Jen Easterly, the director of the US Cybersecurity and Infrastructure Security Agency (CISA), has warned the UK government that they could be the victim of a 9/11-style cyber-attack unless they face up to the “magnitude of the threat” posed by ransomware.
In agreement with this, Steve Barclay, the UK government Minister responsible for cybersecurity, claims that “the greatest cyber threat to the UK – one now deemed severe enough to pose a national security threat – is from ransomware attacks.”
With this looming threat of large ransomware attacks targeting the UK government, preparing an adequate defensive strategy will be key in ensuring the UK can survive such an attack.
Failure to imagine what these threats could look like and how to properly prepare could be fatal over the next decade. There are certain steps and measures that the government can take to both understand and implement the most appropriate and effective measures.
Currently, the new National Cyber Strategy is the UK government’s answer to defending against cyber and ransomware attacks. The UK government claims that they are continuously adapting, innovating, and investing to protect its interests in cyberspace.
Pledging to spend £22 billion on research and development to place technology at the heart of the plans for national security, the creation of the National Cyber Force last year represents a significant step-up in offensive cyber capability. But with the US CISA commenting that the UK government must realize the magnitude of the threat they face, are they taking all the right precautions?
Ransomware defenses must be holistic across all government sectors to have an effective impact. This means that there is a collection of best practices, policies and processes that combine secure backup and disaster recovery with actionable plans for lines of defense.
An effective holistic strategy should include:
- Multi-layered defenses – introducing multi-layered defenses that use modern technology to leverage machine learning through analysis of behavior is key. This allows for real-time detection and prevention tools and accompanied by multi-factor authentication and zero-trust design, vulnerabilities should be reduced.
- Immutable backups – with ransomware operators starting to target backup files, not only is data encrypted in an attack, but backups are rendered useless, too. Data Protection as a service (DPaaS) provides protection to backups through being stored in the cloud in a separate company network. This also minimizes downtime and disruptions during or after a crisis.
- Knowledge of landscape – carrying out regular security awareness training programs for IT teams provides them with the current knowledge that can help create forceful security strategy plans.
For the UK government, one of the main benefits of taking such an approach is the amount of area this should cover. We’ve seen the devastating effects that ransomware can have on the public sector when the WannaCry attack in 2017 affected 80 hospital trusts and 595 GP practices across England. With such a complex organization, ensuring each sector has the same cybersecurity measures in place will build a strong line of defense for the UK government from all angles, giving the best chance of covering vulnerabilities.
Ransomware isn’t going away and will continue to evolve and grow into a more dangerous prospect. With the percentage of nation-states passing legislation to regulate ransomware payments, fines, and negotiations expected to rise to 30% by the end of 2025, compared with less than 1% in 2021, this is clearly the beginnings of awareness surrounding the devastating impact ransomware can have.
However, there is still a long way to go and the process of implementing defenses needs to be under constant surveillance for updates. Ensuring a holistic approach is taken alongside legislation and a growing awareness surrounding ransomware will help the UK government combat these challenges and properly defend the UK.
With thanks to HelpNet Security. The full story is here: https://www.helpnetsecurity.com/2022/07/04/uk-government-threat/
Request A Demo: Security Awareness Training
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defence. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/demo_kcm_partner?partnerid=001a000001lWEoJAAW