Cyber threat to UK business is ‘significant and growing’

Cyber crime - Image credit: elhombredenegro via Flickr

The cyber threat to UK business is “significant and growing”, according to a new security report.

The first joint report by the new National Cyber Security Centre (NCSC) and the National Crime Agency (NCA), The Cyber Threat to UK Business, also warns that cyber attacks in the past year have reached a “scale and boldness not seen before”.

In the three months since its creation, the NCSC has tackled 188 high-level attacks that were serious enough to warrant its attention.

RELATED CONTENT

Cyber security is no longer just about financial and reputational loss

MPs blast UK Government for 'chaotic' approach to tackling cyber crime

Philip Hammond tells business to ‘sharpen its approach’ to preventing cyber attacks, as Queen opens new cyber security centre

Three key threat trends are highlighted by the two agencies: that technical expertise is not necessary to carry out attacks, that there are more opportunities as the number of connected devices increases and that criminal groups are learning from one another.

The document sets out a new wave of cyber threats, including an increase in the use of extortion as attacks become “more aggressive and confrontational”, more large-scale attacks from internet of things (IoT) botnets and a growing use of mobile malware, such as malicious or fake apps and SMS phishing attacks.

However, the report said that the most “impactful” attacks in 2017 would be “directed at building blocks on which the internet runs, rather than innovative technology”.

There will also be more targeted attacks on industrial connected devices, such as energy smart meters, networked security cameras and automation like connected indoor lighting.

“A stark example of this was seen in Finland in 2016, when denial of service conditions disabled residential automated heating systems in apartment blocks for more than a week,” the report says.

Organisations should also be prepared for attacks that tamper with data, rather than simply stealing or denying access to it, and for attribution of attacks to become more difficult as malware becomes more tailored to each victim.

In order to fight back, the report says businesses must report attacks, promote awareness within teams, encourage stronger “cyber hygiene” and boost training for staff, and integrate their cyber security measures with risk management.

It stressed that a collaborative approach is necessary to achieve the UK Government aim of making Britain “a secure and resilient digital nation”.

The report said: “A key aspect of this strategy is through robust engagement and an active partnership between government, industry and law enforcement to significantly enhance the levels of cyber security across UK networks.”