Lindy Cameron, head of the National Cyber Security Centre, calls upon all of us to prepare against ransomware attacks.
Her speech, the defence think tank RUSI’s Annual Security Lecture, was part of a toughening international stance towards cyber criminality. It coincided with the G7 summit that called for an international effort to disrupt cyber crime.
Cameron acknowledged that state-sponsored attacks are a “malicious strategic threat” that needs to be addressed.
But “far more worrying is the cumulative effect of a failure to manage cyber risk. For the vast majority of UK citizens and business… the primary key threat is not state actors but cyber criminals.”
This is because cyber criminals are becoming increasingly “professional” and are difficult to stop if harboured by certain countries.
“Some of the most powerful testimonies I’ve heard since starting this job have been from chief executives faced with a ransomware attack they were under-prepared for. We support victims of ransomware every day, but turning up to a ransomware incident as the NCSC feels like the fire service turning up to a house that has already burned down. There might be some forensic evidence that the police might pursue. Occasionally (but less so over time) there might be a flaw in the malware or its deployment that we can make the most of. Even more rarely, we just might be able to get a decryption key. But these groups know what they’re doing, and that hardly ever happens. More often than not, it’s a case of rebuilding from scratch and restoring the data – assuming you have – and please read the advice – an offline backup that can be used for this.”
Despite the threats her message is not one of despair, but of preparation, leadership and resilience:
“…it’s about preparing, planning and exercising, all the way up to Board level, working on the assumption that a cyber criminal will be as interested in your weaknesses as a burglar is in your open window. Reporting really matters – even if you are a victim and it’s too late to limit the damage to your business, it helps us help others. All this not only helps make businesses resilient to ransomware, but to the full range of cyber threats they face, and deters adversaries by increasing the cost of an attack.”
Read or watch Lindy Cameron’s entire speech here.
Thanks to Dave Hoefler on Unsplash for the image