Guarding UK Enterprises: Defending Against Escalating Cyber Threats in 2024

As cyber attacks continue to surge across the UK for the third consecutive year, businesses face the daunting task of safeguarding their digital assets amidst a complex landscape. A recent study conducted by Tenable and Forrester Consulting sheds light on the severity of the situation, revealing that a staggering 48% of cyber attacks target UK organisations.

This alarming trend, coupled with recent reports from the BBC detailing cyber attacks on police forces, councils, and businesses, underscores the urgent need for a robust cyber security strategy. In this blog, we delve into the escalating cyber threats facing UK businesses and offer practical solutions tailored to your organisation’s needs.

Escalating Cyber Threats

This revelation from Tenable paints a grim enough picture. Still, when coupled with further statistics from the State of Trust 2023 Report (surveying the behaviours and attitudes of 2,500 business leaders, including 500 in the UK), we see that the average approach from UK businesses does not nearly correspond to the level of risk presented.

The report found that, on average, only nine per cent of UK companies’ IT budget is allocated to security. This reveals a stark misalignment between escalating cyber threats and the security of UK businesses and leaves them exposed to risk.

Furthermore, the State of Trust 2023 Report published by Vanta indicates that less than half (42%) of UK organisations rate their risk visibility as vital. This prevents businesses from effectively gauging and comprehending the extent of the risks faced. As threats rapidly evolve in prevalence and sophistication, a lack of comprehensive risk visibility can leave you and your employees wide open to data breaches.

Widespread Targets

Recent cyber attacks targeting large corporations and smaller businesses underscore the indiscriminate nature of these threats. For instance, in early January 2023, the Royal Mail fell victim to a ransomware attack, causing significant disruption to its operations at a distribution centre near Belfast, Northern Ireland, where the printers began frantically spitting out the ransomware gang’s demands. Much like the December 2022 attack on The Guardian, this caused widespread disruption to the sizable company.

Similarly, smaller local councils like the Western Isles local authority Comhairle nan Eilean Siar and Redcar and Cleveland Borough Council have also been targeted, compromising sensitive data and disrupting essential services.

Notably, proactive measures were undertaken by organisations like Oldham Council, investing £682,000 in computer upgrades after it revealed the company was actively warding off 10,000 cyber attacks per day. Such investments enhance disaster recovery capabilities and provide comprehensive protection against ransomware attacks, safeguarding critical data and mitigating potential financial losses.

IT Security Budgets Too Low?

Today, many British businesses openly share that they believe their systems are subpar. With only nine per cent of the average UK company’s IT budget dedicated to security, most are aware of the risk they take on. However, in attacks like these, financial loss is not only incurred through client trust erosion and business disruptions. The fines from regulators for not keeping businesses resistant to customer data breaches can be staggering.

The need for more allocation of IT security budgets presents a formidable challenge for UK businesses. With a mere nine per cent of the average company’s IT budget dedicated to security measures, numerous organisations acknowledge the inherent risks they face. However, the consequences of a cyber attack extend far beyond mere financial losses, as exemplified by the Equifax case. The Financial Conduct Authority fined this large credit reporting agency over £11 million for failing to protect the personal data of nearly 14 million British clients in one of the most significant cyber security breaches ever recorded. Among the data leaked in the 2017 breach were names, dates of birth, phone numbers, addresses, and credit card details of unsuspecting British consumers.

Equifax’s troubles did not end there. Following the leaking of personal data of almost 150 million US customers, the company faced a record settlement of $800 million with American authorities. Patricio Remon, Equifax’s European head, highlighted the immense investment made in security and technology transformation since the cyber attack against the company six years ago, amounting to over $1.5 billion.

Despite these efforts, the company received a £500,000 fine from the UK’s Information Commissioner’s Office in 2018 for the same attack, the maximum fine allowed at the time. While these actions illustrate efforts in Britain to mitigate the impact of ransomware attacks, challenges persist beyond its borders.

Prosecutors in Belarus, Russia, and several other former Soviet Union states show little inclination to pursue such lucrative cyber crimes, according to assessments from the National Cyber Security Centre and the National Crime Agency (NCA). Additionally, ransomware operators have been identified in West Africa, India, and Southeast Asia.

James Babbage, a director of general threats at the NCA, noted that traditional criminal justice outcomes are challenging to achieve against actors based in uncooperative jurisdictions. Consequently, the US, UK, and other allies have relied on technological methods to dismantle some of the most prolific cyber criminal networks, such as the Qakbot network and its counterparts.

What’s particularly alarming in this report is the simplicity with which these attacks can be thwarted. Many businesses need to implement basic security measures such as multi-factor authentication, a widely accepted industry standard that is easily implemented. Others overlook the importance of using strong passwords or updating every machine on their network regularly.

A Worrying Reality

These statistics underscore a worrying reality: many UK businesses operate with inadequate cyber security measures that fail to align with the escalating digital threats. As cyber criminals evolve tactics, companies must reallocate resources and adopt robust cyber security strategies to mitigate risks effectively.

In light of these challenges, businesses must proactively enhance their cyber security posture. At Thrive, we specialise in partnering with companies to navigate the complex cyber security landscape. Contact us today to fortify your defences and ensure resilience against emerging cyber threats.