The recent threat of cyber attacks across the UK has been an unfortunate reality for thousands of businesses. Recent intelligence from the National Cyber Security Centre (NCSC) reveal that ransomware attacks are occurring daily throughout the UK. This is turning cyber security’s perception from a luxury, to an absolute necessity. In this article we will be looking into a recent cyber attacks that occurred to a 158 year old British company. Understanding these threats and implementing proper security measures can mean the difference between business continuity and complete devastation. In addition, proven solutions like Cyber Essentials can help safeguard your business from cyber attacks, which we will explore further.
What is a Cyber Attack & Ransomware?
A cyber attack represents any malicious attempt to damage, disrupt, or gain unauthorized access to computer systems, networks, or digital devices. These attacks come in various forms, each designed to exploit different vulnerabilities within an organization’s digital infrastructure.
Ransomware attacks constitute one of the most destructive types of cyber threats currently plaguing British businesses. This malicious software encrypts a victim’s files and demands payment for the decryption key. Cybercriminals often target backup systems simultaneously, leaving organizations completely paralyzed until they either pay the ransom or rebuild their entire digital infrastructure from scratch.
Common Types of Cyber Attacks
- Phishing attacks trick employees into revealing sensitive information through fraudulent emails.
- Malware infections corrupt systems and steal valuable data.
- Social engineering manipulates human psychology to bypass technical security measures.
Understanding these threats can form the foundation of an effective cyber security plan. It also helps businesses recognise potential vulnerabilities before criminals exploit them.
Knights of Old: How one weak password collapsed a business
The devastating collapse of Knights of Old stands as a reminder of how a single security vulnerability can destroy decades of business and history. This 153 year old British logistics company didn’t merely suffer a data breach, it ceased to exist entirely, demonstrating the catastrophic potential of modern cyber attack methods.
In June 2023, the Russian-affiliated Akira cybercrime syndicate penetrated Knights of Old’s digital infrastructure through a simple entry point: a recycled employee password. This basic security failure provided criminals with access to critical business systems, including transportation management platforms and financial databases that formed the company’s operational backbone.
The attackers’ ransom demand approached £5 million, accompanied by a chilling ultimatum declaring the company’s infrastructure “fully or partially dead.” However, the true tragedy unfolded not in the initial breach, but in the aftermath that revealed fundamental weaknesses in backup systems and recovery protocols. Knights of Old had cyber insurance, but it only covered them up to £1 million pound. So it provided some assistance, but didn’t save the business.
Planning is vital
Recovery attempts failed due to corrupted backup systems and inadequate disaster planning. Operations ground to a halt as cash flow evaporated and regulatory obligations went unmet. Within three months, Knights of Old entered administration, resulting in over 700 job losses and leaving suppliers, customers, and investors facing significant losses.
The NCSC, who’s mission to make the UK “the safest place to live and work online,” later used this case to illustrate how seemingly minor security gaps can trigger complete business failure. The incident gained national attention through BBC’s Panorama documentary Fighting Cyber Criminals highlighting the human cost behind cyber security statistics.
How Cyber Essentials Can Help Your Business
Cyber Essentials represents the UK government’s baseline cyber security certification scheme, designed to help businesses protect themselves against common cyber attack methods. This framework establishes five fundamental security controls that address approximately 80% of basic cyber threats facing modern businesses.
The certification process involves implementing essential security measures including secure configuration, boundary firewalls, access control, malware protection, and patch management. These controls work together to create a robust defense system against both automated attacks and opportunistic cybercriminals.
Issued by our cyber security company, Cambridge IT Security, they can ensure your company is compliant with the government’s minimum security practices.
Cyber Essentials Plus
Cyber Essentials Plus is the audited version of security set out by the UK government. It includes hands-on technical verification through internal and external vulnerability scanning. Independent qualified assessors will examine your systems directly, which provides greater assurance. Additionally, it means you meet higher security standards that we find are required by many government contracts. Contact Cambridge IT Security today for more information.
FAQ: Common Cyber Security Questions
- Q: How often should passwords be changed?
- A: Modern security experts recommend focusing on password strength over frequent changes. Use unique passwords for each account and implement multi-factor authentication wherever possible.
- Q: What makes a strong password?
- A: Strong passwords contain at least 12 characters and three random words. Consider using passphrases or password managers for better security. Read the NCSC’s top tips for staying secure online.
- Q: How quickly can ransomware spread through a network?
- A: Advanced ransomware attacks can encrypt entire network systems within minutes. This speed emphasises the importance of having robust backup systems and incident response plans.
- Q: Is cyber insurance enough protection?
- A: While cyber insurance provides financial protection, prevention through proper security measures like Cyber Essentials certification remains far more cost-effective than dealing with breach aftermath.
Have questions about this article? We’re here to help! Contact us at ask@cambridgesupport.com or call us on 01223 921000.