SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
Story image

UK government considers banning ransomware payments

Yesterday

The UK government has embarked on a significant consultation process to assess the feasibility of prohibiting ransomware payments by public sector bodies and Critical National Infrastructure (CNI) organisations. This initiative is paired with plans to institute mandatory reporting of ransomware incidents, aiming to enhance information sharing and visibility into cybersecurity threats.

One expert, Christian Borst, EMEA Chief Technology Officer at Vectra AI, highlighted the importance of this measure, emphasising that public sector and CNI entities cannot afford to neglect their cybersecurity protocols in the face of such regulations. Notably, there has been a 179% rise in cyberattacks targeting healthcare organisations, according to the UK's Information Commissioner's Office (ICO).

"If the UK government moves forward with its proposed recommendations, affected organisations will need to be vigilant in detecting ransomware attacks at the earliest stages," Borst commented. He stressed the need for organisations to ensure they can adequately report incidents to authorities, warning of potential reputational and fiscal repercussions for non-compliance with future regulations.

Borst also pointed to a concerning trend: threat actors are increasingly exploiting vulnerabilities across multiple surfaces, such as identity systems, public cloud, SaaS, and data centre networks. In response, he suggested that enterprises must eliminate security blind spots and develop a deeper understanding of their exposure to these multi-surface attacks. He advocated for enhancing detection and response capabilities and utilising artificial intelligence to improve cyber resilience.

However, this government proposal has drawn criticism for potentially rendering UK businesses more susceptible to cyber threats. Ed Macnair, CEO of Censornet, warned that banning ransomware payments may disrupt the cybercrime equilibrium without eliminating the threat of cyberattacks entirely. He suggested that such a move could pivot attacks towards private enterprises.

Macnair provided sobering statistics from last year: ransomware impacted approximately one in five small to medium-sized UK businesses, with 35% feeling inadequately protected. This insecurity resulted in 34% of those affected resorting to paying an average ransom demand of GBP £139,368. He advised organisations to consolidate their cybersecurity measures across various platforms to get a complete view of vulnerabilities, which is crucial for an effective defence strategy.

The discussion continues with Simon Hodgkinson, a strategic adviser at Semperis, expressing scepticism about the practical implementation of this proposal, given the current state of cybersecurity across the public sector. Hodgkinson acknowledged the noble intent behind the proposal but questioned the feasibility of its execution amidst the extensive technical debt confronting public sector entities, ranging from local councils to healthcare and CNI providers.

He noted that public service providers must continue delivering essential services, and in dire scenarios, where service restoration hinges on paying a ransom, organisations might have no alternative. Hodgkinson highlighted the alarming statistic from a recent report: 87% of ransomware attacks disrupted business operations, and for 16% of ransom payers, system recovery was critical to survival.

Hodgkinson emphasised the concept of operational resilience, underscoring the importance of a swift recovery post-attack. He pointed out that understanding the recovery priority is vital to reinstating the minimum viable service quickly. To support this, he recommended investing in technology that automates the recovery of identity platforms, such as Active Directory, ensuring they are restored without residual malware.

As the UK government continues its consultation, these insights from industry experts highlight both the potential benefits and substantial challenges posed by the proposed ransomware policy changes.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X