A ransomware gang recently hit KNP, a logistics firm with a 158-year legacy. This truly frightening attack resulted in not just the loss of those 700 jobs, but from that fact we can start to see the growing threat of cybercrime. The hackers gained access to KNP’s systems through a single weak password, leading to the company’s devastating collapse and raising alarms among cybersecurity experts.
Richard Horne, CEO of the National Cyber Security Centre (NCSC), emphasized the urgency for companies to enhance their cybersecurity measures. He concluded that organizations need to start factoring cyber-security into every level of decision making. Horne underscored the pressing need for companies to make real commitments. They can no longer afford to not be the first line of defense for their systems and their businesses in an ever more perilous cyber world.
The attack on KNP, which was operating 500 lorries under the brand name Knights of Old in 2023, serves as a stark reminder of the vulnerabilities that many businesses face. The NCSC states that it responds to every committed cyberattack every single day, which showcases the rapid increase in crime. Horne noted, “We’ve seen a wave of criminal cyber-attacks over the last few years,” indicating a troubling trend that demands immediate attention.
Paul Babbage, the Director General of Threats at the National Crime Agency (NCA), echoes Horne. In fact, he’s adamantly opposed to victims paying ransoms, arguing that paying ransoms keeps the criminals in business. “Each victim should have their own right to choose,” Babbage added. At the same time, paying ransoms only encourages this crime.
Recent data reveals that approximately one-third of affected companies choose to pay ransoms rather than report the incidents to authorities. This trend not only increasingly hampers law enforcement’s ability to effectively fight cybercrime but ultimately encourages criminals. Cyber-specialist Paul Cashmore pointed to the point that ransom demands in the UK average £4 million. Few companies are willing to cough up that much money but too frequently believe they have no choice.
The National Audit Office has recently described the threat to the UK as severe and fast-moving. Butterfield’s critics are no less alarmed at the reality. Just last year, UK businesses were counting an average of 19,000 ransomware attacks. As government and private expert Suzanne Grimmer from the NCA pointed out, hacking incidents have almost doubled, now accounting for around 35-40 hacks per week. She cautioned, “At this rate, it will be the UK’s worst year on record for ransomware attacks.” Of course she is worried about the expected uptick in such threats.
James Babbage recognized ransomware as the biggest cyber-crime threat organizations are facing today. He pointed out a concerning trend: a younger generation of hackers is emerging, many of whom are entering cybercrime through avenues such as gaming. “They’re recognising that their sort of skills can be used to con help desks and the like into getting them access into companies,” he explained.
The facts behind KNP’s failure forebode a bleak future for companies struggling with the cybersecurity burden. Even with raising awareness and resources, too many nonprofits still low-ball their risk. The NCSC’s daily experience of waking up to new major attacks—as recently documented by the NCSC—demonstrates how widespread these threats now are.
Richard Horne made the important observation that the challenge comes from multiple attackers. Third-party bad actors take advantage of the cracks in the security infrastructure. “Part of the problem is there’s a lot of attackers,” he said, emphasizing the need for comprehensive strategies that bolster defenses across various sectors.
As firms step into this new reality, Horne emphasizes they need to make cyber-security part of their fundamental business. Companies should be considering cyber-security in every decision they make,” he pressed, calling for an industry shift towards more preventive action instead of waiting to mitigate damage after a successful attack.