Ransomware attacks can’t be eliminated, but collaboration can increase resilience
Ransomware remains one of the most disruptive and costly cyber threats facing businesses and public sector organizations. In June 2024, a ransomware attack on Synnovis, an NHS laboratory services provider, resulted in £32.7 million in damages – over seven times its annual profits. This incident caused widespread disruption to medical procedures across London hospitals, further reinforcing the real-world consequences of such attacks.
This is just one example of the many high-profile incidents that have occurred over the years, despite successful efforts by the UK Government and their allies to use various tools to disrupt and counter the operations of ransomware gangs.
One tool under consideration by the UK Government is extending a ban on ransom payments beyond central government to all public sector bodies and Critical National Infrastructure (CNI) operators.
The aim is clear: reducing the financial incentives that sustain ransomware operations. While disrupting the revenue stream for cybercriminals is a logical step, it raises a critical question: will this make the public sector and CNI more resilient?
Chief Cyber Security Strategist at Risk Ledger.
The pitfalls of paying ransom
While paying a ransom may seem an appealing way to quickly recover your operations, it is a risky gamble. There is no guarantee that cybercriminals will restore access to systems, refrain from selling your stolen data, or even re-exploit an organization. Furthermore, organizations risk making payments to a sanctioned entity that might have obfuscated their affiliation
If public sector organizations are stripped of the option to pay, they need to be equipped with the resources to defend against and recover from attacks. That might require additional funding to bolster security and resilience programs, timely access to specialist expertise, and the use of real-world threat intelligence to guide decisions. The NHS, for example, presents a particularly complex challenge – could a blanket ban on payments be maintained in cases where a ransomware attack might impact public safety?
Additionally, if ransom payments become increasingly banned, they may be excluded from cyber insurance coverage. Organizations could face steeper premiums as insurers adjust for potentially increased recovery costs. Forensic investigations, system rebuilds, and operational downtime might exceed the cost of a ransom demand.
The supply chain dimension of ransomware attacks
Comprehensive supply chain security should be a critical part of an organization’s resilience strategy. Even if an organization has strong cybersecurity defenses, it is still vulnerable if its suppliers do not.
The government is weighing up whether to extend ransom payment prohibitions to critical suppliers of public sector bodies and CNI. If suppliers fall victim to ransomware, how confident can organizations be that those suppliers can recover quickly without paying?
A ransomware attack on a critical supplier can trigger a domino effect. Many businesses lack visibility into these hidden dependencies, only realizing their exposure when a disruption occurs. A single compromised supplier could paralyze multiple organizations downstream, causing widespread outages and significant business challenges.
Without clear visibility of supply chain risks, businesses can only prepare for a limited range of scenarios and are unable to identify and prepare for risks resulting from dependencies from suppliers existing at the 4th party level and beyond, i.e. subcontractors and suppliers’ suppliers.
Industry-wide collaboration can increase resilience
Regardless of whether ransom payments get banned, the key to enhancing operational resilience to ransomware attacks lies in proactive, collaborative defense. When businesses share information about suppliers, they may spot risks that a single company might miss on its own. By exchanging timely insights, organizations can detect and respond to emerging threats before they escalate into serious incidents.
Mapping out these connections help reveal concentration risks where an attack could cause widespread damage. Organizations may then initiate discussions with targeted suppliers on their ability to recover from a ransomware attack without the ability to pay a ransom.
Additionally, by taking a broad view across the industry, this enables organizations to make informed decisions on their overall supplier base. This may include whether to diversify their set of suppliers to reduce concentration risks or introduce additional controls to reduce exposure to ransomware attacks.
Organizations can better prepare for additional risk scenarios that are only illuminated after consolidating supply chain information with their peers and seeing a comprehensive and holistic view of their supply chain. While many businesses recognize that a supplier might be the limiting factor in their overall security, it is imperative for them to understand that this potential limiting factor may be beyond their current visibility.
Banning ransom payments may remove some of the financial incentives for cybercriminals, but it won’t make ransomware disappear. However, organizations are right to scrutinize their suppliers’ ability to resume operations without paying a ransom. Therefore, the real challenge lies in building organizational resilience – and that requires a shift in mindset.
Businesses must move beyond siloed thinking and treat cybersecurity as a shared responsibility. Only by working collaboratively with peers, suppliers, and regulators, and by broadening visibility across the supply chain to identify and address potential risks, can we reduce the impact of ransomware and make it less viable business model for criminals.
We’ve featured the best malware removal.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro