Cyber criminals are launching more online attacks on UK businesses than ever before, a report from the National Cyber Security Centre (NCSC) revealed last week – adding that firms face a ‘growing threat’ from ransomware, data breaches and weaknesses in the supply chain.
The report, written in collaboration with the National Crime Agency (NCA), warned that basic cyber security strength “is no longer enough” and said most attacks will be defeated by organisations which prioritise cybersecurity and work closely with government and law enforcement.
“UK business faces a cyber threat which is growing in scale and complexity,” commented Donald Toon, director of the NCA’s Prosperity Command.
“Organisations which don’t take cybersecurity extremely seriously in the next year are risking serious financial and reputational consequences,” he continued.
With “every single UK organisation in danger,” a fundamental shift in thinking is needed to tackle the problem, according to one cyber security expert.
The ‘attack surface’ for organisations is growing “exponentially” through the increasing use of IoT, mobile and BYOD computing, and digital supply chains – all of which provide hackers with a myriad of new entry points to make their assaults, says Matt Walmsley, director for EMEA at cyber security firm Vectra.
“The harsh reality is that the frequent evidence of breaches shows that even well-resourced organisations can and will be compromised as every defence is imperfect and something always gets through,” Walmsley said.
“We need to quickly adopt a ‘I’m already compromised’ mentality, and put in place security capabilities that not only block known threats, but that are smart enough to detect and respond in real-time to active threats that have defeated or bypassed defensive controls and gained access and persistence within the organisation,” he went on to say. “Only then do we have the chance to get ahead of the attacks before they become critical security incidents.
However, many organisations remain complacent when it comes to cybersecurity – and small businesses in particular tend to underestimate the threat they face, according to Jeff Somers, president of Insureon.
“Many businesses don’t believe that they have any kind of information available that would be interesting to a hacker, when in fact, whether it’s customer data, credit card information, or purchasing behaviour, they probably hold information that would be interesting to one,” he told Insurance Business.
The NCSC and NCA report also warned that no matter how good a company’s cybersecurity, it remains at risk if not matched by third-party service and software providers – a sentiment echoed by Somers.
He added: “Most small businesses are running a point of sale system that typically a third-party might be protecting. They have to think about whether that system could be vulnerable to attack, and what that might mean for their business.”