Companies facing threat of “triple extortion” from cyber criminals

It’s the corporate world’s dirty secret. As ransomware attacks boom, most UK businesses are not suitably protected from cyber threats, are lacking effective crisis plans and the majority end up paying ransoms, making them targets for repeated attacks. This is the secret panic gripping corporate Britain, Management Today discovered in its new investigation.

As the pace of digital transformation continues to accelerate, organisations are becoming more exposed to the dangers of cyber hacks. Last year in the UK, attacks jumped by 112% on the previous year, according to the Global Cyberattack Trends report by SonicWall. Collectively, UK businesses are paying out tens of millions of pounds in ransom payments.

But “cyber shame” leads most businesses to keep quiet on attacks or ransoms, and hide the payments on their balance sheets under headings like “professional services”.

In particular, businesses are worried about the threat of “triple extortion” from cyber criminals, who are becoming increasingly professional, adopting operating models that mirror those of tech companies. “Ransomware as a service” allows architects of a hack to outsource different parts of an attack to specialist groups, making the attack more dangerous.

The triple threat works as follows: first, a company loses its data. Second, this data could be sold on via the dark web and used against it – particularly if it’s sensitive information and it could be subject to enforcement action for data breaches by the authorities. Finally, the attackers could launch denial of service attacks.

Read MT's The Big Hack series, to find out more about how these attacks happen, our exclusive interview with a senior leader who had to steer his company through a serious attack and critical steps on how to prevent becoming a target.