Most organisations only become familiar with the chaos of a cyberattack when they’re in the thick of it, experiencing the fallout first-hand. However, Netflix’s recent series, Zero Day, which is set following a widespread cyber incident, has brought the realities of a catastrophic cyberattack into the living rooms of millions.
While Zero Day follows a set of fictional events— a massive cyberattack taking out critical national infrastructure (CNI) and multiple services across many operating systems — it offers a glimpse into the potential devastation these incidents can and do cause. But if you’re helping to run a business today, it can be difficult to know where to start to protect yourself against the kind of disastrous scenario the TV show depicts. Luckily, there are several things any business can do to be better prepared. This is especially important in the current threat landscape, where your organisation must treat a cyberattack as a matter of when, not if.
Ransomware’s growing threat
Cybercriminals can operate alone, or in organised ‘gangs’, and have many different motivations. Most frequently, they are in it for financial gain, but some state-sponsored groups can act for political motives.
Of all cybercriminal groups, ransomware gangs pose one of the most significant threats to organisations. The UK’s National Cyber Security Centre has labelled ransomware as “the most acute cyber threat facing UK organisations and businesses” and Akamai research previously showed that the number of ransomware victims sharply rose by 143% between 2022 and 2023. Without taking appropriate steps to prepare, prevent, detect, remediate and recover from a ransomware attack, organisations risk losing everything in an attack. It’s no surprise that at the start of this year, the UK government shared details on the steps it plans to take to reduce the threat that ransomware gangs present.
Drying up income sources by prohibiting payments from CNI and public sector organisations to ransomware gangs is an important step in the right direction. But organisations, both public and private, can’t ignore the immediate impact that such a ban could have.
A public or CNI organisation is likely to be subjected to a damaging ransomware incident to test the resolve of the new ban on payments. As criminal groups concentrate their resources on the biggest potential payouts, ransomware gangs will likely shift their attention to private sector targets where bans on ransoms have not been imposed. In this environment of heightened risk, organisations must be prepared for the worst case, a successful breach scenario.
All organisations must therefore identify and protect their operationally critical data. To do so, they must conduct a thorough audit to locate and classify data based on its impact to business operations. Any data that cannot be lost without rendering the organisation redundant must be safeguarded by taking regular offline backups.
Moreover, security teams should conduct regular penetration tests to check for new vulnerabilities. By testing all possible entry points before hackers have the chance to, organisations can make it significantly more difficult for ransomware to infiltrate their systems. Taking the necessary precautions to keep bad actors out and preparing your response for when the hackers get in is essential. This will mitigate against reputational damage and ensure that even in a nightmare scenario, leaders are not forced to shut up shop and throw away the keys.
Why we need to ditch blame culture
All too often, as cyber incidents unfold, the blame game ensues. One important culture shift that should be implemented industry-wide in 2025 is a wholesale move away from finger-pointing. In this area, the cybersecurity industry can learn from the airline industry. For airline operators, the single most important metric is safety. That’s why they implement a ‘just culture’ and ensure that every employee can report concerns without fear of being blamed for making honest mistakes. It prevents the same mistake or exploit from being abused time and time again.
In the past, we’ve seen organisations suppressing details of a breach in an attempt to save face – but this only plays into the cybercriminal’s hands. One of the best weapons that can be used against cybercriminals is knowledge sharing and understanding ‘how’ the attack happened rather than agonising over ‘why’. Fortunately, with new regulations coming into force – both NIS2 and DORA – organisations are now required to report incidents within 24 hours of detection.
Adopt an assume breach mentality – today
You should assume that in 2025, your business will suffer a cyber breach. With sophisticated cybercriminals, aided by AI tools, cruising past traditional defences, organisations must press reset on their breach mindset.
Businesses can not only afford to think about and prepare for keeping cybercriminals out. They must think more pessimistically and appropriately prepare their response for when they’re subjected to an attack and hackers gain access. This means driving investment into threat detection, response plans, and zero-trust architectures and segmentation to limit how bad actors can roam without your network.
Fortunate businesses may have only experienced the stress, damage, and chaos of a cyberattack through their TV screens, but this luxury isn’t extended to all, and it won’t last. Sooner or later, every organisation will find themselves in the crosshairs of a cyberattack.
Prevention remains essential and categorically it cannot be overlooked. Robust defences are critical, but they are not always enough to deter sophisticated attackers who may find ways to bypass them. By assuming a breach will occur, organisations can better balance their resources towards mitigation and resilience.
Zero Trust architecture is a cybersecurity model based on the principle of ‘never trust, always verify’. It eliminates the concept of a trusted internal network and instead treats every user, device, and application as potentially hostile until proven otherwise. When implemented alongside a detailed response plan, it allows organisations to efficiently quarantine threats, investigate attack vectors, and prevent further damage. Adopting this approach will not only limit the impact of successful breaches but also contribute to building an environment centred on calm and control.
Boosting preparedness helps businesses strengthen their ability to mitigate the impact of cyberattacks, ensuring they can effectively repel threats and manage breaches when they occur. Using Netflix’s Zero Day as a wake-up call, organisations can refine their cyber defences and enhance their response strategies to stay ahead in an increasingly complex threat landscape.
