Hackers not holding back as cyber crime wave floods UK businesses

The rapid rise of cybercrime shows no sign of slowing, according to a new report published today by PwC which found that over 50 per cent of British companies expect to be the victim of an online crime over over the next two years.

This will make cyber crime the the UK's fastest growing economic crime - up 20 per cent since 2014 - with economic crime against businesses having risen to 55 per cent, higher than both the US and China at 38 per cent and 28 per cent respectively.

"Hackers are now more ambitious than ever," said Mark Anderson, global corporate intelligence leader at PwC. "Their aim goes beyond targeting financial information to include a company's 'crown jewels' - customer data and intellectual property information, the loss of which can bring down an entire business."

Of the 1,000 organisations that participated in PwC's economic crime survey, 33 per cent said they were not prepared to deal with a cyber attack and only 12 per cent felt confident in the abilities of the police and other authorities to deal with cybercrime.

“While the prevalence of traditional fraud – such as asset misappropriation – has fallen since 2014, there has been a huge rise in organisations reporting cyber crime, with technology driving almost every other area of economic crime,” said Andrew Gordon, PwC’s global and UK forensics leader.

“Businesses need to minimise the opportunities for economic crime through rigorous fraud risk assessment, supported by a culture based on shared corporate values, robust policies and compliance programmes,” he said.

Industry reaction

Rob Lay, Customer Solutions Architect in UK & Ireland at Fujitsu:

“The PwC study highlights just how crucially important it is for businesses to remember that a cyber-attack is not always a faceless hacker trolling the internet to find an open-door to a business’s data - but that the malicious attacks often come from within. To reduce the impact of malicious insider attacks, businesses can implement access-based controls to regulate what data can be seen by whom. This way, they can monitor who is trying to access data that isn’t relevant to them, highlighting their potentially malicious intentions.

"Organisations should also look to encrypt their data where possible and perform regular vulnerability scans of their internal network to understand what vulnerabilities exist and could therefore be exploited by a malicious insider."

Yaroslav Rosomakho, Channel Solutions Manager for Advanced Threats at Arbor Networks:

“The news from PwC that one in four UK companies have been attacked by cyber criminals is no surprise. In fact, we believe this figure is far too low. Threats are evolving at an alarming rate with the average attack 60 times more powerful than a decade ago. We are more connected and reliant on technology than ever before, and as a result, the number of routes for an attack is increasing exponentially. In this new landscape, it’s clear that companies must do more as attackers continue to evolve.”

“Organisations need to be vigilant and ensure they have the right security in place to deal with hackers. What’s becoming essential, especially for larger organisations and high-value targets, is having the ability to detect and contain threats quickly – even when they make it past the perimeter defences.

This isn’t all about technology – although having the right tools helps – people and process are key in this.”

Dave Palmer, Director of Technology at Darktrace:

"The PwC report comes as no surprise. Cyber security should be a board-level issue as it has the ability to completely make or break a company. Technology exists today that can help mitigate the risks from cyber attacks, and the mandate to use it should come from the top.

"We hear about serious breaches almost on a daily basis, targets ranging from children’s toys to critical infrastructure. Businesses need to have the right systems and software in place to detect these threats and minimise the risk where possible. As PwC says, it’s as important to recognise the insider threat and look at how a company can deal with this, as well as an outside attack.

"Cybersecurity needs to remain at the top of the CEO’s agenda, as with more businesses turning to the cloud for information storage, and with new IoT solutions gaining traction, it’s an issue that isn’t going away."

Image Credit: Shutterstock / CobraCZ