The British Council, the non-departmental public body tasked with connecting people through culture, education and the English language, has admitted to falling victim to two successful ransomware attacks over the past five years, according to official data.
The ransomware attacks, which saw the organisation’s security systems successfully breached led to a total of 12 days of downtime – meaning its systems were offline or unusable. The first incident caused five days of downtime in the first attack and seven days in the second attack. No ransom was paid in either incident.
In addition, there were a further six unsuccessful ransomware attacks on The British Council during the 5-year period in which ransomware was detected and blocked or where malware was not deployed on the endpoint.
The information was obtained by the Parliament Street think tank, using Freedom of Information (FOI) legislation as part of a wide-ranging study into the threats posed by ransomware to public sector organisations and government departments.
The revelations come as the UK government announced its new UK Cyber Strategy which is seeking to strengthen the country’s cyber ecosystem and build a resilient and prosperous digital infrastructure to help combat ransomware attacks. Through this strategy, the government have committed to spend £22bn on research and development with technology being given a central role in national security.
Security specialist Edward Blake, Area Vice President EMEA for Absolute Software commented: “Every organisation is vulnerable to ransomware attacks. A large portion of time and resources are spent trying to prevent them, but it is a matter of when they happen, not if they happen, and it is on organisations and businesses to put in place effective cyber security measures to deal with ransomware attacks when, not if, they occur. “Zero Trust protocols are one of the most effective methods to preventing bad actors, which may already have access to a system, from infecting other aspects of the network, or moving laterally through a system to seize even more data. What’s more, maintaining a healthy network through effective cyber security measures is paramount to protecting organisations against cyber criminals – self-healing capabilities are the perfect solution to ensuring that applications remain healthy without compromising on performance or productivity.”