Cyber Threat on UK industry, including utilities, the police and Small & Medium Business
We all know the potential effects of a cyber-attack breaching your organisation’s defences can be devastating – not only resulting in the loss of sensitive data, but also reputational damage and consumer trust.
With so much at stake we cannot afford to be complacent about cyber threats, but you might be surprised to discover just how vulnerable certain industries really are.
In this past year, more than half of British firms have reported having suffered from cyber-attacks and according to ONS a person is more likely to fall victim to fraud or cyber-crime than any other offence.
With this warning in mind – we’ve taken a more in-depth look at how the cyber threat is impacting several key UK industries... and how they’re responding.
With the dramatic surge in cyber-crimes in recent years, police forces have been under increasing pressure. They face demands to adapt to the ever-changing cyber landscape as well as respond to the vast number of cyber incidents reported to the police every year.
And the sheer number of reported cyber-crimes is staggering – with several million cases of fraud and computer misuse reported to the police every year.
The Police have to respond effectively to all levels of incidents from online scams, ransomware like WannaCry and high-stake organised crime. Personal data leaks are becoming more prevalent and the trends are shifting to target businesses and services instead of individuals. In 2017, a global scale ransomware attack affected over 150 countries, including the UK where the NHS was subject to a WannaCry attack which cost £72m to restore systems and data.
Due to the high volume and diversity of cyber concerns, every police force now has a cybercrime unit. However, given the extent and complexity of the issues, there has been a huge push for officers to receive more extensive cyber-security training and develop in-depth knowledge about the cyber world.
So far, courses have been rolled out giving officers the essentials about cyber-security, how to combat and increase awareness about cyber-crimes. These are hugely positive steps, but there are also calls for the force to attain a higher level of understanding of the more advanced areas of cyber-security such as data forensics and analysis. And with competition for cyber-security specialists from big tech groups like Google and IBM – it’s even trickier for the Police Force to secure cyber-security talent.
Providing clean water to homes and businesses, treating wastewater, distributing electricity and gas around the national network - the utilities industry is vital to keeping the country running. So an attack could be hugely disruptive not only for companies but also for the public themselves.
Recent research by the Ponemon Institute found that 90% of key infrastructure services in six countries, including the UK, had been damaged by at least one cyber-attack. With around half of the attacks resulting in interruption of critical systems either due to the attack itself or in order to repair the damage.
What’s really concerning is not just the number of attacks themselves but the number of successful attacks – even just one could be devastating to national infrastructure.
Prof Alan Woodward, of the University of Surrey’s Cyber Security Centre, points to the “lack of skilled staff or appropriate incident response plans to mitigate the attacks” as a worrying theme behind the data.
With the report also showing that the risk of cyber-attacks on the utilities industry may be increasing by 56% per year- many questions remain, whether the utilities industry is managing to keep up with the cyber threat. And it’s not just the number of attacks which is alarming, they are becoming more sophisticated - with 64% of attacks on the utilities industry presenting a “top challenge” to manage.
It’s not just big corporations and national services which are targets for cyber-attacks, small businesses are key targets for repeated cyber threats.
Nearly 50% of small firms and two-thirds of medium-sized companies suffered an attack so far in 2019 (according to the Hiscox Cyber Readiness Report). For SMEs the damage is especially felt financially – the total cost on average to medium sized companies increasing from £35,000 to £145,000 in 2019.
While big companies are preparing to deal with sophisticated attacks, SMEs are finding it diifficult - with many small firms falling victim to phishing attempts. Even though reports indicate that SME staff are aware of common cyber-threats to their industry, such as malware, false payment requests and ransomware, many are not ready to guard against or deal with attacks in reality.
One of the crucial issues for SMEs is perception.
Despite 6 out of 10 SMEs suffering cyber-attacks, 66% of small and medium business leaders do not believe they will fall victim to an attack (YouGov).
Given such a divide between perception and reality – it’s no wonder that many SMEs are unprepared for cyber-threats. 60% of SMEs do not have a prevention plan in case of cyber-attack and many view spending on cyber-security as less of a priority.
The Shortage of Cyber-Security Professionals
In the last 18 months there was a 1000% increase in the number of cyber-attacks on businesses and over £4.6m was lost to hacking.
As a result of this rise in cyber threats, there is a growing demand for cyber-security professionals. However, the huge shortage in cyber-skills means that there are not enough cyber-security professionals to meet the overwhelming need.
Andy Johnston, Head of the Defence Programme at techUK, even suggested that for cyber-security skills in the UK “employer demand is outmatching candidate interest by more than three times”. Cyber-security is demanding and technical, with professionals constantly having to adjust to changes in technology and tactics in cyber threats. So finding the right people with the right skills can be a challenge.
How can we solve the shortage in Cyber Skills?
Investing your levy in cyber security apprentices offers a long term solution for cyber issues. It is a practical and cost-effective way to ensure that you have the right talent at the right time to defend your organisation against cyber-attacks.
As a leading tech and apprenticeship training provider, escalla is helping UK industries recruit and train the next the generation of cyber-security apprentices.