The UK’s National Cyber Security Centre (NCSC) and National Crime Agency (NCA) have published a whitepaper on the evolution of ransomware-as-a-service (RaaS) and the cybercriminal ecosystem. The report highlights that responding to ransomware attacks need not be complex or expensive. Organizations can protect themselves by handling cyber hygiene issues such as prompt patching, strong password protection, and multifactor authentication. The report also reveals that many victims are chosen opportunistically and not specifically targeted and that poor cyber hygiene is often the root cause of successful ransomware attacks.
A Techaisle survey found that while many SMBs are aware of the threat of cyber attacks, a significant portion do not consider it a critical issue. One-third of them are unconcerned about cybersecurity. Core and upper midmarket businesses take a more proactive view of these issues, with two-thirds viewing cyber attacks as either their most critical IT issue or a top-three business issue. Nearly 30% of small businesses and roughly half of core and upper midmarket firms have implemented a cyber resilience solution. Small businesses, in particular, are less likely to see cyber threats as a top IT or business issue. However, this may be due to their less mature IT operations and other daily business challenges. However, most core and upper midmarket businesses view cyber attacks as critical IT issues or top-three business issues, with over 80% focused on establishing effective cyber defenses.
Why do we care?
There’s such an interesting disconnect here. Cybersecurity doesn’t have to be nearly as confusing and challenging as the industry makes it out to be, and even with the risks, a number of customers don’t care. Perhaps it’s the overt complexity itself that’s the problem.
The industry is all in on cybersecurity. But maybe less is more. Do the basics really, really well. That seems to be the most valuable version of the service.