Ransomware is the hot topic at the moment, and it’s no surprise. The high-profile hits on M&S, Co-op, Harrods, HSBC, Adidas, and Dior; well, we can see this isn’t a wave of attacks. This is a rising tide of attacks showing no signs of slowing down. 

Did you know that not all ransomware involves technology? It involves deception and blagging. Blagging is how the criminals got access to M&S and launched the cyber-attack that resulted in £300 million in lost profits. The domino effect of this cyber attack on suppliers and smaller businesses was equally tragic. It resulted in smaller businesses losing thousands of pounds.   

Suzanne Grimmer, Senior Manager at the NCA, shared how ransomware incidents have become more regular:

Here at CYFOR Secure, our internal threat intelligence has noted ransomware groups like Akira and Fog are especially ramping up their attacks. Akira recently attacked KNP, a 158-year-old company, compromising everything to such an extent that the incident response had no recourse. It was pay the ransom or go under. The company has since gone bust.

To compound this, we’re also seeing an increase in opportunistic attacks from groups such as RansomHub, whose commission-based affiliate model often attracts less experienced and more dangerous cyber criminals.    

The pace and adaptability of these groups make one thing clear: a proactive, layered cyber security strategy is essential. Proactive means you know all the potential ways your network could be infiltrated, and you are constantly ‘proactively’ securing those weak spots.   

As Richard Horne, the CEO of the National Cyber Security Centre, stated, organisations need to “think about cyber security in all the decisions they make”. 

What Recent UK Attacks Are Telling Us 

One common misconception is the ‘we’re small fry’ idea, where companies and individuals think they’re not big enough to be a target. Being a large company or a small company makes no difference to a cyber criminal. Jamie MacCall of the Royal Institute explains that ransomware criminals work in the same way as a gang of criminals going down the street: 

That’s why the National Cyber Security Centre, the National Cyber Agency and our team at CYFOR Secure are reinforcing cyber resiliency. Smaller businesses are prime targets due to their smaller nature and lack of security. Even if the company can’t pay, the data collected by the criminals during the attack is a profit in itself, compared to the cheap ransomware software they purchased on the dark web to enable the attack.   

But how do businesses secure their systems beyond setting up passwords, multi-factor authentication, and administrator controls?  

Businesses secure their systems by investing in audits and vulnerability assessments that test their systems for weaknesses. Managed Cyber Security Solution services that detect threats in real time and mitigate them before anything happens. The realisation you’ve been the victim of a ransom attack can sometimes dawn on people slowly, as it did with KNP. At KNP, the initial red flag was that employees couldn’t access some of their systems, something we have all struggled with at one point or another. With a Managed Cyber Security service, any infiltration of the network would be immediately contained and addressed, thereby protecting the entire network.   

Cyber Security: From Cost Centre to Growth Driver 

Investing in proactive measures may sound expensive, but businesses increasingly view digital resilience as a growth enabler.   

According to recent data from ESET and City AM, over half of UK companies (53%) reported a direct increase in revenue thanks to cyber investment, often due to improved customer confidence, operational efficiency, and the ability to pursue new markets. Encouragingly, 77% of businesses plan to increase their cyber security budgets in the coming year, recognising it as a necessary investment. 

Further, only 12% of companies fully outsource their cyber operations, despite the growing complexity and risk exposure. For many smaller businesses, in-house capabilities are not enough to keep up. 

Outsourcing your operations is the next best step after hiring a CISO and implementing a new cyber security strategy for your company, offering a more cost-effective alternative. Companies could instead implement a vCISO service, which acts as a CISO. This service outlines a cyber strategy to move forward, providing tailored and recommended resilience strategies. 

For the best options to suit your company, speak to one of our experts. They will be able to recommend a strategy that works for your company’s size and infrastructure. The more secure you are, the more enabled you are to grow your business.  

How CYFOR Secure Helps 

A little bit about us: here at CYFOR Secure, we work closely with businesses, insurers, and legal firms to provide both proactive and reactive cyber solutions. From immediate incident response to long-term risk mitigation, our approach is tailored, transparent, and built around your real-world operational needs. 

If you have been attacked, our team are in the best position to help mitigate that attack, with our Incident Response and Ransomware Negotiation services.  We collaborate with insurers to strengthen cyber underwriting and claims response, assisting policyholders in minimising risk and recovering. 

👉 Learn more about our Proactive Cyber Security services and Reactive services.