The National Cyber Security Centre (NCSC) says cyberattacks are at a record high and urges businesses not to pay up.
According to the agency, there has been a
7.5% increase in ransomware attacks alone. Organisations like the celebrity jeweller Graff and the London borough of Hackney have been targeted here in the UK. While in the US, you’ve likely heard of the Colonial Pipeline incident where the major oil and gas supplier paid a shocking £3.7 million to hackers in order to restore their system access.
Many of these criminal hackers are based in Russia or nearby Russian speaking territories, and with the frosty relationship between the Russian Government and the US/UK, official intervention to curb these activities
is highly unlikely. Fixing the damage of a cyber attack can take months. For example, rebuilding Hackney’s affected systems was a lengthy process costing around £10m, part of which was paid by central government.
The government and the UK public sector do not pay cyber ransoms, and are urging businesses to do the same. At the helm of this is the NCSC led by director Lindy Cameron, who commented that:
“We would prefer people not to pay because that’s what keeps the UK safest collectively,” It’s been reported that the number of ransomware attacks on British institutions has doubled in the past year. These attacks have been growing precisely because it is lucrative for cyber criminals.
Last month the head of UK's spy agency GCHQ, NCSC’s parent organisation, disclosed that the number of ransomware attacks on British institutions has
doubled in the past year. The impact on the British economy is estimated to run into the hundreds of millions of pounds, mostly stemming from the costs of immobilising businesses.
This comes as British officials have considered banning cyber ransom payments. In part, because they have historically had to bail out companies with lax security who were hit by attacks.
This decision hasn’t been taken due to concerns over how it might discourage businesses from reporting attacks. At the end of the day, regardless of if it is the government or private companies that pay ransoms,
it is the taxpayer or end-user, i.e. “us” who foots the bill. The debate over if businesses should pay or shouldn’t is already being decided in a sense by cyber insurance companies. As they
slash the coverage they provide, businesses are likelier to refuse to pay because they can't claim the costs of paying on their insurance. This decision may benefit our cyber security in general in the future.