Phish and Chips

The BBC recently announced the results of a Proof Point survey that should really alarm my IT friends in the UK. Apparently, 82% of British firms that have been victims of ransomware attacks, paid the hackers in to get back their data.

Study: UK firms most likely to pay ransomware hackers

The global average was 58%, making the UK the most likely country to pay cyber-criminals. So naturally, the most likely target for hackers. Being 24% more likely to pay ransoms paints a pretty big bullseye on your nation.

It might be time to build a bigger wall

Folks in the UK are no stranger to walls. Hadrian built one right across the entire country. Castles dot the countryside as evidence of the need to protect themselves from invaders. This time it is different, if you manage IT in the UK you’re going to require a very secure firewall to stop this invasion. 

Proofpoint’s research also found that more than three-quarters of UK businesses were affected by ransomware in 2021.

Marauding Vikings or Scottish rebels are nothing compared to the legions of crypto-fuelled hackers rowing their virtual long-boats toward the shores of the UK. 

Teach a man to Phish

The most common way ransomware hackers compromised UK systems was through phishing emails. The hook in phishing is an email, usually from your employer, that looks legitimate asking you to provide some information for the new pension plan or something. You login and give the hackers your credentials which they then use to access the corporate infrastructure and screw your boss.

So why is the UK such a prime target?  Maybe it’s because the UK population is more digitally literate than most. I lived in the UK for three years in the early 2010s and they were far more advanced online than the typical Canadian. More people shop online in the UK than anywhere else and they have been for years. Mobile service is fast and cheap and everyone pays with a tap of their digital wallet.

You would think that a digitally savvy population would make your businesses less vulnerable to a credentials based phishing attack. Surely your UK employees would be wise to such amateur shenanigans?

Trust me  

It’s not a problem of technology it’s a problem of trust. The more technically savvy a population becomes the more they trust the technology. This means trusting the people behind that technology. We trust technology so much we let other people create and hold our personal identity credentials and all our personal data even though we know it could be used to exploit us and damage our employers.

Hackers target and exploit our trust in technology. Perhaps it’s time to consider a future without credentials. A future where trust is guaranteed because only you own your data, and only you control your identity.