Ransomware is the most significant cybersecurity threat facing organizations ranging from critical national infrastructure providers and large enterprises to schools and local businesses – but it’s a threat which can be countered.
这是他在英国皇家国际事务研究所(Chatham House) 2021网络会议上的讲话, 林迪舞卡梅隆, CEO of the UK’s National OD真人官网 Centre (NCSC) warned about several cybersecurity threats facing the world today, 包括供应链攻击, the threat of cyber espionage and cyber aggression by hostile nation-states and cybersecurity exploits and vulnerabilities being sold to whoever wants to buy them.
But it’s ransomware which is “the most immediate danger to UK businesses and most other organizations”卡梅隆说, who warned that many businesses are leaving themselves vulnerable because “many have no incident response plans, 或者测试他们的网络防御。”.
Drawing on examples of high-profile ransomware attacks around the world including the Colonial Pipeline ransomware attack, the ransomware attack against Ireland’s Health Service Executive and those closer to home like the ransomware attack against Hackney Council, Cameron detailed the “real world impact” that these cyber attacks have had over the last year as cyber criminals encrypt 净works and attempt to demand ransom payments of millions for the decryption key.
And one of the reasons why ransomware is still so successful is because some victims of the attacks will pay the ransom, perceiving it to be the best way to restore the 净work as quickly as possible – despite warnings not to pay.
“We expect ransomware will continue to be an attractive route for criminals as long as organizations remain vulnerable and continue to pay. We have been clear that paying ransoms emboldens these criminal groups – and it also does not guarantee your data will be returned intact, 或者真的回来了,”卡梅隆说, who also detailed how many ransomware groups are now stealing data and threatening to leak it if the ransom isn’t paid.
在最近几个月, the impact of ransomware has become so great that world leaders have discussed it at international summits.
“We should not view ransomware as a risk we have to live with and can’t do anything about. We’ve seen this issue become a leader level G7 topic of conversation this year. 政府要发挥作用，我们也在发挥我们的作用。.
“We are redoubling our efforts to clamp down and deter this pernicious and spreading crime, standing firm with our global counterparts and doing our best to turn this into a crime that does not pay,”她补充说.
但是,尽管政府, law enforcement and international bodies have a role to play in helping to fight back against ransomware attacks, businesses and other organizations can also examine their own defenses and what plans they have in place, 他们应该成为勒索软件攻击的受害者吗.
“但受害者在这里也有代理. 你知道如果这种事发生在你身上你会怎么做吗? 你排练过吗? Have you taken steps to ensure your systems are the hardest target in your market or sector to compromise? 如果你愿意付赎金的话, are you comfortable that you are investing enough to stop that conversation ever happening in the first place,”卡梅隆说.
Actions like applying security patches and updates promptly and using multi-factor authentication can help protect 净works from cyber attacks – and the NCSC has published much advice on how businesses can help protect their 净works, 强调OD真人官网必须是一个董事会层面的问题.
“One of the key things I have learnt in my time as NCSC CEO is that many – in fact the vast majority – of these high-profile cyber incidents can be prevented by following actionable steps that dramatically improve an organization’s cyber resilience”, 卡梅伦说.
“Responsibility for understanding cyber security risks does not start and end with the IT department. 首席执行官和董事会也扮演着关键角色. “No chief exec would get away with saying they don’t need to understand legal risk because they have a general counsel. 网络风险也应该如此。”.
Danny Palmer |， 2021年10月11日