Depending on which data you review and trust, ransomware attacks are either in decline or reached record levels in 2024. The truth as is often the case may well be somewhere in between. What is clear however, is that governments are increasingly exploring new approaches with how to counter the threat of ransomware and cybercrime.
Late last year, the US government focused on reforms to cyber insurance policies as a potential avenue for disrupting ransomware networks. The then deputy national security advisor for cyber and emerging technologies, Ann Neuberger, told the Financial Times that many of the insurance policies covering reimbursement in the case of ransomware are inadvertently feeding the criminal ecosystems they are designed to disrupt.
“We don’t negotiate with (cyber) terrorists”
It was proposed that preventing cyber insurance companies from reimbursing companies impacted by ransomware attacks could in fact help disrupt the cycle. More recently, this approach has also been mooted for consideration by the UK government, with proposals to protect UK businesses and critical national infrastructure by banning ransomware payments.
The thought process being that this will in time deter cybercriminals from targeting such organisations or networks if they know that payment will not be forthcoming. In its reporting when announcing the consideration of these proposals, the UK government revealed that the National Crime Agency managed 13 ransomware incidents between September 2023 – August 2024 that it categorised as posing “serious harm to essential services or the wider economy.”
Regardless of what regulators propose and what they may eventually adopt, however, there are a number of things businesses should be doing to make sure things don’t even get that far in terms of navigating around the potential requirement not to pay.
The key to keeping ransomware at bay
The key when it comes to ransomware is to think about deterrence; and specifically how to create deterrence against perpetrators. While banning ransomware payments may be one solution, another is forcing cybercriminals to work much harder with their attacks. That means ensuring that employees become a vital first line of defence at businesses.
Bad actors undoubtedly see the human element as the weakest link in organisations, and stats show that the majority of breaches involve some sort of human element. However, with the right education and training in place, organisation can flip this statistic on its head.
This means actively promoting cybersecurity awareness and educating employees is vital for businesses to achieve and maintain strong organisational cyber resilience. Providing practical training helps mitigate the risks of employees misunderstanding concepts and also aids in implementing best practices for developing robust security measures and ensuring regulatory compliance at a much higher level.
What’s more, cybersecurity training should be ongoing, not a one-time event. Organisations should conduct regular training sessions, at least quarterly, to ensure that employees stay updated on emerging threats and retain the skills they learn.
Better ransomware training
Some of the most effective training methods include simulating cyberattacks and ransomware threats in real-time. These practical, scenario-based exercises reinforce critical thinking, teamwork, and decision-making under pressure, as well as helping organisations measure preparedness and identify gaps in knowledge or processes.
Ultimately, the key is to make training engaging and relevant to each employee’s role, empowering them to be confident in recognising and responding to potential cyber threats. By combining regular training with advanced defensive tools, organisations can transform the human element at a business from a potential liability into a robust line of defence.
The other important consideration for businesses arming themselves against ransomware attacks is to factor in that even when they have taken all of the precautions and proactive preparedness steps they can, the reality is that it is extremely difficult to protect everything at all times.
This means prioritisation is vital, which in turn means understanding where and what the most significant aspects of the company’s ‘crown jewels’ are and making sure those have the most robust protection in place. This likely means detaching critical core systems from business systems in order to do so.
Preparing for the future
While banning ransomware payments to disincentivise attackers may have its merits, the flip side is that it will make it harder to detect, analyse and prevent future incidents with no visibility into payment flows. This means there is a clear need for balance between regulatory enforcement and intelligence gathering.
However, while strengthening forensic capabilities may be one avenue to mitigate future ransomware threats, the only way to ensure an organisation’s security in this environment comes back to developing the preparedness to respond to these attacks. That means conducting regular cyber exercises and training programmes to ensure employees are up to date with the latest trends, threats and tactics.
- Cybersecurity