The interconnected world provides us with untold opportunities and conveniences. From shopping online to e-banking to something as simple as ordering a pizza, all made possible by the internet. However, these conveniences do not come risk-free, the internet also has a darker side. It is predicted that cybercrime could cost the global community up to £5.4 trillion annually by 2021. However, not every part of the world is equally exposed to cyberattacks, which then poses the question: How exposed is the UK?
The UK government’s ongoing initiatives and measures to combat cybercrime plays a key role in its recent rank as the 13th least exposed country to cyberattacks globally, as well as making the top ten cut in Europe, placing 8th. Whilst those who reside in the UK can breathe a sigh of relief, this doesn’t mean the UK is immune.
The biggest threats faced by the UK
Hacking techniques that leverage either stolen credentials or known vulnerabilities dominate the types of attacks across EMEA.
According to Verizon’s 2020 Data Breach Investigations Report, 42 percent of web application data breaches are caused by stolen credentials, whereby the attacker gathers compromised login details either through phishing or malware to then gain access to an online account or platform. Unsurprisingly, 56 percent of the data exposed in data breaches falls into the credentials category, elevating the importance of protective software.
Source: Verizon’s 2020 Data Breach Investigations Report
Most notably, 2020 saw cybercriminals target outward-facing email servers, as well as business-critical applications.
Incidentally, 27 percent of malware incidents were ransomware, which Cybersecurity Ventures predicts will cause damage costs of £16 billion by 2021, equating to 57X more than it was in 2015 – making it the fastest-growing type of cyberattack.
The second tactic used – exploiting vulnerabilities – accounts for 20 percent of breaches in EMEA, where an attacker gains access to data or a system or repurposes a server for malicious intent. Checking external-facing websites or software for vulnerabilities, as well as missing security protocols, such as multi-factor authentication, is key to minimise your exposure.
Surprisingly, it’s not just external threats you should be worried about but also internal. Internal actors account for 13 percent of all data breaches with 70 percent of all threat actors driven by financial gain, followed by espionage (22 percent).
Where do the cyberattacks originate From?
Since the very nature of cybercrime transcends international borders, cyber actors often mask their identity to remain completely anonymous which can make it difficult to identify those responsible for attacks. However, it has been reported by the National Cyber Security Centre that a significant number of incidents come from hostile nation-states.
One such example involved the infamous group Turla. Turla hijacked the systems of a rival Iranian APT (advanced persistent threat) allowing them to masquerade as Iranian hackers to cover their Russian origin while they executed malware attacks against UK entities.
More recently, the Lazarus Group, commonly believed to be run by the North Korean government, planned a large-scale campaign sending COVID-19-themed phishing emails to over 5 million businesses and individuals across six countries, including the UK.
The UK’s resilience to cyberattacks
The UK has the highest level of commitment to cybersecurity globally thanks to the three core objectives of the National Cybersecurity Strategy:
- Defend – Protect networks, data, and systems by ensuring that the UK can defend against new waves of cyberthreats, respond effectively to incidents, and provide citizens, businesses, and the public sector with the knowledge needed to employ the necessary security protocols.
- Deter – Make the UK a hard target by meticulously detecting, understanding, investigating, and disrupting all hostile actions taken against us, whilst also rigorously pursuing and prosecuting offenders.
- Develop – A combination of continued innovation through world-leading scientific research and development and maintaining a pipeline of talent to fill the skills needed to meet both the public and private sector needs will enable the UK to adeptly overcome the threats of an ever-changing cyber environment.
The UK is a prosperous digital nation and it will continue to attract the attention of attackers but with the £1.9 billion invested to defend, deter, and develop against cybercrime, the UK’s level of commitment to cybersecurity is set to stay at the top of the pack globally. However, global cooperation is required to make the digital world a safer place.
Contributed by Joshua Frisby, Founder of PasswordManagers.co.