It may feel like a new cyberattack becomes headline news on a weekly basis. But the frightening reality is that reported cyberattacks are merely the tip of the iceberg.

At the recent CollabDays in Helsinki, world-renowned cyber security expert, Sami Laiho opened our eyes to the scale of the cybersecurity issues we face today. Here, we’ll share his fascinating insights. But we’ll also show you what to do about them.

Did you know…? Cyberattacks in numbers

When it comes to cyberattacks, the numbers are sobering.

2 hours: On average, it takes a mere two hours from the moment an attacker breaches your network to the point they have full control of your systems. Remember, that’s an average. In some cases, it will be minutes whilst others could take four hours.

180 days: Attackers can linger undetected inside your business environment for up to 180 days before triggering the final blow. That’s six months of reconnaissance, quietly gathering data and positioning themselves for maximum damage. You’d think that the day you receive the ransom demand would be the starting point. But your attacker may have been lurking within your system for months before that.

5%: Only a small percentage of companies go public when they’ve been hit. Legislation like GDPR states that breaches must be announced after 72 hours. But the vast majority of organisations don’t share that news.

The reality? Attacks are more common than the headlines suggest. We’re totally underestimating the gigantic business of ransomware. And that is our biggest threat currently.

Ransomware gangs and how they operate

Today’s cybercrime is run like organised crime. Ransomware gangs operate more like mafia-style businesses. You may think of a lone teenager in a hoodie hacking into systems. But they’re only a small player in a much larger organisation.

Ransomware gangs can easily be compared to mafia gangs. They tend not to do the dirty work themselves. They create and sell the tools, but they don’t necessarily carry out the attacks.

Affiliates are employed to do that bit. They purchase stolen credentials or vulnerabilities cheaply, then execute the attacks on behalf of the gangs. They use “access harvest operators” to find the user credentials for them. These are often young kids who are adept at creating scripts.

Rather like a franchise model, the affiliates take 60–80% of ransom payments. The rest goes back to the central organisation. These criminal operations are structured, resourced and constantly evolving.

You may think of cybercrime as amateur. It’s certainly not. It’s professional, scalable and relentless.

The potential entry points in your house

Attackers don’t just enter your environment through phishing emails these days. Increasingly, they exploit the devices sitting quietly on your network. Look around you and check how many things are connected to your network.

There are obvious items like internet routers and firewalls. Then there’s technology such as doorbell cameras and CCTV. Even smart appliances like air fryers and washing machines can provide cybercriminals with access to your network.

If these devices are left unpatched or secured with default passwords, they’re open doors to your environment. If you plug in a new router without changing the password, within four minutes anyone can access your network. Most major ransomware events begin with compromised Linux-based IoT devices before spreading into Windows environments where they can do major damage.

Think of every connected device as a possible window into your house. If you wouldn’t leave the front door open, don’t leave your camera or router unprotected.

Jaguar Land Rover: a case study in supply chain disruption

The recent Jaguar Land Rover cyberattack is a stark reminder that when one organisation falls, the ripples spread much further.

On 31st August 2025, Jaguar Land Rover detected a cyber intrusion and responded by proactively shutting down many of its IT systems worldwide to contain the damage. This halted production at multiple factories. And manufacturing won’t resume until October at the earliest.

The disruption has had substantial knock-on effects on Jaguar Land Rover’s supply chain. Many parts suppliers – from major manufacturers to small businesses – suddenly faced unpaid invoices and idle production lines. Some have already laid off workers.

It’s reported that Jaguar Land Rover’s losses will run into hundreds of millions of pounds. But this has gone beyond just a company problem. It’s impacted thousands of jobs and disrupted global supply chains. The UK government has had to step in with a £1.5 billion loan guarantee.

There are important lessons to learn for any business. An attack on one organisation can have a knock-on effect across its entire ecosystem. Losses that a major corporation may overcome, can be the end of smaller businesses that rely on them.

One further lesson is that people assume it can’t happen to them twice. It can, and it does. Keep investing in security systems and best practices.

What can IT teams do?

Attackers are fast, resourceful and professional. Their methods are increasingly sophisticated. But there are practical steps every IT team can take to reduce their risk.

1. Patch quickly: Attackers exploit vulnerabilities within days (sometimes hours) of disclosure. Don’t let a known weakness stay open.

2. Protect remote access: If you use RDP or VPNs, you must make multi-factor authentication (MFA) mandatory.

3. Harden logs: Store at least a year’s worth of logs, in a format attackers can’t erase.

4. Secure IoT devices: Change default passwords, segment them from critical networks and keep firmware updated.

5. Plan for resilience: Conduct regular backups. Test incident response plans. Hold risk management conversations at board level – that’s no longer optional.

Cyber security FAQs: Lessons from recent attacks

Q: How quickly can cyber attackers take control of a system?

On average, attackers need just two hours from breaching your network to gaining full control. In some cases, it can happen in minutes.

Q: How long can hackers stay undetected in a company’s systems?

Attackers can remain hidden for up to 180 days, silently gathering data before launching their attack.

Q: Do companies always report cyberattacks?

No. Despite GDPR requiring breaches to be reported within 72 hours, only around 5% of organisations go public.

Q: How do ransomware gangs actually work?

Modern ransomware is run like organised crime. Gangs create the tools, then affiliates carry out the attacks. Affiliates keep 60–80% of the ransom, while the gangs take the rest.

Q: What devices are most at risk from hackers?

Any internet-connected device can be an entry point. This includes routers, CCTV, doorbell cameras and even smart appliances like washing machines or air fryers if left unpatched or with default passwords.

Q: What can businesses learn from the Jaguar Land Rover cyberattack?

A single breach can disrupt global supply chains, halt production and cost hundreds of millions. The ripple effects can damage smaller suppliers and even lead to job losses.

Q: Can cyberattacks happen more than once to the same company?

Yes. Organisations often assume lightning won’t strike twice – but repeated attacks are common if systems aren’t continually strengthened.

Q: What practical steps can IT teams take to reduce cyber risk?

• Patch vulnerabilities quickly.

• Use multi-factor authentication (MFA) for remote access.

• Keep at least one year’s worth of secure logs.

• Change default passwords on IoT devices and keep firmware updated.

• Regularly back up data and test your incident response plan.

Q: Where can I get help with cyber security for my business?

Mirus IT provides managed cyber security services, including compliance, identity and access management, threat detection and endpoint protection.

Our IT security experts are here to help you

Cyberattacks happen daily. And their effects ripple across business ecosystems with sometimes devastating results. With cybercrime growing and evolving, it’s vital to be prepared for when – not if – that attack comes.

But remember, you’re not alone. By partnering with us at Mirus IT, you’ll have support to implement the best security systems and practices for your business. Our IT security services span cybersecurity and compliance, identity and access, managed IT detection and response and managed endpoint detection and response.

Keep your eyes peeled for details of our upcoming webinar in mid-November: The Frightening Reality of Today’s Threat Landscape. Join us for a free session hosted by Mostyn Thomas, cyber security expert at Pax8, where we’ll explore the current threat environment, share real-world insights, and provide actionable steps to help safeguard your business.

Need some advice on your best steps to take? Chat to us to work out the best security solutions for your business.