Today, the world is seeing businesses of all sizes suffer devastating attacks from ransomware. In the last few months, massive attacks on Colonial Pipeline and JBS have disrupted services and earned cybercriminals millions of pounds. These attacks have been well-publicised, their CEOs have been openly talking about the incidents, G7 leaders have discussed the issue, and it’s prompted questions in boardrooms across the country.
Until recently all but the most significant ransomware attacks have been kept out of the spotlight, with businesses opting to pay the ransom to restore services, and sometimes not letting their customers know. Valuable insight into the nature and scale of the threat is being suppressed and hampering our ability to respond, collectively.
Partly that is down to embarrassment, and it’s that shame that cybercriminals play on when they try to extort cash from their victims.
Today we are hoping to start changing that.
Cydea is one of sixteen founding members of the #RansomAware campaign that aims to reduce the stigma, victim shaming, and focus more positive energy on improving defences and addressing the root causes of ransomware.
Ciaran Martin, Professor at Blavatnik School of Government and former CEO of the National Cyber Security Centre, knows first-hand just how damaging ransomware is to UK businesses, “I welcome initiatives like this. We need to look at all the different reasons why ransomware is causing so much harm.” He concluded, “but we need to provide more support for victims too, and help them protect themselves in the first place.”
Our coalition includes friends and partners from Talion, BAE Systems, Outpost24 and Michcon de Reya, and Decipher Cyber, research and industry organisations RISCS and the UK Cyber Security Association, as well as industry peers 36 Commercial, Insight Enterprises, KnowBe4, Comparitech, Siemplify, Eskenzi PR, IT Security Guru, and Devo Technology.
#RansomAware is encouraging organisations to openly talk about the attacks they have suffered, so we can pool intelligence and collaborate to make defences more effective. We need to treat the causes, not just the symptoms and consequences. We want better data to help shape responses that benefit us all: to help each other be more resilient; to push for secure defaults from vendors; to develop better policy responses at the national level.
“Ransomware is inflicting debilitating attacks on critical infrastructure and posing a threat to national security, it’s for this reason that the response cannot be left to private companies alone,” said Cydea founder, Robin Oldham. “We need to encourage information sharing and we need governments to develop policy to support this fight: let’s learn from public health and begin collecting and analysing data much like we have done for Coronavirus throughout the global pandemic.”
Madeline Carr, Director of RISCS & Professor of Global Politics & Cyber Security at UCL, similarly thinks cyber security should seek inspiration from other professions, “We see examples of collaboration and intelligence sharing in other industries, the medical sector for example has a formal process whereby when a medical mistake is made, the information is shared across the community to educate others and avoid the mistake being repeated.”
Image credit: Brett Jordan, Unsplash.