The UK’s response to security breaches has astounded experts, with low figures for incident response plans and reporting to authorities. Only 22% of businesses have a formal incident response plan, and only 10% report the most disruptive breaches to the police. Small and micro businesses have lower response rates compared to medium and large businesses. The decline in awareness of security initiatives and willingness to seek support is also a concern. The average cost of a security breach is £1,206, but breaches resulting in data theft can cost up to £40,400 for medium and large businesses. Phishing is the most common type of cybercrime affecting UK businesses.
According to a study by Sophos, 94% of companies hit by ransomware in the past year had their backups targeted by cybercriminals. Attackers are increasingly compromising backups along with production data to put pressure on victims to pay the ransom. The study also found that organizations with compromised backups paid eight times more for recovery efforts and were 63% more likely to have their data encrypted by attackers. State and local governments, as well as the media, leisure, and entertainment sectors, were the most at risk of having their backups targeted during ransomware attacks.
Why do we care?
I’m struck by those low preparedness numbers. Is it a massive opportunity? Do customers not care? Or both? Every security vendor wants you to buy their product and solve all your problems. Instead, know we’re dealing with a people problem – process and procedure will beat the product.
The findings from the Sophos study highlight a critical evolution in the tactics of cybercriminals, specifically their focus on targeting backups along with primary data during ransomware attacks. This strategy undermines one of the key defenses against ransomware: the ability to restore data from backups without paying the ransom. The fact that compromised backups result in significantly higher recovery costs and a higher likelihood of data encryption emphasizes the need for organizations to enhance the security of their backup solutions and consider multi-layered defense strategies that protect against such sophisticated attacks.
