In light of the proposed national ransomware payment ban across public sector services, Espria is urging UK businesses to shore up security practices to mitigate the risk of cyberattacks and protect key services from disruption.
The UK government is set to crack down on ransomware with proposed measures to ban the NHS, local councils, schools and other critical services from paying ransoms to cybercriminals.
Following a public consultation that saw nearly 75% respondents support the proposal, the new measures will also require private sector businesses to formally report all attacks and notify the government of any intent to pay a ransom.
Designed to dismantle the business model that fuels cybercrime by making the UK's vital public services an unprofitable target for attack, these new measures will lead the way in tackling ransomware, bolstering national security and protecting key services and businesses from disruption.
According to Brian Sibley, Virtual CTO at Espria (pictured), while this move is seen as a good thing in signalling to malicious cyber actors that UK businesses aren’t willing to pay ransom demands. “Businesses must support this by doing everything possible to employ robust security strategies, including staff training across their organisation.”
“Cutting off the ransom ‘business model’ targets the heart of the issue, as highlighted by the overwhelming public support and widespread news coverage, including recent ‘Panorama’ investigations into the devastating impact of these attacks. Nevertheless, you need to prevent an attack rather than waiting for it to happen, advocating prevention over payment. Businesses shouldn’t wait to become a victim before acting.
Sibley advised that it is “crucial” for both large companies and SMEs to routinely invest in robust systems and specialist cyber security staff training to ensure security, alongside regular, detailed threat assessments.
These measures will help even the most established organisations that can be disrupted overnight by ransomware attacks, with reputational and legal repercussions lasting months after.
Sibley added: “If businesses are forewarned with proactive security monitoring tools of any threats or gaps in their cyber defences, they are better able to protect themselves from an attack and subsequent breach. For smaller businesses, this means relying on your managed services partner rather than an in-house security expert, but this can be more beneficial as a MSP can access a wider range of security expertise for integrated, and up-to-date technology offerings. Ensuring your recovery plans are in place and tested, including immutable backups, can mean your business doesn’t crash entirely following an attack.”