Thrive UK
Digital Divide: UK’s Cyber Security Stronger, but Are Businesses Still Fragile?
Should we relax? It’s official: Britain has made significant recent progress regarding its resilience against cyber-attacks. In the July King’s Speech, a new bill was outlined to further protect the critical infrastructure and digital services that Brits rely on daily.
This is a significant step in addressing the rapidly growing number of relentless attacks that devastate our health services, government departments, educational and democratic institutions, and even smaller local authorities. Yet, the urgency of the situation is clear, as we have increasing evidence of the fragility of the UK’s cyber infrastructure – and the aggressive threats the country is facing.
What will this bill do?
The crucial updates made to the existing framework will expand its remit, protecting more UK digital services and supply chains. Regulators will also reportedly be put on a ‘strong footing’ to guarantee the implementation of safety measures, including cost recovery mechanisms and additional powers that facilitate vulnerability investigation.
This legislation is a beacon of hope, as it mandates increased incident reporting to give government teams more accurate data on cyber threats. This includes where a business has been a ransom victim, improving their understanding of current threats and highlighting potential further ones by widening the net regarding the nature of incidents that entities are to report.
This bill will extend UK-wide and is fully endorsed by the NCSC. Its CEO, Felicity Oswald, warned that the UK’s essential service providers cannot afford to ignore these threats.
Why the new legislation?
Two government reviews found that the original frameworks had a positive impact, but progress needed to be made faster to keep up with the rapidly evolving threats to the nation. Over 50% of essential service operators have updated their processes and policies since the creation of the cyber regulations in 2018, hardly enough to match the required pace.
In June, cybercriminals struck the NHS, postponing critical appointments and procedures at some of London’s most significant hospitals, such as Guy’s, St Thomas’, and King’s College. Last year, we saw Sefton, a village in Merseyside, fight off 30,000 cyber-attacks on its council infrastructure per month, with the BBC reporting last month that councils remain at the mercy of criminal hackers. These attacks are not just statistics, they are real and they are affecting businesses and services that we rely on.
This reform is well-needed, with countless examples of attacks like these affecting millions of Brits. However, despite these recent changes, businesses remain fragile throughout the country.
New vulnerabilities
In 2023, the UK led the list of global data breaches. The country was shaken by the largest cyberattack in 2023, as cyber protection firm DarkBeam failed to protect 3.8 billion records. The leak was uncovered by the CEO of SecurityDiscovery, Bob Diachenko, who informed the company of its leak. They promptly addressed and fixed the leak. According to Diachenko, this type of data leak is usually caused by human error, such as forgetting to encrypt data following maintenance.
We also have witnessed a spike in attacks on a new sector: the construction industry. A new report by risk advisory firm Kroll has indicated that cyber-attacks on construction companies doubled in the first quarter of 2024 compared to last year. Kroll advised this increase was most probably down to the ‘sophistication of business email compromise for either financial gain or as a pivot into downstream attacks.’
The company confirmed that the construction sector had seen steady growth in email compromise from 2023 to 2024. According to Construction News5, on-the-go work culture is the culprit behind doubling the frequency of these attacks. Kroll warned: ‘An employee may be more likely to fall for a phishing lure if they are receiving the email on the road, making them potentially less vigilant about the signs of fraud.’
SMS and voice-based tactics have been reported, which raises concern surrounding the potential use of deep fakes and other AIs to further streamline phishing attacks. An insider threat case examined by Kroll earlier this year saw an employee impersonated, a method AI could efficiently utilise.
Arup, a British multinational firm headquartered in London providing services across the building sector, confirmed in May of this year that it was the victim of a £20 million deep fake fraud attack after an employee was manipulated into sending over the sum via an AI- generated video call. The attackers posed as ‘senior officers of the company’ to dupe their way to the money. Arup’s global CIO, Rob Greig, stated that the company had been the victim of a barrage of attacks, increasing both in potency and frequency, in the months leading up to the large-scale attack.
Greig’s quote to Building.co.uk illustrates the ordeal: ‘This is an industry, business, and social issue, and I hope our experience can help raise awareness of the increasing sophistication and evolving techniques of bad actors.’
Police in Hong Kong, where the attack occurred, have made no arrests thus far, and the cyber-criminals are still at large.
As a chilling final example, officials have confirmed that the British critical national infrastructure (CNI) ‘could be left dangerously exposed’ if managers do not appropriately address the increasing cyber-attack threat caused by tension between Britain, China, Russia and Iran.
How fragile is the UK’s critical national infrastructure?
The BBC reported a ‘hack’ in May of this year, resulting in a ‘significant data breach’ of payroll data from the MoD. The then Defence Secretary, Grant Shapps, warned that state involvement could not be ruled out. In the days and hours following, at least two additional cyber-attacks hit the Scottish NHS and the UK Border Force.
NHS Dumfries and Galloway revealed that children’s mental health data had been published, and Border Force e-passport gates ceased to work at Britain’s major airports. Considering simmering tensions with other states and escalating wars in Ukraine and Palestine, infrastructure providers are left concerned about potential future attacks.
The lines between political interference and targeted cyber attacks are starting to blur. Considering this, coupled with more and more sectors finding themselves the new victim in the crosshairs of increasingly sophisticated and ruthless attacks, do not let your company be next.
If you are targeted by a bad actor, do you have a well-rehearsed incident response plan in place? Contact Thrive to learn how we can help fortify your digital approach and keep you and your team safe from an ever-evolving threat landscape. We specialise in helping medium sized businesses fortify their critical cyber infrastructure.