Cybercrime is now surpassing all other criminal offences: according to the National Crime Agency (NCA) and Strategic Cyber Industry Group’s Cyber Crime Assessment 2016 report, cybercrime accounted for 53 per cent of all UK crimes in 2015!
For businesses, the long-term impact of cyber attacks is significant and can potentially include loss of substantial revenue, theft of valuable data and damage to other company assets. Alongside reputational damage and potential executive-level liabilities, this demonstrates the real and immediate threat to businesses posed by cyber attacks.
We fully agree with the NCA when they note that the “accelerating pace of technology and criminal cyber capability development” currently outpaces the collective response to cybercrime. These crimes are increasingly sophisticated, with dangerous cyber criminals specifically targeting businesses. The NCA also states that perfect security is “almost impossible” and all businesses remain vulnerable to “determined attacks by high-end crime groups”. Given this, the announcement of new regulations – with more expected – and the potential fines alongside, the need for businesses to navigate these rules to ensure compliance and safeguarding is increasingly important.
These crimes are already happening today and are set to become even more prevalent tomorrow. Data protection and security concerns around mobile devices are two serious immediate cybercrime-risky areas which businesses both large and small must consider. Robots, Internet of Things, drones, Artificial Intelligence will be the next major challenges and are just around the corner.
These innovations, far from being the stuff of science fiction, will be at the forefront of a new frontier for the hackers of the future.
Privacy regulation and compliance
From May 2018, thanks to the EU General Data Protection Regulation (GDPR), there will be a requirement for corporations to notify most data breaches to their national data protection authority. In the UK, this is the Information Commissioner’s Office (ICO), and it won’t come as any surprise that will still apply even after Britain leaves the EU.
Data breaches are increasingly widespread and businesses may be subject to blackmail through which control of data is only returned on payment of huge ransoms. This risk is especially apparent for large corporations dealing with millions of customers and their data, as is already a reality in the United States. This trend is now on the rise throughout Europe.
The risk of mobile
It is also a common theme when speaking to our clients and security providers that mobile devices are simply not as safe or controlled as a desktop environment. This presents a new opportunity for hackers.
There are “apps” that can take control of a mobile in seconds, when users are not even aware that it is happening. An example of this was evident with the launch of ‘Pokémon Go’. As the game had not yet become available in the UK, consumers visited app stores, including unauthorised “grey app” stores, to access the game.
As a result, different versions of the game were downloaded on some phone models, which opened users up to a world of risks as hackers could very easily take control of their phone, access personal data stored on the phone, listen in to conversations and even see what they are doing by activating the cameras. It is a scary new world and businesses must prepare themselves.
Internet of Things and Robots
The infiltration of robots will become more and more evident in the coming years. Machines, increasingly autonomous, will be connected to the internet at home, at work and everywhere else in between.
On top of this, the risk of hacking connected devices operating within the Internet of Things presents further risk – Gartner predicts that there will be 21 billion Internet of Things devices by 2020 and systems can also be exposed in this way. While there are many benefits of such evolving technologies, businesses cannot hide from the fact they will be the new frontier for hackers.
Government, law enforcement and other bodies have increased efforts to tackle cybercrime, with businesses also making valuable contributions. However, there is much more that needs to be done to reduce vulnerabilities. This must include better reporting – the Office of National Statistics (ONS) established the shortfall in reporting last year. The ONS estimated that there were 2.46 million cyber incidents and 2.11 million victims of cybercrime in the UK in 2015, whereas Action Fraud, the UK’s national fraud and cybercrime reporting centre, only received 16,349 cyber-dependent and approximately 700,000 cyber-enabled incident reports in the same period.
For this reason, understanding of cybersecurity crime needs to be more widespread within the business community. This issue must be recognised and treated as a challenge for a business’s board, the entire organisation and for business strategy, rather than being seen as a purely technical issue.
Certainly, businesses need to go beyond compliance to ensure that cybersecurity standards are upheld. Putting in the preventative measures and reporting processes will reduce risks now and in the future. As such, all employees must take responsibility and adopt a culture of healthy conscientiousness around potential attacks.
Author – Bertrand Liard