Behind the Breach: How Ransomware Gets In

2

In the second of our of State of Ransomware series with Sophos, Brian Sibley, VCTO at Espria and Jon Hope, Cyber Security Evangelist at Sophos talk about what goes on behind the breach and how ransomware gets in.

In this episode the team explore the major technical and operational root causes that lead to ransomware incidents in the UK, why exploited vulnerabilities are the leading technical cause and what preventative strategies you can put in place. Don’t let your business become a statistic in the next State of Ransomware report.

This podcast episode delves into ransomware, exploring how it infiltrates organisations, its root causes, and the defence strategies for prevention. The discussion highlights the complexity of ransomware attacks, emphasising both technological vulnerabilities and human factors.

Ransomware attacks stem from multiple factors, with the most common cause being exploited vulnerabilities in software, accounting for approximately 32% of successful attacks. These vulnerabilities arise from known software flaws that cybercriminals exploit, often due to inadequate or delayed patching by organisations, influenced by limitations in resources and skills.

Human factors also play a significant role. Compromised credentials, often a result of social engineering tactics like fake help desk calls or fraudulent websites, represent another major vector. These attacks are difficult to detect because stolen credentials enable cybercriminals to log in legitimately, making the intrusion hard to distinguish from genuine user activity.

Phishing and malicious emails further contribute to ransomware entry points. These require user interaction and are becoming increasingly sophisticated due to the use of artificial intelligence (AI) by attackers. AI enables cybercriminals to craft convincing emails that mimic trusted brands, using appropriate language and branding to deceive recipients.

Despite awareness, organisations often struggle with vulnerability management due to operational challenges such as a lack of skilled personnel, insufficient time, and security gaps. Ransomware attacks can also expose previously unrecognised weaknesses within an organisation’s security posture.

Detection technologies face difficulties, particularly with attacks involving stolen credentials and sophisticated phishing. Logs generated by network devices contain valuable information about attack chains, including unauthorised access, lateral movement, data exfiltration, and file encryption. However, interpreting these logs requires skilled threat hunters and continuous monitoring, which many organisations lack due to resource constraints.

Platforms like Extended Detection and Response (XDR) and Security Information and Event Management (SIEM) systems help consolidate logs for analysis, but human expertise remains crucial to identify and respond to threats effectively. Managed Detection and Response (MDR) services offer a practical solution by providing round-the-clock monitoring and expert analysis without requiring organisations to hire full-time specialists.

The discussion underscores the value of human-led threat hunting combined with integrated security tools that provide a holistic view of an organisation’s security posture. Effective protection relies not only on endpoint security but also on data from various sources, including email systems and backup solutions.

Recovery planning, visibility into the IT estate, and early warning systems are critical components of a resilient cybersecurity strategy. Organisations should strive to detect and stop attacks before damage occurs, as recovery, while improving, is a last resort.

This podcast episode offers a comprehensive overview of ransomware infiltration methods, highlighting the interplay of technological vulnerabilities and human factors. It stresses the need for timely patching, user education, advanced detection technologies and human expertise in threat hunting.

Speak to team Icon

Stay Ahead with Expert Insights from Espria

Be the first to hear about our latest podcasts and webinars, where we explore the evolving world of cybersecurity, digital transformation, and IT strategy. Join industry experts, thought leaders, and solution specialists as they share real-world challenges and practical advice to help your organisation thrive.

You may be interested in

Digital shield surrounded by security icons, representing Zero Trust protection for employees and devices.

Zero Trust Networking

Protecting Employees Without Friction Your workforce is your greatest asset, and your greatest vulnerability. Attackers know this, which is why phishing and credential theft remain the most common entry points. But here’s the leadership challenge: how do you protect employees without slowing them down? Zero Trust answers that question by making security invisible yet uncompromising. Employees work from anywhere, home, client sites, airports, without clunky VPNs or endless password resets. Behind the scenes, every login is verified, every device assessed, every anomaly flagged. If something looks wrong, a compromised credential, an unusual location, the system reacts…

Read the article

Split-screen image showing shadow AI chaos with warning icons on one side and secure AI governance with padlock and compliance symbols on the other.

Shadow AI: Executive Briefing on Real Risks, Business Impact and Mitigation 

Shadow AI is here, and it’s growing Shadow AI is the use of artificial intelligence tools and platforms outside the oversight of IT, security, or compliance teams. This is not a hypothetical concern. KPMG’s 2025 global survey found that up to 58% of employees are using AI productivity tools daily, and nearly half admit to uploading sensitive company information to unauthorised platforms. Only 41% of employees say their organisation has a policy guiding the use of generative AI, revealing a significant governance gap.  The Risks Are Real and Substantial  The evidence from leading analysts and recent incidents is clear:…

Read the article

Boardroom table overlaid with cybersecurity icons, representing the shift from compliance to strategic cyber resilience.

Cyber Resilience in 2025: From Tick-Box to Boardroom Imperative

What the NCSC’s 2025 Review Means for UK Businesses  The National Cyber Security Centre’s (NCSC) 2025 Annual Review is a wake-up call for business leaders across the UK. The days when cyber security was simply an IT concern or a routine compliance task are over. With a record number of nationally significant cyber incidents handled in the past year (more than double the previous year’s figure), it is clear that cyber risks have become a central issue for organisational survival and national prosperity.  The Evolving Threat: Why Businesses Can’t Afford Complacency  No sector has been spared in the latest…

Read the article

A futuristic digital landscape featuring interconnected supply chain nodes glowing in blue, with one node highlighted in red to symbolise vulnerability. Overlaid with abstract AI neural network patterns and cybersecurity icons (locks, shields, warning triangles). Dark background with neon accents to convey urgency and sophistication.

AI and supply chain threats to shape cybersecurity risks for UK businesses in 2026, warns Espria

Five major cybersecurity trends will dominate 2026, signalling the need for real-time, intelligence-driven protection.  Smarter, faster and more interconnected cyber threats will reshape the UK risk landscape in 2026, with traditional security models no longer able to keep pace, according to new analysis from Espria.   Brian Sibley, Virtual CTO at Espria warns that organisations are entering a cybersecurity environment defined by AI-driven attacks, opaque supply chains, expanding digital ecosystems and rising insurance scrutiny. Yet many businesses still rely on fragmented tools, manual processes or outdated perimeter defences that cannot withstand the speed and sophistication of emerging threats.  “Threat actors are innovating faster than ever. AI has changed the economics of attack; the…

Read the article

A glowing digital shield representing proactive, AI-driven cybersecurity and resilience for modern businesses.

Building a security-first framework against evolving cyberthreats

Written by Brian Sibley, Virtual CTO at Espria As the UK’s network and cloud security market evolves at an unprecedented pace, businesses face a barrage of sophisticated cyber threats and tightening regulations. Connectivity across business infrastructure has created an enormous attack surface for organisations of all sizes, meaning that cyber risk is undoubtedly a business risk at every level. The era of selling security products as an add-on is over; managed service providers must now redefine their role from purely IT consultants and suppliers of managed services to indispensable security partners, delivering true, measurable cyber…

Read the article

A fragmented IT network diagram with disconnected nodes and warning icons, symbolising the operational and security risks of siloed IT systems.

When IT operates in silos, businesses pay the price

The recent European airports cyberattack illustrates the systemic danger of siloed IT systems for organisations of all sizes.  Businesses are investing more in digital technology than ever before, yet many are managing their IT services as disconnected pieces rather than as a single integrated entity. Connectivity, cloud, communications, print and security are often handled by separate providers, creating hidden inefficiencies and increasing exposure to risk.   The recent cyberattack that disabled check-in systems at major European airports, including Heathrow, Brussels and Berlin, offers a stark illustration of the consequences when critical IT systems operate in silos.   “The airport incident is a wake-up call for every business,” said Brian…

Read the article