Cyber threat against UK firms 'growing in scale and complexity', report warns

The Cyber Threat to UK Business Industry 2017 report was published on Tuesday (April 10) to mark the start of the CYBERUK 2018 summit in Manchester, where specialists from Government, industry and law enforcement will come together to discuss cybersecurity.

Some of the biggest attacks from the last year are highlighted in the report, as well as emerging threats such as theft from cloud storage and the increased use of worms to propagate ransomware attacks.

Cloud storage technology is becoming increasingly popular among the private sector and many police forces are either considering its implementation or are in the process of doing so.

However, just 40 per cent of all data stored in the cloud is access secured and many companies report that they are concerned about encryption and the security of storing information online.

The report states hackers will take advantage of the fact that many businesses put “too much faith” in the cloud providers, which could lead to high profile breaches involving UK citizen information.

Last year a number of data breaches took place, including one at credit reporting agency Equifax, where the identity of 145 million US users and almost 700,000 UK users was compromised.

And telecommunications provider Verizon’s data on 14 million customers was exposed to anyone who could guess the web address of the cloud where the information was stored.

Between October 2016 and the end of 2017, NCSC recorded 34 cyber attacks that required a cross-government response – WannaCry being the most disruptive – and a further 762 single incidents were also reported.

In May last year, cyber criminals targeted 300,000 computers spanning 150 countries running the Microsoft Windows operating system – including the NHS – with a self-replicating worm, locking users out of their devices and demanding a ransom payment in bitcoins.

Some NHS services in England were forced to turn away non-critical emergencies and ambulances were diverted. Nissan Manufacturing UK also halted production as a consequence of the WannaCry attack.

Although experts immediately advised against paying the ransom as it would encourage further campaigns, a total of 327 payments were made totalling more than £90,000.

WannaCry demonstrated the real-world harm that can result from cyber attacks, particularly when they are designed to self-replicate and spread, the report states.

Research company Gartner predicts there will be 11.2 billion appliances connected worldwide via the Internet of Things (IoT) by the end of this year.

The report raises concerns about the number of devices that are unsecured and recommends that the industry should avoid using default passwords for IoT devices and ensure software can be patched.

Ciaran Martin, chief executive of the NCSC, said: “We are fortunate to be able to draw on the cyber crime fighting expertise of our law enforcement colleagues in the NCA.

“This joint report brings together the combined expertise of the NCA and the NCSC. The key to better cyber security is understanding the problem and taking practical steps to reduce risk.

“This report sets out to explain what terms like cryptojacking and ransomware really mean for businesses and citizens and, using case studies, shows what can happen when the right protections aren’t in place”

Donald Toon, director of the NCA’s prosperity command, added: “UK business faces a cyber threat which is growing in scale and complexity. Organisations which don’t take cyber security extremely seriously in the next year are risking serious financial and reputational consequences.

“Full and early reporting of cyber crime to Action Fraud will be essential to our efforts.

“We will build on the reported disruptions and arrests we have made in the last year and by increasing collaboration between law enforcement, government and industry, we will make sure the UK is a safe place to do business and hostile zone for cyber criminals.”