Britain should be prepared for a Category 1 cyber security emergency, according to the National Cyber Security Centre (NCSC). This means that national security, the economy, and even the nation’s lives will be at risk. However, despite this harsh warning, UK businesses still aren’t taking proactive and potentially preventative action to stop these attacks from happening. So just where are UK businesses going wrong and can they turn things around before it’s too late?
How businesses have responded
Since Brexit was announced in June 2016, 53% of UK businesses have increased their cyber security, according to latest statistics. This is as a direct result of industry data being published which revealed that malware, phishing, and ransomware attacks will become the biggest threats once Britain leaves the EU. However, despite these efforts being made, figures reveal that British businesses have the smallest cyber security budget compared to any other country. They typically spend less than £900,000, whereas the average across the world is $1.46 million.
At risk of a Category 1 cyber attack
A Category 1 cyber attack is described by the NCSC as “A cyber attack which causes sustained disruption of UK essential services or affects UK national security, leading to severe economic or social consequences or to loss of life.” To date, the UK has never witnessed such an attack. Although, one of the most severe attacks in recent times was the 2017 NHS cyber attack which was classed as a Category 2 due to there being no imminent threat to life.
The NCSC says that they typically prevent 10 cyber attacks from occurring on a daily basis. However, as the organization believes that hostility from neighbouring nations is what drives these attacks every single day, they say that it’s only a matter of time before a Category 1 attack launches the country into chaos. NCSC's CEO Ciaran Martin states that "I remain in little doubt we will be tested to the full, as a centre, and as a nation, by a major incident at some point in the years ahead, what we would call a Category 1 attack."
UK businesses under attack
The UK government’s ‘Cyber Security Breaches Survey 2019’ reveals that 32% of businesses report falling victim to a cyber-attack within the last 12 months. Figures also show that medium and large businesses are more likely to be hit due to them having larger turnovers.
2019 has already proven how cyber-attacks can affect organizations. At the start of June, it was revealed that the British police force had been forced to cease work with the forensic firm Eurofins following a ransomware attack. While the full impact of the attack hasn’t been revealed yet, the company currently deals with more than 50% of criminal cases handed over by the police, so the consequences are likely to be significant. As a result, the Crown Prosecution Service (CPS) assured the public that "The CPS is assessing current cases to identify any impact on criminal trials as a result of this attack, and will ensure all necessary action is taken to allow them to proceed fairly." In addition, it added that there was "no evidence to suggest that previous convictions were unsafe.”
The security measures British organizations should be putting into place
In order for businesses to avoid falling victim to a cyber-attack, they need to take steps to safeguard their organization. This is particularly important for the 250 FTSE UK firms which The Guardian reports are most at risk of attack. Evidence suggests that these corporations are most vulnerable due to the age of the software that they are running. A review of the 2017 NHS cyber-attack found that old operating systems and databases were to blame for the attack which saw the The WannaCry ransomware attack cost the NHS a total of £92 million.
With this in mind, all UK businesses should ensure they are running the latest systems and software and that they are regularly checking and running updates on all the PCs and laptops within their organization. It can also be beneficial for organizations to rethink the computers that they use. Choosing to upgrade to custom-built PCs allows businesses to dictate exactly what software, system, and features they do and don’t want. This is an ideal way to eliminate potential threats from unwanted and unnecessary software and similar.
Protecting sensitive data
Sensitive data is something which all businesses handle. Whether it’s the bank account information of their employees, the addresses of their consumers, or industry data, it’s crucial that this information is kept secure at all times. Despite its importance, ‘The Data Security Money Pit: Expense In Depth Hinders Maturity’ study reveals that 62% of businesses have no idea where their company’s data is stored. Thankfully, Adaptive Data Loss Prevention (A-DLP) can and should be utilized as it’s an effective method to prevent the loss of any sensitive data that a company holds. As a security solution, A-DLP works by obscuring sensitive data when it is passed through a network while ensuring that there is no disruption to the service. This, therefore, eliminates the risk of the data falling into the wrong hands.
The UK is at high risk of facing a serious cyber threat in the near future, according to experts. As such, businesses need to ensure that they’re doing all they can to protect their organization, reputation, and the country from a malicious attack which could seriously impact the economy. The good news is that there are plenty of cyber security solutions available to aid businesses and point them in the right direction. But it’s now down to businesses to implement them.