Despite the rise in such attacks, more than three-fifths of cyber leaders in critical national infrastructure organisations do not have a decision-making plan in place on whether to pay the ransom in the case of an attack.
More than three-fifths of cyber leaders (62 per cent) in UK critical national infrastructure (CNI) organisations do not have a decision-making plan in place on whether to pay the ransom in the case of an attack.
This is despite rising ransomware attacks on CNI, according to new research by UK cyber security services firm Bridewell, which also reveals that eight-in-10 cyber leaders (79 per cent) in UK CNI organisations believe ransomware will significantly disrupt their operations in the next 12 months.
Surprisingly then that the Cyber Security in UK Critical National Infrastructure report found less than half have implemented critical measures to help prevent, detect, respond, and recover from ransomware.
Detecting ransomware attacks
The research found only 36 per cent have a security information and event management (SIEM) platform that can help to detect a ransomware attack before the attacker completes their objective. Likewise, only 43 per cent say they have implemented technical controls to prevent unauthorised access and stop key directories and files being deleted, overwritten or encrypted.
“All critical infrastructure organisations must be prepared to suffer a ransomware attack and have tailored response plans in place to deal with actors targeting both IT and OT operations. This should encompass third parties and remote access into the OT environment,” said Gavin Knapp, cyber defence technical lead at Bridewell.
“All critical infrastructure organisations must be prepared to suffer a ransomware attack and have tailored response plans in place to deal with actors targeting both IT and OT operations”
“Failure to prepare can result in the loss of IP, interruption to operations, and significant financial and reputational damage. It also often leaves organisations with no choice but to pay the ransom, which aside from being illegal in some countries, only further fuels the crisis.”
Bridewell notes that threat groups and actors continue to see significant financial opportunities in the initial access broker and ransomware space, with modern day malware and intrusion frameworks increasingly adopting automated approaches to streamline and improve how they perform attacks.
The company said it is also seeing a significant reduction in the time between vulnerability disclosure and the weaponisation of ransomware, as well as a rise of ransomcloud attacks targeting weaknesses or legitimate functionality in cloud resources.
Meanwhile, the research found that only 46 per cent are using cloud storage services with in-built ransomware protection, while just 42 per cent have deployed a cloud access security broker. Concerningly, 84 per cent say they have suffered at least one ransomware attack in the past 12 months, and two in five have suffered more than five attacks – an average of one every other month.
The research surveyed 521 cyber security decision-makers in the communications, utilities, finance, government and transport and aviation sectors.