UK businesses face increasing threat from cyber attacks, but do they care?

The findings of the annual report from the National Cyber Security Centre today revealed that UK businesses are facing a growing threat from cyber attacks UK businesses face increasing threat from cyber attacks, but do they care? image

Cyber attacks against UK businesses increased to unprecedented levels in 2017, according to the UK’s National Cyber Security Centre. “Criminals are launching more online attacks on UK businesses than ever before,” a summary accompanying the report said.

Companies across the country are facing an increase in online criminal threats from a variety of weaknesses, including poor security training and weaknesses in the supply chain.

On top of this, an increase in malware variants is also causing problems for UK businesses. The report highlighted theft from cloud storage as an emerging threat, which the NCSC argues too many businesses put their faith in.

>See also: 1,000+ cyber incidents reported to NCSC in first year of operation

“As more organisations decide to move data to the cloud (including confidential or sensitive information), it will become a tempting target for a range of cyber criminals,” said the report.

“They will take advantage of the fact that many businesses put too much faith in the cloud providers and don’t stipulate how and where their data is stored. This could lead to high profile breaches involving UK citizen information.”

Team effort

The report, Cyber Threat to UK Business Industry 2017-2018, was published today to coincide with the opening of a three-day conference in Manchester, organised by the NCSC, which is expected to attracted 1,800 cybersecurity experts from law enforcement, government and the private sector.

Ciaran Martin, head of the NCSC, said: “The last year has seen no deceleration in the tempo and volume of cyber incidents, as attackers devise new ways to harm businesses and citizens around the globe.”

>See also: Cyber security priorities for political parties

“The NCSC’s aim is to make the UK an unattractive target to cyber criminals and certain nation states by increasing their risk and reducing their return on investment.”

All sectors at risk

This report has shown that organisations across both the private and public sector are at great risk of cyber attacks, according to Raj Samani, chief scientist and fellow at McAfee.

“From critical national infrastructure and large businesses, to Dublin Zoo, all organisations need to understand that the data they hold and possible disruption to services makes them a hot target for cyber criminals.”

“The NCSC rightly highlights the importance of collaboration in underpinning the UK’s response to cyber attacks. One way to do this in in adopting threat intelligence sharing. In learning about the attacks that other similar organisations are facing, IT and security professionals can ensure that they are prepared to defend against the popular attacks of the day.”

Security: A culture problem?

Despite the growing threat identified in the NCSC’s report, according to not-yet-released data from Fujitsu’s Tech in a Transforming Britain report, only 1 in 10 UK businesses think cybercrime and hacking are the biggest challenges to their business’ future economic success, with even less (6%) believing the same about its impact on the UK’s economic future today.

>See also: Combating the cyber security skills gap at the largest ethical hacking challenge in the UK

Events over the past year have clearly demonstrated the financial and reputational cost of suffering a major security breach, to any organisation. And as a result, these figures from Fujitsu are alarming.

Data sharing

Over a third (34%) of the UK public happy to share their personal data with companies and the Government (if it benefits themselves/society). Each organisation, therefore, has an obligation to make data protection as much of a priority as the public, who are regularly asked to hand over financial and other personal data.

This is especially important when considering the UK public are more concerned by the impact of cybercrime and hacking to the UK: indeed, a fifth (20%) of the UK public see this as the biggest challenge facing the UK today – above both global economic uncertainty and the skills gap.

As a result of this, recent years has seen a steep increase in customer demand for services that ensure they can properly defend themselves from attacks that have the potential to put them out of company.

Whilst UK businesses are clearly aware and conscious about implementing security measures, half (48%) still point to cyber security as the biggest operational challenge facing their organisation.

>See also: Unlocking cyber innovation in the UK 

As security should underpin any business plans, organisations and employees should be better educated on the value of security and the best strategy and measures for protecting customers, employees and the wider business.

Responding to the figures, Rob Norris, VP head of Enterprise and Cyber Security EMEIA at Fujitsu said: “With threats we face today only set to rise, all organisations in the public or private sector, no matter what shape or size, are vulnerable to a cyber attack. With the ripple effect of an attack no longer within the four walls of an organisation, businesses need to rethink their approach and stop defying cyber security practices.”

“Although organisational awareness is on the rise, many still struggle to put in place the right measures in place to safeguard employees, customers and the broader business. Because even the best-run company could suffer from a hack or data breach, organisations should adopt a two-pronged approach by complimenting employee training and awareness with continued investment in technical and security controls. In doing so, businesses can be on the front foot for proactively identifying and managing threats instead of waiting for breaches to happen.”

>See also: Cyber security threat is just as serious as terrorism – GCHQ

“After all, cybercrime is not a probability, it is an inevitability and it will be the way in which businesses prepare for it however, that can make all the difference.”

Staying prepared

David Emm, principal security researcher at Kaspersky Lab, has offered some key advice for businesses to stay protected in light of the findings from the NCSC report.

“Businesses come in all shapes and sizes, but in today’s world, no organisation, large or small, can afford to ignore online security. Whether you’re a team operating out of an office, or an individual working from home, cyber security is an issue that every business should prioritise. In light of the recent findings from the National Cyber Security Centre, it simply comes down to being prepared – and there are several steps that businesses should take to arm themselves against threats. Although businesses have no direct control over the growth of cybercrime, by taking simple steps to secure their internal systems, they can reduce their exposure to attack.”

>See also: Need to ‘improve’ the cyber security in industrial control systems

Kaspersky Lab recommends the following advice for businesses to stay prepared:

Conduct a security audit – Identifying your business’s security strengths, weaknesses and opportunities for improvements will provide a good foundation for your future decision-making process on appropriate technology and other measures
Choose the right anti-malware protection – Choosing the right security software will allow you to feel relaxed and comfortable that your business is adequately protected, without the hassle of managing an expensive or overly elaborate security solution.
Keep your software up to date – Apply updates to your operating systems and applications as soon as they become available (switch on automatic updates where this is available). Remember, programs that haven’t been updated are one of the key means that cybercriminals use to hack businesses
Back up – Plan for the worst-case scenario: infection. It’s vital to backup your files – so that, if your documents are compromised, you can restore your files with minimal disruption
Educate your staff about browsing behaviours – The starting point for most attacks is tricking people into doing something that allows attackers to get a foothold. Therefore, proactively educating your staff about the impact their online activity can have on the business will help to reduce your exposure to online threats significantly.

Latest news

divider
Data Protection & Privacy
Data breaches – It’s not just digital, physical data breaches matter too

Data breaches – It’s not just digital, physical data breaches matter too

15 January 2019 / Data breaches are most commonly associated to online or digital where a large corporation or [...]

divider
Digital Transformation
As Windows 7 waits on death row, enterprises remain unprepared

As Windows 7 waits on death row, enterprises remain unprepared

15 January 2019 / The one-year countdown has begun. On January 14th 2020, Windows 7 will be no more! [...]

divider
Diversity
Tech Talent Charter: Tackling gender diversity in tech through collaboration

Tech Talent Charter: Tackling gender diversity in tech through collaboration

15 January 2019 / The Tech Talent Charter — partner of Information Age’s Women in IT Awards Series — [...]

divider
Digital Transformation
Reshaping the professional landscape with digital transformation 2.0

Reshaping the professional landscape with digital transformation 2.0

15 January 2019 / In recent years, the arrival and implementation of technologies such as cloud computing, 4G, and [...]

divider
Retail
Hybrid cloud for retailers: Is it the gateway to digital transformation?

Hybrid cloud for retailers: Is it the gateway to digital transformation?

15 January 2019 / Retailers have traditionally been focused on selling, rather than solving problems for customers. But unless [...]

divider
Digital Transformation
Digital transformation in the telecom industry

Digital transformation in the telecom industry

15 January 2019 / Digital change is happening in entire industries, transforming them from incumbents to innovators. The telecom [...]

divider
Data Protection & Privacy
Why privacy by design is like going to gym

Why privacy by design is like going to gym

15 January 2019 / If you are heading for the beach the next day, and you are worried about [...]

divider
Cybersecurity
The DDoS landscape: where we are, and where we’re going

The DDoS landscape: where we are, and where we’re going

14 January 2019 / If a week is a long time in politics, as former British Prime Minister Harold [...]

divider
Digital Transformation
The next stage of business change: Human-centred digital transformation

The next stage of business change: Human-centred digital transformation

14 January 2019 / This year, understanding of digital technologies like big data and analytics, machine learning (ML) and [...]

Do NOT follow this link or you will be banned from the site!

Pin It on Pinterest