The Royal Mail ransomware attack left packages in limbo, and the organisation scrambling. We’ve found out what happened, and why this is important for businesses.
What happened to Royal Mail?
In January, Royal Mail was targeted by a ransomware attack, where their files and data were encrypted by the hacking group LockBit. This meant that Royal Mail were unable to access their data. Negotiations were started with LockBit; however, Royal Mail refused to pay the amount requested by the group to have their access to their files restored, calling the price ‘absurd’. As a result, overseas deliveries were halted and only resumed at the end of February. LockBit claimed to publish the stolen data online a couple of days later.
Why is this important for businesses?
The Royal Mail ransomware attack isn’t just important for businesses to be aware of when they ship and receive products internationally; it’s also important for businesses to think about their cyber security. The ransomware incidents that hit the news are often targeted attacks, with huge industries and organisations as the victims; the NHS and North East Universities, for example.
However, the majority of cyber attacks target small to medium enterprises (SMEs). This 2022 report found that, ‘An average employee of a small business with less than 100 employees will receive 350% more social engineering attacks than an employee of a larger enterprise’. The report also found that 51% of these social engineering attacks involved phishing, where malware infected links were used to gain access to victims machines and operations.
What should businesses do about cyber attacks?
Businesses shouldn’t wait until a cyber attack happens; they should expect it to happen. According to the report from Barracuda, ‘SMBs are an attractive target for cybercriminals because collectively they have a substantial economic value and often lack security resources or expertise.’ Barracuda’s report also states that, ‘60% of small businesses will close their doors six months after a security breach. With 43% of online attacks targeting small businesses, the cost of doing nothing can be too high.’ As such, the best offensive tactic against cyber attacks is a good defence.
When it comes to security, businesses should consider how to improve their technology, so that their systems can stand up to cyber attacks, and how to improve the education of themselves and their employees, so that users are prepared for cyber attacks.
The cyber security that businesses use should be multi-layered, so that the organisation isn’t dependent on a single form of protection. This should include a high quality anti-virus software, so that threats are identified and removed safely. Multi-factor authentication, so that anyone who attempts to gain access to your systems needs multiple separate pieces of information. Firewalls, and Intrusion Detection Software (IDS) can also be used to protect your network, and Backup & Disaster Recovery means that your data is protected if the worst happens.
To help educate your staff, we’d recommend U-Secure. This product provides cyber-security training and management by sending ten minute videos directly to your employees to teach and then test their knowledge on subjects like phishing, ransomware and social engineering. The results are then recorded for your organisation so you can identify which employees are most at risk, and who needs more help when it comes to understanding these kinds of scams. U-Secure also offers email phishing simulations with reporting, business policy centralisation, distribution and adoption management and breach monitoring.
Not sure where to start with security?
Businesses don’t need to struggle with cyber security alone. Get in touch with Transcendit for a demo of U-Secure, and have a 14 day trial to see if it works for your organisation. Transcendit can also review your network security to ensure that your business is protected against cyber attacks.
Give us a call on 0191 482 0444 to get your cyber security sorted
