How big is the UKs cybersecurity problem and what can we do about it?

2020-08-17_11-06-31

If the headlines are to be believed, we have a looming cyber crime disaster on our hands: ‘Identity fraud reaching epidemic levels’; ‘Robot cracks safe live on Def Con’s stage’; ‘UK company directors unprepared for cyber attacks’. Is this sensationalist journalism, or are we facing an unprecedented threat to our cybersecurity?

Figures would suggest the latter. Last year, more than 3.8 million cyber crime offences were recorded. In response, the government announced plans to launch a new agency dedicated to protecting the UK from the threat of cyber attacks. The National Cyber Security Centre (NCSC) - part of GCHQ - opened in February this year, with a budget of £1.9 billion over the next 5 years.

It’s clear that the scale of the UK’s cybersecurity problem is vast, and that the government is taking the threat seriously. But what, exactly, are the biggest concerns and what can we do about them?

Today’s cybersecurity problem.

The ONS reported that phishing was the most common type of online crime last year, with 487,000 instances of people losing money through hacking or computer viruses. And while many organisations employ security frameworks to block potential email threats, there are cases where attacks have proven successful. For example, 7 in 10 UK universities recently admitted to falling foul of phishing attacks.

Extortion is another area of great concern. In May this year, our NHS was subjected to a ransomware attack by the WannaCry cryptoworm that forced the closure of everything but emergency services in hospitals around the UK. Worryingly, four months on, 39% of the UK’s critical national infrastructure (including the NHS, police and other emergency services) have not completed government recommended cyber security preparations, leaving them vulnerable to further attacks.

Future threats.

While today we face these extraordinary threats, the future holds further concern. As our dependence on technology grows, we become increasingly vulnerable to exploitation.

Practically any product can be connected to the internet with a wireless chip: our clothes are smart, our household goods are wired for reordering at the click of a button, and our gyms ping us notifications when we turn up for a workout. While these Internet of Things (IoT) innovations serve to make consumers and businesses more efficient, they also leave us open to hackers.

According to Nick Shaw, VP of Norton Antivirus, no device is safe. He explains, “from laptops and mobile phones, to fitness trackers and routers to home security systems, smart TVs and baby monitors, any internet-connected device is a potential target”. And the threat isn’t contained to individuals: in 2016, Botnet Mirai exploited weaknesses in IoT devices to bring down sites such as Twitter, the Guardian, Netflix, Reddit, and CNN. Additionally, the NSCS warns that the most impactful IoT attacks will be directed at the building blocks on which the internet runs, rather than the innovative technology itself.

The NCSC further cautions that the rise of robotics poses a threat: “Robotic, unmanned and autonomous systems will increasingly bridge the gap between the virtual world and the real world over the next decade”. As with any connected device, it will be possible to hack them.

The solution.

The wide ranging cyber threats facing the UK require a proactive approach to prevention and mitigation. No organisation or individual can fully protect themselves from cyber crime, but there are things we can all do to reduce our risk.

We must first recognise that cybersecurity is everyone’s problem, and that means reporting every crime. In a recent report, the NCSC explained that “cyber crime is widely under-reported both by industry and individuals. Action Fraud only received 1,073 cyber dependent crime reports from businesses in the year ending October 2016…Having an accurate understanding of the impact of cyber attacks helps us understand how to resource and fund the fight back.”

They further highlight the need for unified solutions within organisations: “Cybersecurity is most effective when integrated well with risk management”. To successfully thwart attempted attacks, companies must embed security measures into their existing and evolving processes that are far harder to disrupt than their predecessors.

Additionally, as we reported in a recent article, there is a significant skills gap in cybersecurity, but steps are being taken to address this. The National College of Cybersecurity at Bletchley Park will soon train gifted and talented school leavers in cybersecurity skills, the government-sponsored Cyber Retraining Academy retrains adult professionals for transition into cybersecurity roles, and Inspired Careers offers advice to those seeking a career in the field.

In truth, there is no ‘right’ solution to the UK’s cybersecurity problem. The ever-evolving technology landscape means that cybersecurity is a constantly moving target and, therefore, solutions must have an inbuilt agility. Most importantly, a mindset of prevention rather than cure is a necessity: forward-thinking, proactive measures to averting problems before they arise will serve us a hundred times better than reactive ones retrofitted in the aftermath of an attack.