UK issues safeguards against supply chain ransomware attacks
Image by arda_savasciogullari / copyright Shutterstock
UK businesses will be better protected from ransomware threats under new global guidance launched by the UK government and international partners.
The new guidance helps organisations spot weaknesses in their supply chain before criminals do – setting out clear practical steps to check the security of key suppliers and safeguard against vulnerabilities.
Developed by the UK and Singapore at a global summit of the Counter Ransomware Initiative (CRI), it is designed to make businesses more resilient and prevent hackers from exploiting the links that connect suppliers and customers.
Sixty-seven members of the CRI have endorsed the guidance, demonstrating its international significance.
Ransomware is software used maliciously by cyber criminals to access vital computer systems. Systems and data can be encrypted, or data stolen, until a ransom is paid.
Recent high-profile attacks on global organisations have brought vital supply chains to a halt for months and have shown that hackers are increasingly targeting supply chains to cause maximum disruption.
In June 2024, a cyber criminal group executed a ransomware attack on Synnovis, a pathology supplier to several major NHS trusts in the UK, leading to thousands of appointments and surgeries impacted in the first month after the incident.
The new guidance comes after the government called on UK businesses to step up cybersecurity amid a rise in major attacks. New data from the National Cyber Security Centre (NCSC)’s annual review revealed a record 204 nationally significant cyber incidents were handled last year.
Security Minister Dan Jarvis said: "Ransomware and cyber-attacks pose an immediate and urgent threat to our nation’s security and economy.
"We are taking decisive action to counter this threat but global coordination is essential.
"Cybersecurity must be a top priority for all businesses. It’s vital that the counter ransomware guidance is followed and strong measures are taken to defend against these destructive attacks."
Co-op CEO Shirine Khoury-Haq said: "As the victim of a sophisticated cyber-attack, we know first-hand the damage and disruption they cause to businesses and communities and we welcome the government’s focus on cybercrime.
"Meticulously planning, investing in the right tools and running countless exercises are vital but even so, nothing truly prepares you for the moment a real cyber event unfolds. The intensity, urgency and unpredictability of a live attack is unlike anything you can rehearse.
"What matters most is learning, building resilience and supporting each other to prevent future harm. This is a positive step in the right direction for building a safer digital future."
Jonathon Ellison, Director for National Resilience, National Cyber Security Centre (NCSC), said: "A ransomware attack on one organisation can severely disrupt entire supply chains, affecting businesses and services across the UK and beyond.
"We know that many of these incidents are preventable by implementing basic cybersecurity measures, such as the UK’s Cyber Essentials certification.
"We strongly urge organisations to follow the NCSC’s supply chain security guidance to help protect themselves, their partners and the UK’s national cyber resilience."
Cyber-attacks on global businesses can heavily affect the UK economy, as they can disrupt goods reaching the country and stunt exports. This can cost UK businesses millions, which is why the government is stepping up its international efforts and encouraging a united front.
As part of this global effort, the UK is also expected to sign the UN Convention against Cybercrime this weekend in Vietnam.
This new convention will align the criminalising of several cyber-enabled offences globally including child sexual exploitation, fraud and, for the first time at an international level, the non-consensual sharing of intimate images.
All nations will also be encouraged to strengthen their ability to deal with cybercrime threats, including ransomware attacks.
It will also help strengthen international law enforcement cooperation as more countries will be added to the 24/7 network – which guarantees a constant point of contact in every state, to assist on cross-border cyber criminal investigations.
This comes alongside tough new proposals to crack down on ransomware attacks set out by the government earlier this year.
Under the new plans, public sector bodies, including the NHS, local councils and schools and operators of critical national infrastructure, would be banned from paying ransom demands to criminals. This will undercut the business model that fuels cyber criminals’ activities and will make the vital services the public rely on a less attractive target for ransomware groups.
These measures lead the way in tackling ransomware and are designed to strike against cyber criminals’ business model, bolstering our national security and protecting key services and businesses from disruption.
Jaguar Land Rover gets Government support
The UK Government has instructed UK Export Finance (UKEF) to back Jaguar Land Rover with a guarantee for a commercial loan to help manage the impact of a recent cyber-attack, although it fell outside of UKEF’s customary risk parameters.
