S-RM - Experts & Thought Leaders

Global cyber risk consultancy S-RM has reported a sharp increase in ransomware incidents exploiting SonicWall firewall devices with SSL VPN enabled. The activity, tied to the Akira ransomware strain, is impacting organisations worldwide and has knock-on effects for everyday users. The warning comes amid heightened national debate around the UK Government’s Online Safety Act and the security implications of VPN usage. S-RM says the latest attacks are a timely reminder that while VPNs can be essential security tools, poorly configured or incompletely patched VPN infrastructure can be a gateway for cybercriminals. S-RM’s investigation Key points from S-RM’s investigation include: The Akira ransomware group is exploiting incomplete remediation of the earlier software vulnerabilities to gain initial access, even on devices that have been patched Post-compromise tactics include privilege escalation on SQL servers, creation of local accounts, network reconnaissance, data exfiltration, and ransomware deployment Files encrypted by Akira carry the extensions ‘.arika’ or ‘.akira’ Enterprise infrastructure breaches Ted Cowell, Head of Cyber Security UK at S-RM, comments: “These cases show that patching alone is not a silver bullet. If you don’t reset credentials, enforce MFA across the board, and actively hunt for suspicious activity, you could already be compromised.” “While the attacks are aimed at enterprise infrastructure, the fallout doesn’t stop there. Breaches can cause service outages, lock people out of online banking, delay healthcare appointments, or disrupt remote work. The message is simple: whether you’re a business or an individual, VPN security matters – and the Online Safety Act debate should remind us that how we configure and maintain these tools is just as important as whether we use them.” S-RM urges all organisations using SonicWall SSL VPNs to: Update firmware to the latest version Reset all user and service account passwords Enforce MFA for all accounts Remove unused accounts Conduct immediate threat hunting for signs of compromise

Global cyber security and corporate intelligence consultancy S-RM has announced a new channel distribution partnership with cyber security solutions provider and distributor, Distology. Distology represents best-in-class cyber security vendors and supports an extensive network of resellers across the EMEA region. This partnership will enable Distology’s network to access S-RM’s global, award-winning, cyber incident response services.   Incident response team S-RM has the largest dedicated incident response team in the UK, responding to over 500 incidents a year. They have a unique set of in-house capabilities that enable them to manage an incident end to end, which includes a dedicated restoration team to support the recovery of complex networks, and full threat actor negotiation support. The UK team is supported by full-service incident response teams in the US, Netherlands, and Singapore, enabling a ‘follow the sun’ model – and 24-hour support – for incident response. A dedicated incident response team can be assembled in as little as six minutes. Cyber protection S-RM's capabilities align with Distology’s, providing quality solutions to protect organisations from cyber threats S-RM’s brand is widely respected within the insurance sector, and the firm is an approved panel vendor with most UK insurance companies. This means that partners can distribute their services with confidence, without caveats, and knowing that they can sit alongside existing cyber insurance. S-RM's capabilities align with Distology’s, providing quality solutions to protect organisations from cyber threats. Both firms place client service at the heart of their offering and have built up trusted relationships with key partners. Incident response and cyber consultancy services David Whiteley, Head of Channel Sales at S-RM, said, "I'm excited to launch our partnership with Distology, one of the pioneering names in cyber security distribution." "This collaboration marks an important step for us as we work together to expand the reach of our award-winning incident response and cyber consultancy services into partners in the UK and Europe." Brand presence “Over the past decade, I've watched Distology build an impressive brand presence. Their innovative thinking and attention to detail mirrors what we’ve built at S-RM. This partnership showcases the hard work and shared vision both companies have invested to bring something special to the market." “Distology’s wide-reaching network and industry know-how make them an ideal partner as we aim to increase our support to the channel in taking market-pioneering services to their clients.” Cyber security incident response Lance Williams, Chief Technology Officer at Distology, said, “I am delighted to welcome S-RM into the Distology portfolio. They are a premier brand in cyber security incident response, helping hundreds of organisations in their greatest hour of need." "It is no wonder S-RM is growing rapidly and we know our stakeholders will be excited to work with a firm with a proven pedigree in incident response.”

Pioneering global cyber security and investigations consultancy S-RM has identified five critical steps for financial institutions and their ICT providers to achieve compliance with the Digital Operational Resilience Act (DORA), which will enter force from 17 January 2025. DORA establishes an EU-wide oversight framework designed to ensure the financial sector can withstand severe operational disruptions. Covering over 20,000 entities, including financial institutions, crypto-asset service providers, credit rating agencies, and ICT service providers, the regulation introduces strict requirements for cyber risk management, incident reporting, resilience testing and third-party risk monitoring. Steps to prepare for DORA To help organisations prepare for DORA, S-RM recommends the following steps: Conduct a gap analysis to identify weaknesses against DORA’s requirements and establish a targeted plan to address them Educate management on their responsibilities under DORA and adopt a top-down approach to cyber security Test incident preparedness and recovery with key business and IT stakeholders Ensure readiness to classify and report security incidents to relevant authorities within 24 hours Update contractual relationships with relevant ICT third parties to include obligations around information security and risk management as well as rights for inspection, access to information and secure exit strategies Impact of cyber incidents DORA marks a notable step in aligning cyber security needs applied to critical national infrastructures across the EU DORA marks a significant step in aligning cyber security requirements applied to critical national infrastructures across the EU and strengthening the operational resilience of the financial sector and critical ICT providers that support it. It represents both a challenge and an opportunity for the organisations that will be brought within its scope, including those companies headquartered in the UK with service offerings in the EU. By following these steps, organisations can strongly position themselves to detect cyber threats, limit the impact of cyber incidents and prepare for the requirements that DORA imposes on them. Cyber security practices Katherine Kearns, Head of Proactive Cyber Services at S-RM, comments: “While DORA may seem complex, it essentially aggregates and prioritises many of the cyber security practices that financial entities in Europe have already been working towards." "By focusing on the actionable steps outlined, organisations can not only meet compliance requirements but also strengthen their overall resilience to cyber threats. At S-RM, we remain committed to helping organisations navigate regulatory hurdles like DORA and build robust cyber resilience across their business.”