Ransomware has been added to the Oxford English Dictionary -
Ransomware has been added to the Oxford English Dictionary -
The word ransomware has entered the Oxford English Dictionary for the first time, officially making it part of the British lexicon. The OED may not be a final authority, but it is an important cultural barometer, and the move is testament to the way ransomware has forced itself on the public consciousness over the last year. No longer the jargon of information security professionals, ransomware has officially hit the mainstream.

The rise of ransomware 

It's easy to understand why the term has finally made the cut. After all, we have seen a spate of high-profile ransomware attacks make global headlines over the last year. WannaCry hit more than a third of NHS trusts amongst its global victims; NotPetya disrupted several multinationals and governments as well as the British advertising group WPP. The better question might be: why did ransomware did not make it into the dictionary before?

Ransomware has been a growing trend in recent years. We've seen a shift away from attacks which simply copy data, towards those that deliberately change data or hold it to ransom. The rise in ransomware variants, ransomware-as-a-service, and cryptocurrencies has drawn more and more criminals to this type of attack, in the hope of getting rich quick. When the cheapest working crypto-ransomware variant builders are offered at as little as US$ 10 (£7), it's easy to see how ransomware has overtaken banking Trojans as one of the most common malware types delivered via phishing techniques. 

The threat to business

For businesses, this poses a very real threat. Accenture research has found the cost of cyber-crime in the UK has risen by more than 19 percent over the last year to reach £6.4 million. Meanwhile, government figures suggest that just under half of UK businesses were affected by a cyber-attack in 2016, and that ransomware was one of the most common types of breach, affecting one in five (17 percent) cases. 

Ransomware is already a costly business for companies, but it become worse when the EU's General Data Protection Regulation comes into effect in May. Threat actors could extort companies using leaked information, rather than dumping the leaked data publicly. Smart-Contracts tied to crypto-currency blockchains could assure the breached organisation that the stolen data will be permanently deleted once payment is received. Organisations may therefore be motivated to pay extortions that are less costly than GDPR regulatory fines of up to four percent of turnover or €20 million (whichever is more).”

Preventative measures

As the move by the OED clearly shows, awareness of ransomware and other cyber-threats is on the rise. But awareness alone is not enough. It is imperative that organisations put robust procedures in place to protect their data and fulfil their responsibility to customers and staff. This includes investing in solutions like stronger spam filters, cloud-based e-mail analytics, virus scanners and firewalls.

However, companies also need to invest in education and training for their own staff. Ultimately, an organisation's security is only as strong as its weakest link, which in many cases could be its own workforce. Employees must have the tools they need to recognise threats, including ransomware, through prevention training and awareness programmes. 

Accenture research has found that over half of UK workers (55 percent) cannot recall ever receiving training on cyber-threats from their employer, leaving many unsure how to prevent, identify or respond to an attack. Yet seventy percent of those who had received training said it improved their ability to recognise and respond to cyber- threats, and one in four (23 percent) thought training was the most effective protection against phishing and malware.

Looking to the future

The destructiveness of increasing ransomware attacks; the aggressive use of information operations by nation-states; growth in the numbers and diversity of cyber-threat actors; and greater availability of exploits, tools, encryption, and anonymous payment systems will pave the way for more cyber-security challenges in the coming year. Organisations will have to meet these with strong defence strategies. The addition of ransomware to the OED is important because it shows rising awareness of the issues from business and individuals alike. But awareness must now be matched by action to stem the tide.

Contributed by Rick Hemsley, managing director, Accenture Security 

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.