Perhaps the most high-profile example of the damage inflicted by ransom attacks is WannaCry, which spread across the globe and severally impacted the NHS. But the severity of the issue is further compounded by one crucial fact, according to Digital Guardian’s global security advocate, Thomas Fischer.
“Attacks like this have been happening for years, but unfortunately we are either quick to forget, or simply don’t learn from past experiences,” he said. “After all, the recommendations remain the same.”
Such an attitude is no longer enough and the sophistication of ransom attacks, and cyber crime as a whole, has Wainwright worried. They have become capable of crippling networks, sabotaging software and seem to increasingly be targeting financial institutions.
It echoes research from Duff & Phelps earlier this year, which surveyed 200 executives in financial services companies. Some 80 per cent of respondents claimed they were set to double the amount of money being invested in cyber security.
“The real threat, however, comes from a sort of exponential, remorseless increase in the scale and significance of cyber criminal capability,” Wainwright explained to Reuters after his Web Summit panel.
“Cyber crime is becoming good enough to really threaten parts of our critical infrastructure, certainly in the financial, banking sector.”
Furthermore, cyber criminals now do their work from various, remote locations – including the bedroom – making it harder for them to be tracked and prosecuted. They’ve gone from lone wolves to pack members, with their fingers in multiple pies from, as Reuters suggests, selling drugs to hijacking ATMs.
“There is an underworld that’s a lot bigger, smarter and adept than most people think,” Wainwright said. “And, against it, we still have generally low cyber security standards.”
Indeed, while awareness is increasing, companies are still behind in terms of implementing adequate defence. The protection of the business isn’t the only thing at stake.
With GDRP around the corner, those found to have been hacked could in turn be penalised for lack-lustre security, especially where customer data is concerned.
“We are under constant threat and always a step behind those targeting us – as soon as one flaw is fixed another is exposed,” Phil Beckett, MD of disputes and investigations for Alvarez and Marsal, told Real Business. “Following an array of high-profile attacks on businesses, a renewed emphasis has been put on data protection and securities, but this reaction is too late.
“GDPR fines of €20m are imminent in the event of a data breach, so security needs to be at the forefront of everyones minds, especially those in the financial services. Admittedly, this should have been the case years ago but we simply cannot afford to ignore digital threats anymore.”
Wainwright’s shocking statistic should be seen as a wake-up call. No company is immune to a cyber attack, not even an SME.
Beckett added: “For anyone to think their business is not under threat is not only idealistic but also naïve – action is needed now and as ransom attacks continue to grow in number, the threat increases.”