It won’t happen to me, will it?

The first step in dealing with your organisation's cyber security is embracing the fact that you are in fact at risk in the first place. With 5.5 million suspicious e-mail reports in the UK alone last year – where a high number were almost certainly linked to attempted network breaches and ransomware - it is clear to see the scale of the problem. And whilst the high profile attack on Tesco on October 2021 is the sort of attack that the media promote, it remains the case that smaller businesses are more frequently targeted. The impact on a small food producer losing its data may not just be detrimental – like with Tesco which may have lost over £50 million in lost sales and revenue as a result of the attack - it can close them down for good.

In 2021 PwC research showed that cyber-attacks on their food and retail clients had increased by over 30% since 2020, demonstrating that the retail and ecommerce industry is of interest to cyber criminals. The main threat is around the theft of customer data, which retailers hold huge volumes of. If you consider how much data you input to successfully order something online, then consider if that’s data you would like cyber criminals to have.

Doesn’t my IT company do all that cyber stuff?

At a series of presentations by the ECRC to education providers recently, it was clear that many businesses believe that their MSPs (Managed Service Providers) do all the heavy lifting around cyber security. Whilst its true that they should be covering all of the back office functions such as firewall and software maintenance, they won’t be there to tell a member of your team not to click on that link which appears to be from a trusted source – when in fact it will lead them to a fake site where all of their security details will be harvested. And after that your network will be vulnerable.

Cyber security isn’t just down to the IT department – it’s everyone’s responsibility.

So what is ransomware?

Simply put this is a malicious attack against a network where the criminals get access to data and either steal it, threaten to delete it or encrypt it. The criminals will then demand a payment for the return of the data. Imagine how this could affect your business – sensitive financial data relating to your customers, suppliers or even your own company, commercially sensitive data relating to staff, the operating of your business or contacts with others - these could all be compromised or lost.

The reality is that ransomware is now viewed as a business model and many entities behind these attacks will present themselves as being on the same side as the victim. So in return for the payment your business will often be supported through a process which will return the data that has been encrypted / stolen. It is worthy of note that paying the ransom does not guarantee the return of the data and certainly does not guarantee that it won’t be sold on or published at some point in the future. Also, your network will still be infected and you are more likely to be targeted again in the future.

The paying of the ransom has moral and ethical undertones that may not be immediately apparent when you are faced with such an attack. Consider the fact that you may be financially supporting terrorists or criminals by paying the ransom.

Can you protect yourself from these attacks?

Ransomware is always preceded by a an attack on the network itself, commonly through a phishing e-mail or brute force attack. These attacks are increasing in complexity and sophistication meaning that defence against these dark arts needs continual review. But the key points for protection to remember are:-

1. Look at the free tools and guidance available on the ECRC site Education & Resources at the Eastern Cyber Resilience Centre - www.ecrcentre.co.uk

2. Make your network resilient and practice good cyber hygiene – using Cyber Essentials (CE) principles In particular use strong passwords and multi-factor authentication if you can. You can find the link to the education specific CE process on our website

3. Make sure Staff Awareness Training is up to date – spotting a phishing e-mail early will prevent a lot of pain further on down the line

4. Make sure all staff know the symptoms of an ongoing ransomware attack and respond quickly to it using a prepared incident response plan.

5. Identify common points of failure across the network – patch vulnerabilities and restrict access from malicious sites and IP addresses – speak with you MSPs about this and don’t assume that it will be done automatically.

What next?

The impact of a successful attack against your website or network can be catastrophic and lead to website downtime, loss of data and permanent loss of reputation. But all is not lost.

So, what can I do?

Here at the centre, we would advise you to do three things now:-

1. Join our free core membership by clicking through to https://www.ecrcentre.co.uk/core-membership-sign-up. You will be supported through implementing the changes you need to make to protect your organisation, staff and students.

2. For all of businesses across the Eastern region we would recommend that you look at improving your overall cyber resilience through the free Little Steps pathway we provide to Cyber Essentials – the basic government backed kite mark standard for cyber security. Find out more at https://www.ecrcentre.co.uk/what-is-cyber-essentials. And remember that a company operating under Cyber Essentials processes is 99% protected either fully or partially from today’s common cyber-attacks. Join the centre as a free member and we will take you as far as the CE accreditation process. And if you want to pay for the assessment, we can refer you one of our Trusted Partners – all regionally based cyber security companies that can help you become accredited.

3. We would also recommend that you speak to your Managed Service Provider and / or website company to discuss how they can implement cyber resilience measures on your behalf.

Whatever you decide to do, doing nothing is no longer an option. Here at the ECRC we are already working closely with hundreds of businesses across the seven counties to help them tackle the continually changing cyber threats that they face. So come and join our community and let us help you protect your organisations from the ever changing threats out there in the cyberverse.

Reporting a live cyber-attack 24/7

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.

Reporting a cyber-attack which isn't ongoing

Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support and advice you need.

Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050).