How to avoid being held to ransom

Head of Incident Response, BAE Systems Applied Intelligence Read time: 3 mins
Ransomware is one of the biggest online security threats to organisations around the world. Our head of incident response, Andy Snowball, says effective preparation and capability to respond quickly is vital
How to avoid being held to ransom As we’ve all learned over the past 18 months or so, life is unpredictable. Things change. Time, processes and technology evolve. What worked once may no longer be applicable – particularly in the midst of a pandemic.
 
But embracing the unexpected is one thing, failing to prepare for what is foreseeable is quite another. Take ransomware, for example. This is where hackers encrypt data and demand payment for it to be restored.
 
Financial services organisations are particularly vulnerable as they tend to have a large number of legacy systems that are difficult to monitor – which can make it easier for a ransomware attack to occur if the attacker is able to gain access to these systems.
 
Such attacks are increasing with such prevalence that we can now say with some certainty that every financial services organisation on the planet is likely to experience an attack of some sort at some point. It’s unavoidable.
 
And look, I know I would say that. I head up incident response at BAE Systems. It’s my job to go out and examine attacks and persuade companies to focus more on their cyber defences. I get it. But fortunately, you don’t have to take my word for it.
 

Ransomware on the radar

Just recently the United States and European governments announced that they will be working closer together to help repel ransomware attacks across both their territories. Their new working group will seek to raise public awareness on how to protect networks, while also highlighting the risk of paying the criminals responsible.
 
And here in the UK, too, the threat is intensifying. Lindy Cameron, chief executive of the National Cyber Security Centre, warned in a recent speech that ransomware represents the biggest threat to online security for most people and businesses across the country.
 
Such comments reflect the findings of our report with RUSI, which found that a surge in ransomware attacks is “spiralling out of control.” Our tracking of the threat shows that at present, there are approximately 40 new victims of this mode of ransomware attack each week, showing that the threat is not going away.
 
So, with the circling threat of ransomware attackers now a constant feature of the business and financial services landscape, it is incumbent on all organisations – large and small – to be prepared. And that means having an effective incident response plan in place.
 

Putting it into practice

Unfortunately, it’s easier said than done. Responding is not a tick box exercise – there is no check list that you must go through and every single incident brings its own challenges.
 
There are a number of things an organisation can do in order to prepare itself as best as possible. These range from having experts on standby, to understanding your estate’s critical data and systems and what needs to be done to protect them, to practising what to do in the event of an attack.
 
This is particularly important as repetition develops organisational muscle memory. If a security team gets a phone call at 3am on a Sunday morning, they don’t have time to scramble for copies of plans and processes. There are also a lot of moving parts – it’s not just a technical response; it involves the entire organisation and each department has a role to play. 
 
Practice also allows an organisation to test the process and refine it. As organisations and threats develop, the plan and process have to change accordingly and be tested to make sure they are fit for purpose – and that’s where BAE Systems can come in.
 

Rapid response

As ransomware has risen up the agenda in recent years, we have been increasingly supporting organisations in their preparations and responses to attacks. Within hours of a call to our 24/7 incident hotline, we respond with remote support from one of our centres of excellence in the UK, Australia and Malaysia. We will also rapidly deploy our expert personnel to your site if needed, supported by BAE Systems offices and infrastructure around the globe.
 
These services combine our technical skills with strategic guidance to ensure your organisation makes the right decisions at the right times to minimise the impact of the attack. Our teams will work together to provide unparalleled visibility of what happened in an attack, and to highlight vulnerabilities that may have played a role in the incident. And if a breach of security has already made the headlines or attracted regulator attention, then our team can help you manage internal and external stakeholders, as well as the press.
 
It all comes down to creating a response which reduces costs and helps mitigate the risk. That’s the bottom line – and it’s one that any company can ill afford to ignore.
 

If you think your organisation has been a victim of a cyber attack contact our 24/7 Cyber Incident Response Team

 

About the author
Andy Snowball is Head of Incident Response at BAE Systems Applied Intelligence
Ransomware’s Perfect Storm

Threat Intelligence Insights

Explore our latest updates and stay informed

Our threat intelligence team has unrivalled knowledge of the threat landscape
Find out more

Recommended reading

  • Enabling smarter cyber security at home. The pandemic has revolutionised our working practices but in doing so it’s also opened the door to increased cyber attacks. Sugee Bhanoo examines what can be done
  • Catching the new technology train. Thomas Bennett may have spent his career focusing on cyber security but he remains an optimist at heart – and a passionate fan of technological advances. He tells Nadia Doughty about his life as the security business development manager of Norway’s Telenor Group
  • Conflict in the grey zone: Preparing ourselves against cyber opponents. When it comes to the cyber arms race, Miriam Howe says that preparation, collaboration and adaptability are critical
  • Moving cyber into the diplomatic mainstream. What’s cyber got to do with diplomacy and development? Actually, a huge amount. Miriam Howe sits down with Will Middleton to hear about life as Cyber Director of the UK’s Foreign Office, and why cyber is now firmly entrenched on the frontline of national security  
  • Exploring a new role for cyber security in UK government transformation. A new study commissioned by BAE Systems Applied Intelligence has revealed that cybersecurity is both a major driver of IT modernisation and a significant barrier to adoption. Lorna Rea explains how the way forward will require a delicate balancing act - to manage cyber risk effectively, without hindering innovation and collaboration
top
Andy Snowball Head of Incident Response, BAE Systems Applied Intelligence 28 October 2021