Home / Cybersecurity / Held to ransom

Held to ransom

To take action against ransomware attacks, organisations must embrace a layered cybersecurity approach – which includes a combination of IT and business processes, employee awareness and software, explains Usman Choudhary, Chief Product Officer of VIPRE

Earlier this year, VIPRE released its latest whitepaper, How to Stem the Flow of Ransomware highlighting that by investing in a multi-faceted cybersecurity strategy, businesses can strengthen their protection against ransomware attacks – recently declared the most significant cyber threat facing the United Kingdom.

Ransomware is not an unfamiliar concept. However, the magnitude of attacks has advanced through increased frequency and sophistication, targeting businesses of all sizes and industries. Recent research has spotlighted cybercriminals’ tendencies to exploit the introduction of hybrid working to launch attacks on remote workers, with the Information Commissioner’s Office (ICO) revealing an increase in ransomware attacks – rising by 66 per cent between 2020 to 2021.


The first line of defence in safeguarding organisations from cyber-attacks falls upon the human workforce. As the end-users, it is their responsibility to make the final call on whether to download an external file or send sensitive information. Nevertheless, it is unavoidable for humans to make mistakes. Common internal errors include emailing the incorrect person, downloading malicious attachments or clicking on phishing links – making up 95 per cent of data breaches. Such mistakes can cause severe repercussions for businesses of all sizes; such as financial damage through both ransom demands and business disruption, in addition to damaging a company’s reputation and provoking a loss of productivity.

According to research by IBM, ransom demands can reach up to £31 million on average. And, unfortunately, paying ransom to a cybercriminal doesn’t guarantee the return or unencryption of data, with stolen data continuing to remain at risk of being leaked. Therefore, providing the workforce with the required knowledge and support against ransomware attacks is fundamental to avoiding them altogether.

Prioritising education surrounding ransomware attacks is crucial for minimising human risk. As part of this, all workplaces should offer consistent security awareness training – as opposed to an annual ‘tick box’ exercise. Regular security awareness training will strengthen a user’s understanding of potential cyber threats, and more importantly, help to prepare them to prevent these attacks. A business’s first line of defence must be secure, or else it creates vulnerabilities for attacks to take place. In turn, empowering users with confidence and self-trust is of extreme importance within a business’s overall cybersecurity strategy to achieve maximum prevention.


Undeniably, email remains an indispensable tool for both the internal and external exchange of information, with 333.2 billion emails estimated to be sent and received every day within the UK. However, according to VIPRE’s whitepaper: “Email is the most commonly exploited threat vector by cybercriminals who use it to spread malware, including ransomware”. Consequently, it is becoming increasingly vital for businesses to strengthen their email security, particularly with confidential, valuable and potentially sensitive information being shared across the internet.

There is a range of technological solutions available to strengthen email security, with tools such as ‘sandboxing’ blocking malware before it can enter a network – in turn, giving the user and organisation continued control of the email and network access points, while preventing suspicious emails and/or links from entering a user’s inbox.

Furthermore, security email tools that prompt the user to double-check an email before sending it are valuable to avoid any costly mistakes from occurring. The user can be alerted with questions such as: ‘Are your recipients the right people to share this information with?’ or ‘Have you attached the correct document?’ Thus, users are reminded to make sensible decisions through the support of this technology, while continuing to notify them about any possible data leakages or threats in advance.


Damage limitation and containment are crucial from the start of any cyber-attack, placing significance for businesses to have a recovery plan in place. Implementing a contingency plan will benefit not only the business, but its stakeholders and similar organisations, both short-term and long-term. While minimising disruption and ensuring the business can get back up and running, it also allows the organisation to continue to learn from potential errors.

Once a threat has passed, a retrospective audit of what happened should be conducted. This data can then be shared across businesses in an attempt to develop a faultless security approach, and reduce the possibility of future recurrences. Prevention is better than cure. However, in the event of an attack, having a dependable ransomware response plan prepared is key for business continuity and to minimise any detrimental consequences that could arise from data loss, for both customers and stakeholders.


Combining email protection, regular security awareness and a recovery plan to create a multi-faceted approach is fundamental in transforming and strengthening security measures. For maximum protection, it is best that these security strategies work alongside one another – rather than separately, to provide businesses with 360-degree protection against the modern threat landscape. This means that businesses and their users will be given the confidence and reassurance they need, closing the door on any potential gaps for attackers to take advantage.

About Sarah OBeirne

Leave a Reply

Your email address will not be published. Required fields are marked *