Bridewell - Experts & Thought Leaders

Bridewell, the trusted cyber security partner for organisations operating within Critical National Infrastructure (CNI), is proud to announce that it has been awarded the prestigious ‘Thriving Together’ award at the Heathrow Business Summit. The award recognises Bridewell’s integral role in supporting Heathrow Airport’s sustainable growth and operations. Heathrow Business Summit The Heathrow Business Summit brought together strategic suppliers, senior representatives, and local SMEs to discuss how they can collectively help the airport continue to grow sustainably. The summit also highlighted the vital contributions of suppliers in promoting economic growth within Heathrow’s local community and ensuring the success of its sustainable supply chain. Thriving Together award The ‘Thriving Together’ award, presented by Helen Elsby and Isabelle Liu recognises the supplier relationship The ‘Thriving Together’ award, presented by Helen Elsby, Heathrow’s Chief Solutions Officer, and Isabelle Liu, Heathrow’s Supply Chain Manager, recognises the supplier relationship that best supports mutual growth and success. "At Heathrow, we always want to work with local SMEs as we are truly committed to supporting our local community. The ‘Thriving Together’ award is a particularly important one for me," said Helen Elsby. She adds, "It’s rare to see businesses scale in the way Bridewell has since they first joined as one of our suppliers – I hope this will help show other businesses that they too can thrive at Heathrow." Safe and secure operations Helen Elsby continues, "As Bridewell has grown over the years, they have continued to help us to thrive at Heathrow. The contributions they make to our safe and secure operations reassure me, and it was a pleasure to recognise them with this award. They truly are an integral part of the extended team here at Heathrow." Anthony Young, CEO at Bridewell, stated, "Our long-standing relationship with Heathrow has always been an important one." Cybersecurity Anthony Young adds, "As a critical part of the UK's infrastructure and a global transport hub, helping keep Heathrow running safely and securely is core to Bridewell’s purpose. Heathrow has been an important factor in Bridewell’s growth over the last six years, and our relationship with them has helped us to become a cybersecurity company across critical infrastructure." CEO's comment Anthony Young continues, "Everyone in Bridewell has a huge amount of pride for the work we have supported at Heathrow across several programmes. Being one of their suppliers truly has helped us ‘thrive together’." He concludes, "We’re grateful to have received the award and look forward to continuing our relationship with the airport."

Over three in ten US-based critical infrastructure organisations (36%) that have fallen victim to a ransomware attack have risked legal repercussions by paying a ransom. The findings are in new research by pioneering cybersecurity services firm Bridewell, surveying 519 staff responsible for cybersecurity at US critical infrastructure organisations in sectors such as civil aviation, telecommunications, energy, transport, media, financial services and water supply. Infringing UK and US laws 66% of organisations surveyed have experienced at least one ransomware attack over the previous 12 months. More than a third (38%) suffered up to five ransomware attacks, but a small percentage of organisations (32%) experienced more than a hundred attacks. 66% of organisations polled have shared at least one ransomware attack over the last 12 months In certain situations, for example, when an organisation has no ability to recover from a successful attack, there may be no choice other than to pay the ransom. However, payment can risk infringing UK and US laws that prohibit dealings with sanctioned individuals or entities. At present, prosecutions are uncommon, however, the UK and US governments have floated the idea of implementing a payment ban. Consequences of a ransomware attack The research findings expose the multiple consequences of a ransomware attack on the US critical infrastructure. Over a third of respondents, for example, cited a psychological impact on employees (36%). Downtime (43%), data loss (43%) and reputational damage (41%) are all repercussions that respondents say their organisations have suffered, along with operational disruption (40%). But, over a third of organisations (36%) are also facing increased insurance premiums, and 35% have also incurred financial losses from legal fees or fines. The average cost of a ransomware attack on US critical infrastructure organisations is now $509,942, the research reveals. Challenge of response delays Threats are on the rise through increasing professionalisation in the ransomware world Impacts are exacerbated by the length of time it takes organisations to respond to ransomware attacks, with the average now being 16 hours. Without a proactive strategy to address this significant challenge of response delays, more organisations risk paying a ransom. Over nine-in-ten (91%) US respondents in the research agree that attacks are more sophisticated, with ransomware-as-a-service (RaaS) deployed with greater knowledge and cunning. Threats are on the rise through increasing professionalisation in the ransomware world and the entry of organised crime groups from other areas of criminality. Challenges faced by critical infrastructure “If you fall victim to a ransomware attack, paying the ransom should always be your last resort. Aside from the risk that cybercriminals may not restore access upon payment, there are also potential legal consequences to consider,” said Anthony Young, CEO at Bridewell. “That being said, there are certain situations where organisations have no choice other than to pay. If the organisation has no ability to recover, then paying the ransom may represent the only viable option to resume operations other than rebuilding their systems from scratch." "However, this difficult choice is avoidable by having a security strategy to reduce the risk of threat actors gaining access and transversing through your systems without discovery and effective removal. Building a relationship with a trusted security partner who understands your environment and the complex challenges faced by critical infrastructure can help you mitigate this risk by having the right expertise, resources, and support if the worst was to happen.”

76% of the UK’s critical national infrastructure (CNI) organisations have identified the use of AI to drive cyber threats as a current security concern.  This dramatic rise in concern about how cybercriminals use AI is revealed in new research by pioneering cyber security services firm Bridewell, surveying 521 staff responsible for cyber security at UK CNI organisations in sectors such as civil aviation, telecommunications, energy, transport, media, financial services and water supply. AI-powered phishing attacks The research found that 78% of respondents are worried about AI-powered phishing attacks The research found that 78% of respondents are worried about AI-powered phishing attacks in which criminals use AI to radically improve the accuracy and wording of their email lures at scale. Criminals can also employ AI to complement basic coding skills, reducing the barrier to entry for exploits and enhancing the sophistication of their malware. These developments are why 78% of respondents also said they have fears about:   Adaptive AI cyber-attacks that constantly evolve their tactics AI-driven exploit development  Automated hacking using AI  All of the AI-driven threats listed in the research are of concern to more than 70% of respondents – including polymorphic malware which mutates with every infection. 73% said they fear this emerging threat. Current deployment of AI The research found the current deployment of AI in cyber defences is in its early stages The research also explored how CNI organisations are using AI to combat the increased use of AI by cybercriminal groups. AI-driven exploits or techniques are not yet as effective as conventional cyber tactics, and businesses are able to use AI-focused tools to protect their systems and infrastructure. With its ability to analyse large datasets rapidly, AI can be a useful tool in detecting malicious activity in a system or network, spotting anomalies and suspicious behaviour.   The research found the current deployment of AI in cyber defences is in its early stages. Fewer than three-in-ten respondents’ organisations are using AI-powered threat intelligence platforms (29%), AI-driven data-loss prevention (28%), AI-enhanced endpoint protection (27%), or AI-based phishing detection and prevention (27%). Almost all organisations (94%) are, however, using some AI tools – a trend certain to gain momentum as cyber threats escalate and become even more sophisticated. Stages of AI-driven cyber attacks “While we are at the early stages of AI-driven cyber attacks, concern among CNI organisations is not unfounded as the technology presents itself as a future threat,” said Martin Riley, Director of Managed Security Services at Bridewell. “Businesses can prepare for the impending AI arms race by incorporating the technology into their cyber defence strategies. AI can be a force for good by helping CNI organisations to enhance threat intelligence capabilities and accelerate detection and response strategies.”