James Kelly, Chief Executive of the British Security Industry Association (BSIA), takes a look at the statistics on cyber crime and how it is affecting society
In a modern day era where technology is constantly at our fingertips and entwined with our everyday lives, it is no surprise that criminals are targeting cyberspace in order to commit their crimes. These criminals are not discriminatory when choosing their victims and have been targeting a wide range of sectors including businesses, healthcare, education, and individuals too.
The importance of cyber security is becoming more widely recognised within society, particularly with the release of some recent worrying statistics. This year was actually the first time that questions around fraud and cyber offences were asked in the Crime Survey for England and Wales, published in July. Estimates from the survey indicated that in the 12 months prior to interview, there had been 3.9 million fraud offences and 2 million computer misuse offences, emphasising the impact that cyber crime is having on our everyday lives. Following on from that, figures released by fraud prevention service Cifas also revealed that identity theft has dramatically risen, with more than 148,000 victims in the United Kingdom in 2015 – a 57% increase since 2014. As such, it is absolutely essential that we are becoming more cyber savvy on both a personal and professional level in order to mitigate these threats.
Cyber threats can infiltrate our networks in multiple different forms; one common threat in particular is that of phishing, where harmful links or attachments are distributed via email in an attempt to get the recipient to enter personal information, such as passwords or card and bank details. Clicking on such links can also result in harmful malware being downloaded onto the recipients system, consequently allowing criminals to steal information from the computer or spy on the user for long periods of time.
Cyber security breaches
The ‘Cyber Security Breaches Survey’, published in May by the Department of Media, Culture and Sports, also highlighted that the most common cyber security breach or attack was from a virus, spyware or malware, with 68% of respondents falling victim to it. Impersonation of another organisation was also a main threat, highlighted by 32% of respondents. Such impersonations could include a text or email from a bank requesting the victim to log onto their account via a harmful link that will result in the criminals having access to financial accounts. Therefore, it is absolutely essential for people to be vigilant when clicking links in emails or messages, no matter how familiar the sender may seem.
Defending against these criminals does not necessarily require complex strategies; simple steps such as regularly updating software and malware protection, ensuring that all firewalls are robust and up to date, and restricting access to specific users can all go a long way in keeping cyber threats at bay. It can be especially useful to configure specialised firewall rules in order to restrict access to the networks, with such firewalls being inaccessible from the internet in order to be less vulnerable to attack. Social media can also be a breeding ground for identity thieves and they do not necessarily have to hack accounts to get the information they need. Often, victims make their own information readily available by publishing personal details on their social media accounts. Phone numbers, addresses and even birthdays should not be mentioned on profiles, with privacy settings being as strict as possible.
One industry in particular that has been suffering at the hands of cybercrime is the business sector. Out of 1008 businesses surveyed in the Cyber Security Breaches Survey, 65% of large firms had detected a cyber security breach or attack in the last year, with 25% of them encountering a breach at least once per month. These breaches can be detrimental to a business, resulting in financial losses and reputational damage. In fact, the average cost of a breach within a large business was found to be £36,500, with the most costly breach being £3m.
Another very interesting statistic was the fact that while seven in ten businesses did say that cyber security was a high priority for senior management in their organisation, only 51% had actually taken steps to protect themselves against threats. It is very important for organisations of any kind to be aware of the cyber threats they face and have in place a general cyber policy to which all individuals adhere. Such policies should consider a wide range of staff practices, taking into account remote working, personal devices within the workplace, the use of removable media, and private use of company computers. It can be especially useful to have staff training sessions focused on cyber security to ensure that everyone is vigilant in the workplace.
It can also be wise to enlist the help of a security consultant to help identify any potential weaknesses within a network and develop contingency plans in the event of a breach. A reputable security consultant with a wealth of experience and proven track record in cyber security can carry out penetration testing in order to ensure that the protection already in place is adequate enough to challenge ever-advancing cyber threats. The testing can also identify any weaknesses in the network and address them where necessary. Following that, they can then work closely with the business in order to develop a complete risk register with a comprehensive security strategy and effective cyber policy in order to ensure the business is fully prepared for any potential threats.
If an organisation does choose to enlist the help of a security company to help fight cyber crime, it is essential that quality takes precedence and that products and services are sourced from a reputable company. Members of the BSIA’s Specialist Services Section have a wealth of knowledge and experience in cyber security and can provide a reliable, professional service.
British Security Industry Association (BSIA)