Mark Hughes, Chief Executive of BT Security says Cyber-crime is posing a growing threat across the region
As an ever increasing number of people and organisations make ever greater use of the internet, the potential impact of cyber-theft, cyber-vandalism and even cyber-extortion is exploding. The more we rely on the fantastic resource of ‘the net’ the more potentially vulnerable we become. It is a daunting thought that there are now about 27 billion devices connected to the internet – well over three times the human population of the world – and that this figure is expected to reach 125 billion within 13 years. If you think this issue doesn’t affect you and that it is a mainly a matter for governments and large organisations, then think again.
There are growing indications that small and medium businesses, the bedrock of a regional economy such as the one in the West Midlands, are increasingly in the firing line of the criminals. And research indicates that many are unprepared to meet this threat. Research by Accenture showed that 55 per cent of British workers can’t recall receiving cyber security training, whilst one in five weren’t sure they could identify a phishing email – a common method used by cyber criminals to raid personal bank accounts.
To give a sense of the scale of the cyber-crime problem, BT’s security team detects 100,000 unique malware samples every day – more than one per second – and protects the BT network against more than 4,000 cyber-attacks daily. Half of all reported fraud in the UK is now committed through cyber-crime, according to the National Fraud Bureau, and half of all Britons have been targeted. In the past 12 months alone BT has identified and closed more than 5,000 phishing websites.
The cyber threat is also changing. In the case of phishing, for example, criminals are becoming increasingly skilled at creating what appear to be genuine e-mails for people to click on. Even chief executives are at risk with the rise of ‘Whaling’ where phishing techniques are deliberately targeted at board level to impersonate and abuse the board’s authority. Ransomware also burst into the public consciousness recently as the WannaCry and Petya attacks spread across the world. With ransomware available for as little as 50 US dollars, criminals can enter this rapidly growing market with ease. Perhaps the most worrying aspect of Wannacry was its relatively unsophisticated nature. It was a known vulnerability and a ‘patch’ to deal with it was readily available.
Such outbreaks are a stark reminder to us all to get the basics rights:
- Update your anti-virus software regularly;
- Install patches;
- Invest in regular cyber security training for staff;
- Remind staff to be wary of opening suspicious e-mails or links
It’s not just about investing in up to date technology. A truly comprehensive approach is needed. For businesses, cyber security must feature at the top of the boardroom agenda. Companies need to have robust cyber security strategy and policies, which are kept under review and continuously put to the test. For larger organisations, this can include ‘war games’ to test the response to a cyber crisis. At BT we regularly run sessions pitching so-called ‘red teams’ of ethical hackers trying to penetrate our defences against the ‘blue teams’ protecting the network.
Whether you are a businessperson in Birmingham or Coventry or a household in a remote part of Shropshire, it is vital that we are all prepared to meet this threat. Financial loss is not the only risk. The recent attack on Britain’s healthcare system resulted in cancelled operations, missed appointments and delayed diagnoses. Realistically, online crime is unlikely to be eradicated entirely, but we - Internet Service Providers, Government and other organisations - are stepping up our collective efforts to curb the cyber criminals’ success rates through initiatives such as the Government’s Cyber Security Information Sharing Partnership, which BT is supporting.
Through collaboration and consensus, I am confident we can win the battle against the rapidly-expanding cyber-crime industry.