ECJ EUROPEAN Cleaning Journal

Ransomware gangs target only big bucks corporations, right? Well, if you believe that then you are not only kidding yourself but may also be leaving your business dangerously exposed, writes Hartley Milner.

FROM A SINGLE horse and cart in 1865, Knights of Old grew into a thriving logistics company operating 500 trucks from its base in Kettering, a market town in the heart of England. Highly reputed for its ‘can do’ attitude, the firm faced down whatever challenges came its way.

But nothing it encountered down the decades compared to the devastating cyber attack that in 2023 was to bring about the historic company’s collapse, with the loss of 730 jobs. Hackers managed to get into Knights’ computer network by guessing an employee’s weak password. They then encrypted key data and locked all internal systems, making it impossible to access critical information for the day-to-day running of the business.

The attack was attributed to a Russian cybercrime gang known as Akira, which left a sneering ransom note, saying: “If you’re reading this it means the internal infrastructure of your company is fully or partially dead . . . Moreover, we have taken a great amount of your corporate data prior to encryption . . . Let’s keep all the tears and resentment to ourselves and try to build a constructive dialogue.”

Businesses compromised

The hackers demanded £5 million (€5.77 million) to not publish the stolen corporate and customer data on the web. Knights of Old’s parent company, KNP Logistics, said it could not find that kind of money. Efforts were made to run operations manually, but the damage to critical data and back-up systems made it impossible to meet financial reporting deadlines set by lenders and delivery obligations to customers. Three months later, KNP went into administration.

“We felt we were in a very good place in terms of our security, our protocols and the measures we’d gone to in order to protect the business,” said former Knights director Paul Abbot. “But whatever you think you’ve done, get it checked by experts. People don’t think it’s going to happen to them, but there are hundreds of businesses out there being compromised. The issue is not just cost, it’s the reputational damage as well.”

Ransomware attacks have risen by more than 70 per cent in the UK in recent years, making it the world’s second most targeted country after the United States. Figures from the British government also show that in the past 12 months alone just over 43 per cent of businesses reported cyber security breaches or attacks (612,000 in total).

Among them were retail giants M&S, the Co-op and Harrods, which were forced to halt online activities for several weeks while they dealt with the fallout. M&S estimated the disruption would cost it £300 million (€345 million) in lost profits. Of the three retailers, only the Co-op categorically stated that it had not submitted to a ransom demand.

And the majority of businesses do pay up, it seems. Cyber security firm Sophos found that 54 per cent of UK ransomware victims paid to retrieve their data during the past 12 months. Typically, each handed over 103 per cent of the original demand, way higher than the global average of 85 per cent.

Payments discouraged

The payment of ransoms is discouraged by the National Cyber Security Centre (NCSC) and its law enforcement partners, who stress:

• There is no guarantee you will get access to your data or computer,
• your computer will still be infected,
• you will be paying criminal groups,
• you are more likely to be targeted in the future.

To reduce the fallout from attacks, businesses are urged to make regular offline backups of important files and data ... especially SMEs which are increasingly falling prey to the hacker’s dark arts.

In fact, data thefts from SMEs more than doubled in the UK over the past year, according to the government’s Cyber Security Breaches Survey 2025. Just over 42 per cent of small businesses and 67 per cent of medium-size companies reported having been targeted by a cyber attack or other security breach during the period.

Cyber breaches can be costly in terms of time and disruption, aside from any ransom payment made. Micro and small companies, for example, pay out on average £7,960 (€9,161) to have their damaged IT systems restored or rebuilt following an incursion. That figure rises to £12,560 (€14,456) for medium-size businesses. Overall, the cost of breaches to SMEs amounts to around £3.4 billion (€3.9 billion) every year.

Unsurprisingly perhaps, artificial intelligence (AI) comprised the number one issue for SME owners, with 63 per cent saying they were “concerned” about the meteoric rise and increasing sophistication of the technology. The majority of survey respondents (86 per cent) also reported their company had experienced AI-related security incidents during the past 12 months. But only 45 per cent were confident their business was equipped to carry out comprehensive AI security assessments.

“AI lowers the barrier for novice cyber criminals, hackers-for-hire and hacktivists to carry out effective access and information gathering operations,” the National Cyber Security Centre reported earlier this year. “This introduces a new level of cyber threat, particularly for smaller businesses that may not have the software to mitigate against attacks of this sophistication.”

The next biggest cyber security concern for SME leaders focused on remote or hybrid working. While employees welcome having more flexibility in their daily lives, out-of-office working throws up critical data security issues. Yet, 69 per cent of SMEs admitted to not having a bespoke cyber security policy in place for their remote workers.

Asked what security measures they do have in place, 52 per cent of employers said they use virtual private networks (VPNs), which allow organisations to provide secure connectivity between devices in physically separate locations. Others (48 per cent) said they train staff on secure remote working, and 46 per cent reported they had implemented remote access policies and controls.

Take simple steps

But despite cybercrime being at an all-time high, the survey found that significant numbers of SMEs had no effective barriers against unauthorised network access. This may be because employers are unsure how to keep their businesses safe … or are simply in denial about the extent of their vulnerability to attack, the study concludes.

Now the UK’s independent regulator for data protection is calling on SMEs to “take simple steps” to boost their cyber security and protect the personal information they hold. The  Information Commissioner’s Office (ICO) said it had received reports of more than 3,000 cyber breaches in 2023, with most coming from the finance, retail and education sectors. In one example, malware was installed on a retailer’s payment terminals, allowing a hacker to harvest customers’ card details as they made a transaction. On another occasion, a simple phishing email compromised the personal information of more than 100,000 construction workers.

ICO uses case studies to promote its Learning from the mistakes of others report, which offers practical advice to help organisations understand common security failures and take simple steps to improve their cyber defences, with the aim of “preventing future data breaches before they happen”.

“People need to feel confident that organisations are doing as much as they possibly can to keep their personal information secure,” said ICO deputy commissioner Stephen Bonner. “While cyber attacks are growing more sophisticated, we find that many organisations are not responding accordingly and are still neglecting the very foundations of cyber security. As the data protection regulator, we want to support and empower organisations to get this right.

Essential controls

“While there is no single solution to prevent cyber attacks, there is absolutely no excuse for not having the foundational controls in place. These are essential to protect people’s personal information, and we will take action, including fines, against organisations that are still not taking simple steps to secure their systems. If you do experience a cyber attack, we always encourage transparency as your mistakes could help another organisation to avoid a similar breach.”

A study by British Telecom (BT) reveals that 39 per cent of SMEs – two million businesses – provide no cyber security training for their teams. In response, the coms giant is offering dedicated awareness training to help businesses understand the practical steps they can take to protect themselves.

The training also covers next-generation threats arising from AI and quantum computing. Plus it highlights criminal activity such as account takeovers – where stolen customer credentials are used to breach systems – and QR code scams (‘quishing’ attacks), which have surged by 1,400 per cent in the UK over the past five years.

“For SMEs, a cyber attack isn’t just an inconvenience, it poses an existential threat,” said Tris Morgan, BT managing director for security. “Effective cyber security doesn’t require corporate grade resources. With the right training, basic security measures and better awareness, SMEs can dramatically reduce their risk profile.“The key is recognising that in today’s digital landscape cyber security is not a luxury but a foundation that enables companies to face forwards confidently, rather than forever looking over their shoulder.”