On the morning of 12th September 2024, the UK Health Secretary, Wes Streeting, pinpointed three 'big shifts' that would be required to transform the NHS:
Organisations' demands of their IT infrastructure continue to evolve at an unprecedented rate, with the drive for growth and innovation needing to be balanced against the need to maintain cost control, visibility, and - crucially, cyber security. Numerous solutions have emerged in response to these challenges, but one of the most pivotal questions organisations must answer is whether to host their critical data and applications on-site, or in the Cloud.
Let's explore the respective advantages and disadvantages of both approaches, and then consider whether the increasing sophistication of modern workloads demand a new approach...
Although the rise in money criminals have generated through ransomware has risen by what may appear to be a small percentage amount (approximately 2% from US $449.1 million to US $459.8 million), this is in spite of disruption caused to ransomware-as-a-service operations such as LockBit and ALPHV/BlackCat by law enforcement agencies.
The figures for the first half of 2024 include the US $75 million reportedly paid to the Dark Angels ransomware gang by an undisclosed Fortune 50 company, in what was believed to be the largest ever single ransom payment made since records began.
The ballooning size of maximum ransom payments represents a 96% year-on-year growth from 2023, and a 335% increase from the maximum payment made in 2022.
Chainalysis's research reveals that the median ransom payment made in response to the most severe ransomware has rocketed from just under US $200,000 in early 2023 to US $1.5 million by mid-June 2024.
The researchers believe that this 7.9x increase in the typical size of ransom payment (a nearly 1200x rise since the start of 2021) suggests that larger businesses and critical infrastructure providers considered more likely to agree to make higher payments due to their greater access to funds and the more significant impact of downtime.
Against this backdrop, the study claims that ransomware victims are giving in to extortion demands less often. As it explains:
Posts to ransomware leak sites as a measure of ransomware incidents have increased YoY by 10%, something we would expect to see if more victims were being compromised. However, total ransomware payment events as measured on-chain have declined YoY by 27.29%. Reading these two trends in tandem suggests that while attacks might be up so far this year, payment rates are down YoY. This is a positive sign for the ecosystem signalling that perhaps victims are better prepared, negating the need to pay.
In short, ensuring that your organisation had prepared to respond to a ransomware attack is essential.
Many organisations underestimate the importance of having a robust incident response plan. But knowing how to respond, especially in those critical first 48 hours after a cyber attack, can be critical.
Do you worry your company won't know how to recover after a cyber attack? Has your business just been hit by ransomware and you're wondering what to do?
There's still hope.
Don't make the mistake of believing that your organisation will never be targeted. The right approach is to take proactive measures in advance - as it's not a case of whether your business will suffer the likes of a ransomware attack but when.
Make sure to read Exponential-e's step-by-step guide on ransomware remediation.
Digital transformation continues to pick up pace across the financial sector. However, in spite of the potential benefits on offer, many insurance firms continue to lag behind their peers in terms of their overall digital maturity.
Now more than ever, organisations across the public and private sectors depend on seamless, secure, and high-quality communications. Even with an increasing range of channels having established themselves in recent years - including voice, email, video, and SMS - voice services remain a key part of how we communicate and collaborate.
What's happened?
Recorded Future has reports that the British Government is proposing sweeping change in its approach to ransomware attacks.
Tandem is 'The Good Green Bank', a fully regulated digital app‐based bank founded on the idea of putting customers' needs first whilst helping them save more than just their money by pushing for a sustainable future. The acquisition of green lender Allium in 2020, an established green homes lender, accelerated Tandem's mission into the green space. Tandem offers savings, mortgages, and loans to help customers green their properties, and eventually their lives.
The key driver behind Tandem's ongoing digital transformation was earning a full banking license in 2018 - something that had been a core focus of their infrastructure's evolution. This meant their infrastructure would need to fulfil all legal and compliance obligations around the handling of financial data, and also demonstrate the highest standard of operational resilience.
At the time, Tandem's IT and telephony infrastructure was hosted at various separate data centres, while their banking application was hosted on AWS services, and a separate site set aside for workplace recovery. Although multiple sites were involved here, the whole network depended on the London office, creating a single point of failure.
After a comprehensive evaluation of various suppliers, Tandem engaged with Exponential‐e to ensure these critical elements could be securely interconnected in order to maximise performance and scalability and ensure all requirements for full bank status were achieved. Exponential‐e's deep experience in the financial sector was critical here, providing Tandem with complete confidence that the partnership would provide a positive contribution to their journey.
The networking solution delivered by Exponential‐e interconnected all Tandem sites via a high-performance WAN - a fully managed low‐latency solution that ensured consistent performance across all sites. This was implemented by a dedicated Exponential‐e account team, who project managed every stage of the deployment to ensure there would be no service disruption and that Tandem's long-term goals remained the primary focus throughout the deployment and beyond.
Critically, this fulfilled all compliance requirements regarding the handling and storage of financial data, while ensuring Tandem's teams would have the right tools at their fingertips at all times. To ensure a disruption free migration process, secure connections were created between Exponential-e's self‐owned network and Tandem's AWS services, allowing for a successful consolidation of the different elements of their infrastructure, and providing IT teams with a higher level of control and visibility.
As the partnership between Tandem and Exponential‐e evolved, a combination of a Virtual Private Network (VPN) and Office 365 was established as the ideal combination of solutions to further optimise Tandem's overall efficiency and enable effortless collaboration between their various teams, regardless of where they were located, with security policies applied automatically and role‐based segregation opening up a wide range of opportunities for remote working.
Throughout 2020, when the COVID‐19 pandemic forced organisations worldwide to rapidly transition to a remote workforce, the inherent flexibility and scalability of Tandem's infrastructure and a robust business continuity plan showed its true worth, as the entire workforce were able to begin working remotely with minimal disruption to day‐to‐day operations, and no compromise in terms of security and compliance. This option had already been utilised on an ad‐hoc basis by Tandem's engineers, but a scenario where it would need to be utilised on a company‐wide basis had been considered and factored into the business continuity plan, with tests taking place to ensure such measures would be viable, should they ever be needed.
In this way, Tandem has demonstrated how the right infrastructure, with the support of the right technology partner, provides organisations in even the most challenging sectors with the agility to pivot in response to unexpected, large‐scale shifts in the digital landscape. Tandem's long‐term digital transformation continues, with plans in place to bring its core banking suite in house and into the Cloud, for a further layer of control and flexibility.
Reduce complexity, increase speed and reliability
Exponential-e is a trusted technology partner for organisations across the Finance sector, offering innovative solutions that drive security, compliance and optimal performance at all levels.
Find out more in our Finance Brochure.
Do you know Dmitry Yuryevich Khoroshev?
If you do, there's a chance that you might well on the way to receiving a reward of up to $10 million.
Law enforcement agencies across the US, UK, and Australia have named Dmitry Yuryevich Khoroshev as the mastermind behind the notorious LockBit ransomware group, estimated to have extorted $500 million from companies worldwide.
To Test or Not to Test? - When it comes to IT disaster recovery and remediation processes, regular testing is not a 'nice to have' - it's absolutely essential!
This isn't hyperbole on my part. You just have to look at the news on any given day. We've all heard the horror stories of organisations in both the public and private sectors experiencing prolonged downtime during disasters due to inadequate preparation, lack of testing, and the unsuitability of their legacy remediation processes and systems.
The international hotel chain Omni Hotels & Resorts has confirmed that a cyberattack last month saw it shut down its systems, with hackers stealing personal information about its customers.
In the aftermath of the attack, hotel guests reported that they had been forced to check in on paper, that room keys didn't work, and all phone systems and Wi-Fi were offline.
Dev Ops Consultant at Exponential-e, Alistair Doran, write for 'Tech Native', discussing Software engineering and the cultural changes needed to move to a digital first economy. Read the article Read the article
Paulo Henriques, Head of Cyber Security Operations at Exponential-e, writes for 'Global Banking and Finance', discussing the cyber security steps businesses should take to mitigate the risk of botnets. Read the article Read the article
Chief Innovation office at Exponential-e, Jonathan Bridges, speaks to 'Intelligent Ciso' about the importance of having a robust cyber security plan in place and the steps businesses should take to achieve this, such as military-grade cyber security solutions to mitigate the threat of ransomware attacks. Read the article
Tom Richardson, Cloud Sales Specialist for Media at Exponential-e, speaks to Technology Dispatch about the importance of protecting sensitive data by ensuring the correct protocols are in place and training for staff at all levels is prioritised to mitigate these cyber risks. Read more here
