
It’s a worrying trend, especially given that the Sophos State of Ransomware 2021 report found that 35 per cent of British businesses were hit by ransomware attacks in the past year.
A ransomware attack works by cyber criminals encrypting an organisation’s files and holding data hostage until a ransom is paid.
These fees can be extortionate and not every business will be able to pay: DarkSide, one of the more prolific ransomware gangs, has made at least $90m (£63.4m) since August 2020 in ransom payments from fewer than 50 victims.
But even for those who can afford to pay, there’s no guarantee they will get all their data back in
a timely manner. In fact, separate research by Sophos found that companies are only able to restore an average of 65 per cent of their data even after paying a ransom.
Given these odds, it’s clear that businesses should focus their efforts and finances on improving
their cybersecurity defences in the first place and thereby limit the fallout of an attack, rather than assuming they’ll be able to pay a ransom and move on.
The most basic thing that an organisation can do to mitigate this is to check that systems including firewalls and antivirus programmes are up to date. Regular backups are vital, too: organisations are more likely to get their data back by relying on a recent copy than paying ransom.
It’s also important to make sure employees understand that cybersecurity isn’t just the responsibility of the IT department: everyone needs to know at least the basics of cybersecurity, such as not opening attachments or clicking links they weren’t expecting.
A strong cybersecurity strategy goes beyond this, to include role-playing and scenarioplanning that involves a broad range of people in the company to ensure preparedness.
Another consideration as part of a strong cyber strategy is around accreditations, particularly Cyber Essentials. This is a government-backed scheme which can prevent or limit the fallout from up to 80 per cent of common cyber attacks, including ransomware.
The rise of ransomware and what to do I which can prevent or limit the fallout from up to 80 per cent of common cyber attacks, including ransomware.
Only 42 per cent of the businesses we surveyed held the Cyber Essentials certificate – but it’s a simple way for business owners to become more aware of their cyber processes, and could
mean the difference between surviving an attack or losing all their systems and data.
Regardless of the precautions taken, it’s still possible that a business will fall victim to a cyber attack. For those that do, there is support out there, including the SBRC’s Cyber Incident
The sooner you get help after an incident has occurred, the greater the chances of recovery.
The pandemic has taught me how to share more – and I feel a better leader for it
As a young professional starting out in the tech sector 30 years ago, I thrived on the fast pace,constant change and demanding workload. I lived in London, Singapore and Australia…
We need to shout about our successes. Liz Fletcher on celebrating women in biotech
Throughout my career in biotechnology and life sciences, I have seen many women leading ground-breaking research studies in their fields of expertise. Yet, and I include myself in this, we…
Getting the best out of patient data is key to unlocking future health benefits in Scotland
It is important that clinicians’ voices are heard in the consultation around Scotland’s new health and care data strategy, which closes this week (12 August). Busy GPs like myself are the trusted…
How motherhood helped me be a better leader
Consider this an open letter to anyone I have worked with before I became a mother and before I fully understood how being a parent is actually a prized asset…
‘We cannot achieve our goals without entrepreneurs’ – Kate Forbes on vision for new ‘tech scaler’ network
From the very start of my ministerial career, I have had responsibility for the Scottish tech sector – and I can still say what I have said from the start,…
Finding a role in cyber was ‘tough’ for Cheryl Torano. Now she’s determined to help other women join an under-represented industry
When I decided to upskill to change careers at the age of 30 and dive into the digital world, I knew I would be starting out at the bottom of…
Why innovation and marketing are the perfect partners to make changes that matter￼
With the rapid evolution of traditional marketing and the appearance of digital marketing, technology and innovation has become part of any marketer’s life without the need of working for a…
Transitioning to a four-day week – CEO’s vow to strike a healthier balance in the workplace
I came to Scotland nearly 20 years ago from Ireland, with no contacts but a lot of determination. While Ireland will always be my home, Scotland has given me amazing…