The cyber-threat facing British firms is “bigger than ever”, cybersecurity chiefs have warned. In a joint report the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA), also calls for greater collaboration between government, law enforcement and industry and the best approach to cybersecurity.
As well as outlining some of the barrage of attacks to hit the UK in 2017, The Cyber Threat to UK Business outlines emerging threats, such as cryptojacking and data thefts from cloud storage. The report argues that traditional IT Security approaches will not be up to the task of defending against the new attacks, suggesting that firms that make cyber-security a priority and co-ordinate with government and law enforcement will have most success at defeating threats.
“This report sets out to explain what terms like cryptojacking and ransomware really mean for businesses and citizens, and using case studies, shows what can happen when the right protections aren’t in place,” said Ciaran Martin, NCSC’s chief executive, launching the report.
Citing real-life examples of businesses ranging from multinationals to independent firms hit by cybercrime, the report notes a surge in ransomware, data breaches, and supply-chain weaknesses, causing both financial and reputational damage to the targeted companies. It also suggests that law enforcement efforts to crack down on cybercriminals are being hampered by under-reporting, as firms take a low publicity approach, meaning that crucial evidence and intelligence never reaches the police or NCSC.
“UK business faces a cyber threat which is growing in scale and complexity. Organisations which don’t take cyber-security extremely seriously in the next year are risking serious financial and reputational consequences,” said Donald Toon, director of NCA’s Prosperity Command. “By increasing collaboration between law enforcement, government and industry we will make sure the UK is a safe place to do business and hostile zone for cybercriminals. Full and early reporting of cybercrime to Action Fraud will be essential to our efforts.”
NCSC, which is a branch of the UK’s communications intelligence agency GCHQ, published the report to coincide with the start of their flagship annual conference in Manchester, CYBERUK 2018. Opening the conference Nicola Hudson, NCSC’s director for communications continued the theme of collaboration, pointing to the conference as an example of government and industry working together.
Ms Hudson called for public authorities to work with a wider range of industries, beyond the standard IT-based approach: “We need to bring together people from a range of disciplines and backgrounds to work together on this. We are delighted to welcome people from all the professions that must come together to deliver effective security, not just those who might directly think of themselves as primarily security people,” she told the conference.
She also called for a greater diversity in the people working on cyber-security, saying that this will broaden thinking and make sure that the best talent is recruited. “As an organisation we are determined to look at diversity in its widest sense, not just talking about the lack of women, but socio-economic factors, regional and cultural differences, disability, BAME and the LBGT community. We celebrate the diversity of thinking which has made the NCSC and GCHQ world-leaders. Without true diversity we are in danger of group-think, behaviour challenges and quite frankly we will not tap into the skills we need,” she explained.
With global cybercrime already estimated to cost the world economy $600bn a year, many would rank the NCSC’s mission to protect UK infrastructure and businesses from cyberattacks among the top priorities for government. In both this report and the CYBERUK 2018 conference, their message is clear: “we can’t do it without you.”