Cyber threats to businesses “bigger than ever”
11 Apr 2018
The National Cyber Security Centre (NCSC) has warned that criminals are launching more online attacks on UK businesses than ever before.
The Cyber Threat to UK Business Industry 2017-2018 Report *, details some of the biggest cyber attacks from the last year and notes that risks to UK businesses continue to grow.
Emerging threats are also highlighted, such as theft from cloud storage and cryptojacking, in which computers are hijacked to create crypto currencies such as bitcoin.
The report, jointly authored by the NCSC and the National Crime Agency (NCA) in collaboration with industry partners, notes that 2017 will be remembered as the year of ransomware attacks and massive data breaches, supply chain threats and fake news stories.
Between October 2016, when it first became operational, and the end of 2017 the NCSC recorded around 34 significant cyber attacks, and 762 less serious incidents.
The WannaCry ransomware attack in May, which spread rapidly and randomly due to its use of a self-replicating worm, was one of the biggest attacks seen last year. 300,000 devices were infected, spanning 150 countries and affecting services worldwide, including the NHS. The attack demonstrated the real-world harm that can result from cyber attacks, particularly when they are designed to self-replicate and spread.
It has also become clear that data is a valuable target for cyber adversaries, as demonstrated by the Yahoo, Uber and Equifax breaches.
Supply chain breaches are on the rise, as criminals target commercial software, compromising end users and harming the reputation of the software providers. The report says this is likely to continue, as it is extremely difficult to mitigate these threats, as users download software or updates issued by the legitimate supplier and have no way of knowing that software has been compromised. The NCSC has published guidance on supply chain security.
"The last year has seen no deceleration in the tempo and volume of cyber incidents, as attackers devise new ways to harm businesses and citizens around the globe," said NCSC chief executive Ciaran Martin.
"The NCSC’s aim is to make the UK an unattractive target to cyber criminals and certain nation states by increasing their risk, and reducing their return on investment.
"We have adopted a proactive approach to dealing with the increasingly challenging cyber landscape and in tandem with the NCA are taking a proactive approach to combating cyber crime."
The NCSC also warns that, with the number of devices connected to the Internet continually increasing, it is highly likely that we will see more attackers using the Internet of Things (IoT) to commit crimes. The NCSC contributed to a report, published in March 2018, setting out how government will work with industry to address the challenge of insecure consumer IoT.
Cloud security has also become an issue. Despite the fact that the majority of companies say they are concerned about encryption and security of data in the cloud, the report reveals that only 40 per cent of all data stored in the cloud is access secured.
"As more organisations decide to move data to the cloud (including confidential or sensitive information) it will become a tempting target for a range of cyber criminals.
"They will take advantage of the fact that many businesses put too much faith in the cloud providers and don’t stipulate how and where their data is stored. This could lead to high profile breaches involving UK citizen information."
Despite the growing threat identified in the report, according to Fujitsu’s Tech in a Transforming Britain Report, only 1 in 10 UK businesses think cybercrime and hacking are the biggest challenges to their business’ future economic success.
In order to protect your personal or business data from cyberattacks, Kaspersky Lab has published the following advice:
- Implement an advanced, multi-layered security solution that covers all networks, systems and endpoints.
- Educate and train your personnel on social engineering as this method is often used to make a victim open a malicious document or click on an infected link.
- Conduct regular security assessments of the organizations IT infrastructure.
- Use intelligence that tracks cyberattacks, incident or threats and provides up-to-date relevant information that you may be unaware of.
Cybersecurity is not only for larger businesses and public organisations. SMEs are in fact some of the most vulnerable targets for cybercrime, and therefore this topic should be at the forefront of all business leaders’ minds.
When putting processes in place for effective business administration, sound management accounts will enable better control of your financial situation and awareness of the business in real time. This can be effective not only in detecting and countering fraud, but also in enhancing planning for the peaks and troughs. In turn, whilst many companies do not need an audit due to rising thresholds, an audit can give comfort to business owners and act as a fraud deterrent.
At Beavis Morgan, we work with SMEs to put processes in place which make it easier to run your business, reduce risk and maintain effective management of your company’s working capital.
IT security is a collective responsibility and it is essential that SMEs take the necessary steps to protect against cyber attacks. Read a copy of our briefing note ‘Is your business protected against cyber threats?’ for more advice to help SMEs safeguard against cybercrime and be prepared.
* Download the NCSC report to read in full - The Cyber Threat to UK Business 2017-2018 Report.