UK Cyber Security Outlook 2017
“No single organisation can defend against the threat on its own and it is vital that we work together to understand the challenges we face.” said Claran Martin, CEO of The National Cyber Security Centre (NCSC).
The cyber threat to UK businesses is ‘significant and growing’. Hackers have more opportunities than ever, thanks to the increase in connected devices. The greater the volume of connected devices, the greater the level of risk. The number and boldness of attacks are at an all time high. Around half of all firms experienced a cyber security breach in the last 12 months. Fraud and computer misuse offences have substantially increased the volume of crime in the UK, despite a steady downward crime trend since 1995.
Large firms are far more likely to identify breaches than small and micro firms. This directly correlates to cyber security spending, as those spending the most are the most likely to identify a breach than any other segment.
The average cost of resolving a breach stands at £1,570 with micro, medium and large firms averaging £1,380, £3,070 and £19,600 respectively. These costs include direct costs, costs of recovery and long-term cost.
Insufficient Patching Leaving Organisations Wide Open
According to the NCSC the most commonly exploited vulnerabilities in 2016 were well known. ‘Bad security practices’ and unpatched legacy systems leave organisations wide open to hackers. The high-profile Petya and WannaCry ransomware attacks exploited operating system and application vulnerabilities, quickly affecting the NHS and even the radiation monitoring systems at Chernobyl.
Cyber security remains a high priority majority of senior management. 74% state cyber security is either a very high or fairly high priority item. Information/communications/utility firms lead the pack for cyber security spend, followed by finance/insurance and then transport/storage. Construction, education/health/social care and lastly hospitality/food invest the least, however, spending is directly correlated to turnover and reliance on technology. The most common reasons for investing are to protect customer data and trade secrets/intellectual property/other assets.
What’s at Stake?
The impact of a cyber security breach runs deep. Reputation, operating capability and finances are the factors most often impacted during and after a breach. Organisations struggle to quantify the costs of damage to reputation and finance as most do not have measures in place for cyber security cost management. Despite the difficulty in quantifying costs, cyber security is estimated to have cost the UK almost £30bn in 2016.
Operating capability tops the list of common cyber security impacts, with system downtime and loss of files/access/corruption the most commonly quoted impact.
Build from Ground-Level
Organisations are encouraged to address the basics in the fight against cyber crime. Inadequate resources and a failure to recognise the relevance of cyber security are commonly quoted reasons for insufficient investment, however basic measures such as adequate patch management, secure device configuration, user training and strong passwords can help prevent the most common attacks. Read our guide to choosing a smarter password.
Bolster Access Controls
Unnecessary access rights and system privileges may increase the impact of data breaches. Users rights should be allocated on a “need to access” basis, giving privileges as necessary for the completion of their job role. The ability of an attack to impact the wider network is severely restricted if the originator is kept to basic rights.
Patching to Success
Smarter patch management can bolster an organisations ability to overcome cyber security threats. Defense against most common attackers is a distinct capability through basic investment in cyber resilience. These measures will prevent all but the most determined attackers.
People Powered Security
People may be the strongest link to cyber security resilience. Design, usability and user awareness are key to preventing compromise. Encourage a culture of cyber security by maintaining an open dialogue with users and encouraging them to behave responsibly.
Small businesses are at potentially increased risk due to pressure on resources available to balance cyber security defence versus accessibility and profitability. In these situations, emphasising security among people may be the best form of defence.
Risk management key to effective cyber security safeguards.
Start with the fundamentals by understanding the impact of a breach and implement basic measures to protect your organisation. Once the basics are covered, build on your cyber security capabilities by broadening the depth and scope of your defences. Start small but focus on an end goal of incorporating cyber security at every organizational level.
Promote ‘Secure Agility’ by Extending Defenses to Mobile Devices
Remote and mobile working offer enormous benefit to users and the organisation but complicate cyber security beyond the network. Adequately defined technical safeguards and user awareness are key to preventing misplaced or stolen devices and disrupting cyber security exploits. Define a mobile device and remote working policy and create a schedule for spot-checking compliance.
Be Loud About Security
Communication is key to clearly defined cyber security responsibilities. Being loud about security can help ensure user awareness and engagement with existing cyber security programmes.
Reporting is also vital in the fight against cyber crime and allows law enforcement to respond proactively. Future attacks can be prevented sooner if the powers that be have a thorough understanding of recent attacks. It is highly recommended that all cyber attacks are reported to a relevant authority such as Action Fraud.
For more information, contact iQuda today on 01442 251 514 and a member of our team will be more than happy to advise you further.