Cyber security news roundup: March

Published on: 1 Apr 2021

We're rounding up some of the biggest cyber security stories of the past few weeks. In March, the government's latest annual survey shed light on the state of cyber security in the UK, there were new warnings about ransomware and one large brand was criticised for a poor response to a data breach.

2 in 5 UK firms targeted by cyber attacks in 2020

A new government report has revealed almost two in five businesses (39 per cent) and a quarter of charities (26 cer cent) have fallen victim to cyber attacks in the last 12 months.

The Department for Digital, Culture, Media and Sport's 2021 Cyber Security Breaches Survey also revealed the impact of the Covid-19 pandemic has increased the security risk for many firms, as increased home working has made it more challenging to secure digital environments.

It also found fewer companies are taking the necessary precautions. Only 83 per cent of businesses have up-to-date antivirus software - down five per cent from the previous year - while just one in three firms are using security monitoring tools to identify abnormal activity.

UK 'too complacent' on cyber security risks, NCSC chief warns

The incoming head of the National Cyber Security Centre (NCSC) has warned that many businesses remain too complacent about their exposure to cyber threats, which could be putting the UK as a whole at risk.

In a speech delivered to a virtual audience at Queen's University Belfast, NCSC chief executive Lindy Cameron said cyber security is still not being taken as seriously as it should be and is often not a part of boardrooms' thinking.

"The pace of change is no excuse - in boardrooms, digital literacy is as non-negotiable as financial or legal literacy. Our CEOs should be as close to their CISO as their finance director and general counsel," she continued.

FatFace criticised for slow data breach response

Clothing retailer FatFace is facing criticism for the way it handled a recent data breach, with security experts describing its response as too slow, too secretive and too confusing.

The firm sent emails to customers this month informing them a breach had occurred in January. However, the message urged recipients to "keep this email and the information included within it strictly private and confidential" and did not offer any details of how customers could confirm the breach or take mitigating action.

It has since emerged FatFace paid $2 million (£1.45 million) to a ransomware group to restore operations. Cyber security experts have questioned the brand's response to the incident, with Larry Parnell, director of the strategic public affairs program at George Washington University, describing it as a case study in "bungling the process".

Majority of ransomware victims fail to recover data

New research by Kaspersky has revealed how ransomware continues to be a lucrative avenue for cyber criminals, with the firm finding more than half of victims in 2020 (56 per cent) paid up in order to regain access to their data.

However, it also warned that giving in to demands is no guarantee data will be restored. Ultimately, only 29 per cent of victims were able to restore all their data, regardless of whether or not they paid. Half lost at least some files, while 32 per cent lost a significant amount, and 18 per cent lost a small number of files. Meanwhile, 13 per cent lost almost all their data.

"Handing over money doesn't guarantee the return of data, and only encourages cybercriminals to continue the practice," said Marina Titova, head of consumer product marketing at Kaspersky. "Therefore, we always recommend that those affected by ransomware do not pay as that money supports this scheme to thrive."

Manufacturers increasingly vulnerable to outages from cyber attacks

Manufacturing firms may be particularly vulnerable to cyber security incidents as they become increasingly digitised and reliant on smart technology, a new study by Trend Micro has found.

It warned that as these firms invest in smart factory improvements, this is creating gaps in awareness between IT and operational technology teams that criminals are quick to exploit.

As a result, more than three-fifths of manufacturers (61 per cent) have experienced cyber incidents, with 75 per cent of these suffering system outages as a result. More than two-fifths (43 per cent) said outages lasted more than four days.