SMEs Need Robust Security Infrastructure to Support the National Ransomware Payment Ban, Says Espria In light of the proposed national ransomware payment ban across public sector services, leading technology solutions provider Espria urges UK businesses to shore up security to mitigate the risk of cyberattacks. The UK government is set to crack down on ransomware with proposed measures to ban the NHS, local councils, schools and other critical services from paying ransoms to cybercriminals. Following a public consultation that saw nearly 75% respondents support the proposal, the new measures will also require private sector businesses to formally report all attacks and notify the government of any intent to pay a ransom. Designed to dismantle the business model that fuels cybercrime by making the UK's vital public services an unprofitable target for attack, these new measures will lead the way in tackling ransomware, bolstering national security and protecting key services and businesses from disruption. According to Brian Sibley, Virtual CTO at Espria, whilst this move is seen as a good thing in signalling to malicious cyber actors that UK businesses aren’t willing to pay ransom demands. “Businesses must support this by doing everything possible to employ robust security strategies, including staff training across their organisation.” “Cutting off the ransom ‘business model’ targets the heart of the issue, as highlighted by the overwhelming public support and widespread news coverage, including recent “Panorama” investigations into the devastating impact of these attacks. Nevertheless, you need to prevent an attack rather than waiting for it to happen, as consistently warned by the National Cyber Security Centre, advocating prevention over payment. Businesses shouldn’t wait to become a victim before acting. “It is crucial to invest in robust systems and specialist cyber security staff training across your organisation to ensure security, alongside regular, detailed threat assessments. This is true for both large institutions and SMEs; regardless of the available budget, it is a necessary routine to follow. Even the most established organisations can be disrupted overnight by ransomware attacks, with reputational and legal repercussions lasting months after.” Sibley continues, “We are already seeing indications that cyber insurance is the new prerequisite for compliance, with insurance underwriters acting almost as regulators for cybersecurity. Adopting recognised frameworks like Cyber Essentials and Cyber Essentials Plus, and enabling compliance with ISO 27001, is a practical way for business leaders to demonstrate they’re taking the right steps. “If businesses are forewarned with proactive security monitoring tools of any threats or gaps in their cyber defences, they are better able to protect themselves from an attack and subsequent breach. For smaller businesses, this means relying on your managed services partner rather than an in-house security expert, but this can be more beneficial as an MSP can access a wider range of security expertise for integrated, all-encompassing and up-to-date technology offerings. Ensuring your recovery plans are in place and tested, including immutable backups, can ensure your business doesn’t crash entirely following an attack. Sibley concludes, “Ultimately, however, all organisations, whatever their size, still have a greater responsibility to ensure that their security posture is up to scratch. In today’s threat landscape, waiting for an attack isn’t an option. Every organisation must do everything it can to stay resilient and secure.”
RkJQdWJsaXNoZXIy NTY1MjM3