Cyber attacks against UK businesses increased to unprecedented levels in 2017, according to the UK’s National Cyber Security Centre. “Criminals are launching more online attacks on UK businesses than ever before,” a summary accompanying the report said.
Companies across the country are facing an increase in online criminal threats from a variety of weaknesses, including poor security training and weaknesses in the supply chain.
On top of this, an increase in malware variants is also causing problems for UK businesses. The report highlighted theft from cloud storage as an emerging threat, which the NCSC argues too many businesses put their faith in.
>See also: 1,000+ cyber incidents reported to NCSC in first year of operation
“As more organisations decide to move data to the cloud (including confidential or sensitive information), it will become a tempting target for a range of cyber criminals,” said the report.
“They will take advantage of the fact that many businesses put too much faith in the cloud providers and don’t stipulate how and where their data is stored. This could lead to high profile breaches involving UK citizen information.”
Team effort
The report, Cyber Threat to UK Business Industry 2017-2018, was published today to coincide with the opening of a three-day conference in Manchester, organised by the NCSC, which is expected to attracted 1,800 cybersecurity experts from law enforcement, government and the private sector. (Related: Cyber threats to business in 2021 and beyond – Comparitech sets out the threat trends it is observing in 2021).
Ciaran Martin, head of the NCSC, said: “The last year has seen no deceleration in the tempo and volume of cyber incidents, as attackers devise new ways to harm businesses and citizens around the globe.”
>See also: Cyber security priorities for political parties
“The NCSC’s aim is to make the UK an unattractive target to cyber criminals and certain nation states by increasing their risk and reducing their return on investment.”
All sectors at risk
This report has shown that organisations across both the private and public sector are at great risk of cyber attacks, according to Raj Samani, chief scientist and fellow at McAfee.
“From critical national infrastructure and large businesses, to Dublin Zoo, all organisations need to understand that the data they hold and possible disruption to services makes them a hot target for cyber criminals.”
“The NCSC rightly highlights the importance of collaboration in underpinning the UK’s response to cyber attacks. One way to do this in in adopting threat intelligence sharing. In learning about the attacks that other similar organisations are facing, IT and security professionals can ensure that they are prepared to defend against the popular attacks of the day.”
Security: A culture problem?
Despite the growing threat identified in the NCSC’s report, according to not-yet-released data from Fujitsu’s Tech in a Transforming Britain report, only 1 in 10 UK businesses think cybercrime and hacking are the biggest challenges to their business’ future economic success, with even less (6%) believing the same about its impact on the UK’s economic future today.
>See also: Combating the cyber security skills gap at the largest ethical hacking challenge in the UK
Events over the past year have clearly demonstrated the financial and reputational cost of suffering a major security breach, to any organisation. And as a result, these figures from Fujitsu are alarming.
Data sharing
Over a third (34%) of the UK public happy to share their personal data with companies and the Government (if it benefits themselves/society). Each organisation, therefore, has an obligation to make data protection as much of a priority as the public, who are regularly asked to hand over financial and other personal data.
This is especially important when considering the UK public are more concerned by the impact of cybercrime and hacking to the UK: indeed, a fifth (20%) of the UK public see this as the biggest challenge facing the UK today – above both global economic uncertainty and the skills gap.
As a result of this, recent years has seen a steep increase in customer demand for services that ensure they can properly defend themselves from attacks that have the potential to put them out of company.
Whilst UK businesses are clearly aware and conscious about implementing security measures, half (48%) still point to cyber security as the biggest operational challenge facing their organisation.
>See also: Unlocking cyber innovation in the UK
As security should underpin any business plans, organisations and employees should be better educated on the value of security and the best strategy and measures for protecting customers, employees and the wider business.
Responding to the figures, Rob Norris, VP head of Enterprise and Cyber Security EMEIA at Fujitsu said: “With threats we face today only set to rise, all organisations in the public or private sector, no matter what shape or size, are vulnerable to a cyber attack. With the ripple effect of an attack no longer within the four walls of an organisation, businesses need to rethink their approach and stop defying cyber security practices.”
“Although organisational awareness is on the rise, many still struggle to put in place the right measures in place to safeguard employees, customers and the broader business. Because even the best-run company could suffer from a hack or data breach, organisations should adopt a two-pronged approach by complimenting employee training and awareness with continued investment in technical and security controls. In doing so, businesses can be on the front foot for proactively identifying and managing threats instead of waiting for breaches to happen.”
>See also: Cyber security threat is just as serious as terrorism – GCHQ
“After all, cybercrime is not a probability, it is an inevitability and it will be the way in which businesses prepare for it however, that can make all the difference.”
Staying prepared
David Emm, principal security researcher at Kaspersky Lab, has offered some key advice for businesses to stay protected in light of the findings from the NCSC report.
“Businesses come in all shapes and sizes, but in today’s world, no organisation, large or small, can afford to ignore online security. Whether you’re a team operating out of an office, or an individual working from home, cyber security is an issue that every business should prioritise. In light of the recent findings from the National Cyber Security Centre, it simply comes down to being prepared – and there are several steps that businesses should take to arm themselves against threats. Although businesses have no direct control over the growth of cybercrime, by taking simple steps to secure their internal systems, they can reduce their exposure to attack.”
>See also: Need to ‘improve’ the cyber security in industrial control systems
Kaspersky Lab recommends the following advice for businesses to stay prepared:
Conduct a security audit – Identifying your business’s security strengths, weaknesses and opportunities for improvements will provide a good foundation for your future decision-making process on appropriate technology and other measures
Choose the right anti-malware protection – Choosing the right security software will allow you to feel relaxed and comfortable that your business is adequately protected, without the hassle of managing an expensive or overly elaborate security solution.
Keep your software up to date – Apply updates to your operating systems and applications as soon as they become available (switch on automatic updates where this is available). Remember, programs that haven’t been updated are one of the key means that cybercriminals use to hack businesses
Back up – Plan for the worst-case scenario: infection. It’s vital to backup your files – so that, if your documents are compromised, you can restore your files with minimal disruption
Educate your staff about browsing behaviours – The starting point for most attacks is tricking people into doing something that allows attackers to get a foothold. Therefore, proactively educating your staff about the impact their online activity can have on the business will help to reduce your exposure to online threats significantly.