NCSC and NCA reveal cyber threat to UK businesses

NCSC and NCA reveal cyber threat to UK businesses [Image: matejmo via iStock]

UK businesses are at risk. This has been clear for many years, but the threat to organisations is increasing on a daily basis, with cyber criminals gaining new skills and leveraging new technologies to harm and disrupt firms.

In a new report published to mark the UK’s biggest cyber security conference – CYBERUK 2018, held in Manchester from April 10th to 12th – the National Cyber Security Centre (NCSC), which is part of the Government Communications Headquarters, and the National Crime Agency (NCA) revealed that cyber criminals are launching “more online attacks on UK businesses than ever before”.

The Cyber Threat to UK Business Industry 2017-2018 report details some of the biggest cyber attacks from the last year and notes that risks to UK businesses continue to grow. Emerging threats are also highlighted, such as theft from cloud storage and cryptojacking, in which computers are hijacked to create crypto currencies such as bitcoin.

Between October 2016 and the end of 2017, the NCSC said it recorded 34 significant cyber attacks (those attacks that typically require a cross-government response). Some 762 less serious incidents (those usually limited to single organisations) were also recorded.

The NCSC and NCA have predicted that 2018 will bring more of these attacks. The organisations highlighted that the Internet of Things and its associated threats will keep growing, while the race between hackers’ and defenders’ capabilities will increase in pace and intensity.

2017 a major year for ransomware and data breaches

According to the report, 2017 will be remembered “as the year of ransomware attacks and massive data breaches”. The WannaCry and NotPetya ransomware attacks made headlines around the world, with the former affecting the UK’s NHS, while companies like Yahoo, Equifax and Uber all admitted to having suffered massive data hacks.

The report’s authors revealed that cyber attacks have resulted in financial losses to businesses of all sizes. The costs arise from the actual attack, as well as the resulting remediation and repairing reputational damage by regaining public trust.

In addition, attacks have also caused significant falls in company share prices and the sacking of senior and technical staff who have been held to account for massive data breaches. The enforcement of the General Data Protection Regulation (GDPR) in May 2018 could, under certain circumstances, lead to severe fines for organisations that fail to prevent data breaches.

Enhanced cyber security vital

The report acknowledges that businesses can no longer rely on “a basic cyber security posture”, explaining that most attacks will be defeated by organisations that prioritise cyber security and work closely with the government and law enforcement.

Donald Toon, director of the NCA’s Prosperity Command, said: “UK business faces a cyber threat which is growing in scale and complexity. Organisations which don’t take cyber security extremely seriously in the next year are risking serious financial and reputational consequences.

“By increasing collaboration between law enforcement, government and industry, we will make sure the UK is a safe place to do business and [a] hostile zone for cyber criminals. Full and early reporting of cyber crime to Action Fraud will be essential to our efforts.”

Among the NCSC’s recommendations were a number of ways of mitigating both ransomware attacks and data breaches. The former can be managed by deploying critical security patches as soon as possible and deploying an always-on antivirus solution that scans new files, according to the security body.

In addition, the NCSC advised businesses to conduct regular vulnerability scans, action critical results and implement application whitelisting technologies to prevent malware running on hosts. Companies should also implement a policy of least privilege for all devices and services and establish configuration control and management.

Meanwhile, in order to mitigate against data breaches, the NCSC recommended that businesses protect endpoints by using up-to-date and supported operating systems and software, and by implementing application whitelisting technologies to prevent malware running on hosts.

Organisations should also protect their networks by using firewalls and network segregation to protect services, deploying an always-on antivirus solution that scans new files, and performing regular vulnerability assessments against both internal and external services to scan for any insecure configuration.

Furthermore, the NCSC recommended that businesses implement a policy of ‘least privilege’ for all devices and services, as well as use multi-factor authentication to protect sensitive information. They should also ensure that all services are protected by strict authentication and authorisation controls and password managers to help prevent password reuse between systems.