The UK National Crime Agency have released their annual cyber crime assessment, and straight off the bat they’ve been clear about the implications with the title, “Need for a stronger law enforcement and business partnership to fight cyber crime”.
The report, available here, describes the standard impact of an attack, loss of revenue, valuable data or other company assets, and immediate loss of shareholder value. It also describes the likely source of attacks, describing the serious organised crime groups, as well as smaller-scale, mostly domestic, criminals and hacktivists. Despite acknowledging that the major risks are posed by the more advanced international crime groups, the report accepts that the majority of losses are due to cyber criminals with relatively low technical capability. This admission is better news, suggesting that limited work on network systems could help to protect them from the majority of these low technically capable attacks.
The report goes on to say that the majority of businesses are affected by data breaches, whilst the banking and retail sectors are suffering due to cyber-fraud attacks on customers, rather than businesses. The use of new technology to protect attacker’s identity and location, as well as improving criminal operating methods means that many corporate cyber security tools are insufficient to protect corporate networks. This is a point we fully agree with in our description of the Cyber Security Gap.
So although none of the information is particularly surprising, the advice is that businesses in the UK need to do more to protect themselves and fully understand what systems need to be in place to protect their critical systems. This means businesses need to be more open to changes to the standard Firewall/Anti-Virus status-quo, perhaps bringing in knowledgeable consultants to aid with setting up new network security systems.