Brian Sims
Editor
Brian Sims
Editor
ACCORDING TO the latest research conducted by Bridewell, a significant proportion (ie 57%) of organisations across central Government, civil aviation, energy, transport (rail and road combined) and finance have experienced a ransomware attack in the past 12 months, with data theft and loss among the most serious consequences.
In its study, Bridewell surveyed 521 staff responsible for cyber security at UK Critical National Infrastructure (CNI) organisations. Ransomware attacks have significant implications for critical infrastructure sectors. In the aviation space, for example, downtime from an attack could cause major disruption to flights, while in financial services any failure to act could leave organisations falling foul of strict compliance rules.
It emerges that central Government organisations have been most significantly affected by ransomware attacks over the past 12 months, with more than six-in-ten (ie 63%) of those respondents surveyed reporting an attack, closely followed by civil aviation (61%) and energy (60%).
In addition to the growing ransomware threat, phishing attacks are also widespread. On average, each of the five sectors faced 16 phishing attacks during the course of the last 12 months, with the road industry experiencing the most (reporting 21 episodes).
Delayed response
Given these significant consequences, industries are struggling to react quickly to cyber incidents and mitigate the damage they cause.
The research reveals that responses to phishing attacks can take anywhere from just over five hours, with responses in the financial services sector taking an average of 10.70 hours. Responses to ransomware can also take anywhere from six to 14 hours, the latter being the typical statistic in the energy sector.
Nation-state attacks also remain a key concern. Road organisations take an average of 19.56 hours to respond to nation-state attacks, which continue to escalate as Russian, Chinese, Iranian and North Korean-affiliated threat actors escalate their efforts. These are closely followed by the energy (18.77) and aviation (18.21) sectors.
Future-proofing CNI
In order to deal with these concerns, organisations are actively enhancing their cyber security measures. Across each of the five sectors, almost all organisations (94%) are now leveraging Artificial Intelligence (AI)-driven tools, including AI-enhanced endpoint protection, automated incident response solutions and network behaviour analysis.
On average, 52% of organisations from across the five sectors plan to increase their IT security spend in 2024 when compared to last year.
“Our research shows that ransomware, phishing and malware remain highly potent, but are only part of the wide range of threats confronting the UK’s CNI organisations,” explained Anthony Young, CEO at Bridewell.
Young continued: “Organisations must invest to fortify their defences against mutating threats. They need to be sure they’re combining innovative technology with human expertise and tested methodologies such that they can remain at the cutting-edge without compromising ‘business as usual’ in any way. Investment is vital to ensure the best possible protection for organisations rightly deemed critical to the UK’s well-being.”
*Full reports for the aviation, energy, finance, Government and transport sectors are available to view online at www.bridewell.com
