Any organisation that has tried to recover from a ransomware attack knows that it can be time-consuming and costly. Companies hit by an attack must choose between paying a ransom or recovering encrypted data from a backup.

Unfortunately, ransomware gangs are too aware that they can leverage significantly higher ransoms from their corporate victims if they have also compromise the company's backups. For this reason, we are seeing more and more cyber attacks targeting backups because they know that organisations desperately need them to recover if they want to avoid paying a ransom to cybercriminals.

Although the sector as a whole has traditionally been comparatively wary of the ever-increasing pace of technology, legal services are increasingly data driven, with an abundance of AI-related discussion emerging within legal technology circles. The core Document Management Systems (DMS) and Practice Management Systems (PMS) remain the centre of focus for how and where to deploy a variety of rapidly maturing SaaS platforms, or dedicated, highly customised suites.

The Finance sector has always been one of the most dynamic, rapidly evolving industries, and this shows no signs of changing any time soon. But while shifts in the landscape may well open new opportunities, they will also come with new challenges, and it is the organisations who are ready and able to face these head-on who will continue to thrive in the years ahead.

 Ransomware is malware that encrypts an individual's files so that they no longer have access to them, and subsequently demand payment for the files to be released. Usually the payment is asked to be made in an untraceable cryptocurrency form, such as Bitcoin. The most common way ransomware ends up on an individual's computers is through email spam, which individuals will click on and open.

Unfortunately, the files cannot be decrypted without a mathematical key which is only known by the cyber attacker, and the reason why many individuals tend to pay up. However, many find that despite paying the ransom, their files remain encrypted.

When looking at which countries were affected by ransomware attacks the most, the UK was found to have the highest percentage out of Europe:

  Figure 1: Cybercrime Tactics and Techniques: Ransomware Retrospective Report, Malwarebytes

Despite the NHS facing one of the worst ransomware attacks in May 2017 - the WannaCry ransomware attack - which cost the NHS £92m and caused more than 19,000 appointments to be cancelled (The Department of Health), this chart clearly highlights how organisations in the UK still need to invest more into their Cyber Security solutions to stay protected from ransomware attacks.

At Exponential-e, we help organisations that have been affected by ransomware attacks. Our Head of Cyber Consultancy, Mark Belgrove, discusses a real-life cyber attack in the video below, and shares how Exponential-ehelped mediate the situation. 

Watch now.

Now more than ever, digital security is a team effort, with staff at all levels of an organisation having an active part to play in keeping critical business data safe. With the outbreak of COVID-19, and an unprecedented volume of staff working from home, robust security policies and systems are no longer enough - each and every member of staff must consider security as a fundamental part of their developing remote working routines.

But what can each of us personally do to ensure our organisations maintain their usual standards of security for the duration of this crisis, without letting such measures detract from our day-to-day work? Here are a few starting points… 

Ask!

As we've already mentioned several times in this post, if you are unsure about anything when it comes to data security, don't guess… ask the right person! In particular, your IT team will be more than happy to advise you about security best practice when home working, or alternatively, consider Exponential-e's Cyber Security Advisory service, which was created to provide a 'one stop shop' for any security-related concerns you may have.

In the meantime, download our Working from Home Checklist, which breaks down all the key elements of secure remote working.

In recent weeks, companies across the UK have found themselves transitioning to a remote workforce with little to no choice, despite the approach previously being treated as solely for limited or specific circumstances. There's no doubt that the rapid implementation of a whole new way of working presents considerable challenges, but as the Exponential-e teams who've partnered with organisations across a range of sectors to do so have demonstrated, it is very much achievable, provided you start with the right solutions in place.

In particular, consider the following…

Passwords are often more associated with individual and consumer cyber security, but they are an essential part of an organisation's overall security posture. For example, you wouldn't leave the windows open overnight as this would allow easy access into the building for thieves. In the same way, a weak password offers cyber attackers easy access to your corporate infrastructure, after which they can use these credentials to escalate permissions until they granted themselves administration privileges, at which point the risk of financial and reputational damage becomes truly serious!

The finance sector is required to have one of the most sophisticated cyber security postures in the world, with bureaus, banks, finance companies and insurers working closely with their technology partners to ensure sensitive financial data is managed, stored and transferred, with a stringent range of international security standards that must be adhered to at all times. However, cyber criminals have demonstrated repeatedly that they are constantly working to breach even the most sophisticated security ecosystems, devising new ways to exploit both technological vulnerabilities and human error.

In a heightened cyber threat landscape - where ransomware attacks are increasing in frequency and sophistication - and having weathered the challenges of COVID-19 and the resulting move to hybrid working, the Finance sector is still continually challenged to demonstrate to its customers that critical services will remain available no matter what, and that sensitive financial data will remain fully secure at all times.

The UK's Legal sector must contend with some of the most stringent compliance and data protection obligations in the current digital landscape. For many years, this has hindered the progress of digital transformation initiatives within firms, but in recent years, in order to meet the challenges of COVID-19, many firms have seized the opportunity to modernise cumbersome legacy systems and develop cutting-edge IT infrastructure that enables their staff to work more flexibly.

In spite of the ongoing evolution of cyber security processes and technology, human error is still responsible for 95% of data breaches¹. Phishing attacks alone represent a particularly insidious risk, with 91% of organisations experiencing a successful attack in 2021 alone_².

In light of recent geopolitical events, and the increased threat to corporate infrastructure, organisations across the UK must assume that they will be forced to contend with a cyber-attack in the near future and prepare accordingly. Indeed, the NCSC has already set out its own guidance to help organisations bolster their defences, which we strongly advise you to read and implement.

For some years now, Cloud adoption has been steadily on the rise across the UK's Finance sector, with organisations including banks, insurers, and investment firms phasing out increasingly cumbersome legacy systems in favour of more scalable, agile, and cost-effective infrastructure. Indeed, more than 48% of UK banking services are now built on Cloud infrastructure.

Retailers - be they small local shops, online sellers, or top global brands - generate, transfer, and store more data than ever before, ranging from customer data (both online and in-store, as we have considered in previous articles), to supply chain and asset tracking data. Whether it's shopping online or utilising in-store apps to access the latest savings and special offers, the way customers shop has fundamentally changed forever, with the data they generate online and in person allowing retailers to build up unique personas that drive truly bespoke experiences.

Manufacturing workflows are evolving at an unprecedented rate, and the trend shows no signs of slowing down. The increasing effectiveness and affordability of 'smart' technologies and the Internet of Things means IT and OT are increasingly interconnected, with increasing volumes of data flowing between sites and devices on an ongoing basis.

Like many fixtures of our lives, Britain's pubs were heavily impacted by COVID-19, with their familiar patrons unable to come in for a post-work drink, or meet with friends at the weekend. But while it was undoubtedly a difficult period for the industry as a whole, this great British institution did as it has always done, and adapted to suit its patrons' evolving requirements.

The Retail sector is more diverse, dynamic, and rapidly changing than any other time in its history. This not only encompasses the way customers make their purchases – with online shopping, click-and-collect, and in-person shopping all converging to offer true, end-to-end experiences – but also the way retailers open and operate new sites. Whether this means trendy pop-up shops, kiosks at other brands' locations, or booths at events, retailers from up-and-coming start-ups to global leaders are no longer relying on fixed high-street locations to welcome their customers and put their wares on display, instead making sure they are present wherever their ideal customers are, and fully prepared to offer a world-class experience that builds brand recognition and loyalty.