Cyber security: How focused are North West firms on protecting digital property?
With UK businesses more dependent on web-based platforms than ever before, the escalating threat from online fraudsters is one that cannot be ignored. Move Commercial questions how focused North West firms are on their cyber security.
Words by Lawrence Saunders
Friday 12 May 2017: a ransomware worm, reportedly originating from North Korea, is released worldwide.
WannaCry affected more than 200,000 computers across 150 countries – encrypting files, making them impossible for users to access, and then demanding payment in order to decrypt them.
Estimated total damages sustained range from hundreds of millions to billions of dollars.
Here in the UK it cost the NHS approximately £180,000, saw thousands of appointments and operations cancelled, and forced some patients to travel further for emergency care.
The attack underlined how dependent the health service is on information technology and writ large the need for security enhancements to be pushed through.
A National Audit Office (NAO) report said trusts were left exposed because cyber security recommendations were not followed, with the comptroller and auditor-general of the NAO pronouncing that the attack could have been prevented if the NHS had followed “basic IT security best practice”.
Although the NHS maintains no ransom money was ever handed over, UK public services and businesses alike should have been left under no illusions regarding the serious danger posed by cyber criminals.
“Key reports have shown that companies across the UK are unprepared for cyber attacks”
Fast forward to April 2018 and ahead of the county’s biggest cyber security conference in Manchester it was reported that more online attacks were being launched on UK businesses than ever before.
‘The Cyber Threat to UK Business’, jointly authored by the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA), highlights risks to companies which include ransomware attacks, theft from cloud storage and business email compromise fraud.
The report summary claims that most attacks can be defeated by organisations which “prioritise cyber security”.
Despite the warnings and get-togethers, are UK businesses – and specifically those here in the North West – doing all they can to protect themselves?
“Key reports have shown that companies across the UK are unprepared for cyber attacks,” says Dr Mohammad Hammoudeh, senior lecturer in computer networks and security at Manchester Metropolitan University.
“The North West is no exception. As an international digital hotspot and home to a top 20 European digital city, Manchester, it’s an attractive target for cyber criminals.
“While some larger organisations have developed a good understanding of the importance for cyber defences, smaller businesses are struggling to keep up with cybercrime due to cyber-unawareness and/or lack of resources.
“At the same time, the volume of data combined with the complexity of the used computer systems presents a technical and financial challenge for companies to secure.”
Whatever the challenges for smaller businesses, the threat is a very real one.
According to the Department for Digital, Culture, Media and Sport’s ‘Cyber Security Breaches Survey 2017’, SMEs have around a one in two chance of falling victim to a cyber security breach, with the cost of such an attack estimated at approximately £1,400.
In an attempt to help smaller businesses protect themselves from the most common types of cyber crime, the NCSC produced its ‘Cyber Security: Small Business Guide’ last November.
“Smaller businesses are struggling to keep up with cybercrime”.
The guide features advice which is designed to be easily understood and implemented by firms for minimal costs.
Despite this, Dr Hammoudeh believes a lot more needs to be done to increase awareness and cyber security levels across the small business community.
“Clearly, as more business activities and private information migrate into the digital globally interconnected technology platforms, such as cloud, cyber attacks become more prevalent,” he says.
“I believe that companies must be obliged by law to invest in preventive security measures through an agreed percentage of their profits.
“The government should also support companies in this mission by offering the technical skills and tax incentives to train staff and strengthen protection online.”