The Cyber Resilience Centre for Wales (WCRC) predicts businesses across Wales will come under increasing threat from ransomware attacks as cybercriminals continue with this lucrative business model, and attacks becoming more sophisticated.
Detective Superintendent and Director of the WCRC Paul Peters, said: “This is a danger we have seen continue to grow over the course of 2021. Falling victim to this type of malicious software prevents businesses accessing their data, which can be crippling. But cybercriminals are also stealing data before encrypting, then threatening to release it giving them greater leverage when demanding payment of a ransom.”
The WCRC was set up in April this year as part of a network of centres across the UK to provide businesses and organisations with an affordable way to access cyber security services and guidance through membership to help protect themselves from attack. Since it launched more and more SMEs in the region are recognising the importance of being cyber resilient, with the centre recently passing the 200th-member mark.
“I’m really pleased with the progress we are making but, in particular, the number of businesses we have managed to engage with. We have been focusing on SMEs, micro businesses and the third sector, and over three quarters of our members fall into these categories. Yet we can’t rest on our laurels, as there are many organisations out there that are leaving themselves vulnerable and our goal is to help them to protect themselves,” Paul continues.
“Although ransomware is the biggest threat, phishing is another risk and here at the centre we are hearing more and more reports of these types of emails becoming increasingly sophisticated. They appear to be more genuine and so more difficult to identify. Phishing emails are often the method used for delivering ransomware and other malware, but also can lead to business email compromise or other types of fraud.
“One of our members recently reported receiving a Welsh language phishing email, and another has had a targeted phishing email that appears to be from a recruitment company with some enticing job opportunities. So, as we enter the new year it continues to be crucial that we raise awareness of how to identify these emails and not fall victim to them.”
Paul recommends that by having a robust backup procedure in place, strong passwords with Two Factor authentication, and a strategy to raise awareness amongst staff, businesses and other organisations can significantly reduce the likelihood of falling victim to attacks.
“Many cybercriminals have recognised the advantage of approaching their victim through their supply chains, this year we have seen a number of these types of attack. For example, the July attack on US software solutions provider Kaseya. But don’t be fooled into thinking this only happens to the big companies, it also affects SMEs, micro businesses and charities here in Wales.
“In 2022 it will become increasing important that entire supply chains ensure they are not the cyber security weak link. In order to do this, businesses need to focus on raising their staff awareness so they can recognise a phishing attack as well as instigating basic cyber security measures,” concludes Paul.
