The fallout of the pandemic has had many far-reaching consequences for businesses, including information security. And it seems that cyber criminals are still taking advantage of this vulnerability with a series of ransomware attacks.
According to information analysed by CybSafe, the number of ransomware attacks reported to the Information Commissioner’s Office (ICO) doubled in the first half of 2021 compared with the same period in 2020. This means that a significant 22% of all cyber incidents reported to the body were ransomware attacks, up from 11% the previous year.
What is ransomware?
Ransomware attacks are a type of malicious software that can block your access to your computers or data. This data can then be corrupted, stolen or deleted, which can lead to financial and reputational loss for a business. Victims are often contacted by a cyber criminal who will demand payment for the restoration of access, although there is absolutely no guarantee that this will happen if a payment is made.
Phishing emails are key for criminals wanting to infect your organisation with ransomware. Indeed, CybSafe’s research revealed that phishing emails were responsible for 40% of all the incidents recorded by the ICO.
Key targets of ransomware
Further analysis revealed that organisations within the educational sector have been the hardest hit by this type of cyber-attack. The report revealed that ransomware was responsible for 32% of all cyber-attacks on schools and universities during the first six months of 2021, a significant increase on 11% one year ago.
Retailers and manufacturers are also proving to be tempting targets for cyber criminals, with 20% of all incidents being linked to these sectors.
These trends highlight the magnitude of risk to all businesses. In the 2021 Cyber Security Breaches Survey by the UK government (published in March 2021), it found that a staggering four in 10 businesses had been breached over the course of a year. Even more worryingly, 39% of those who reported a breach had been the victims of attacks at least once a week.
The survey also reported that fewer businesses were using monitoring tools to look out for threats, which means that they may not be fully aware of all of the attacks facing their organisation.
Staying safe from cyber-attack
Having the right processes in place is key for ensuring that your business can detect and deal with cyber threats effectively. This starts with a comprehensive information security policy, which you can find out more about in our article.
You may also want to think about a more integrated approach which will help your organisation to create a culture of security that considers physical, digital and legal risks to your information. Management systems such as ISO 27001 can be ideal for this. Read our article to find out more about how it can help to protect your business.