“As new technologies emerge, hacking trends will adapt and the number of threats that industry needs to be defended against can only increase"
In 2020, 5G is expected to finally begin making an impact on taking connectivity to the next level – but with that comes a raft of cyber security dilemmas for businesses. Dan Robinson finds out from company bosses how they’re preparing to combat the threat.
The statistics are alarming – there is a hacker attack, somewhere in the world, every 39 seconds.
Cyber-criminals are a persistent threat to businesses of all sizes, yet only one in three companies (36%) have a cyber security policy in place, and only 32% have done a cyber risk assessment in the last 12 months, according to this government report.
Phishing attacks were the most common type of breach, followed by “others impersonating an organisation in emails or online”, viruses and spyware or malware (including ransomware attacks).
While it’s vital to have processes and policies in place to protect your business, it’s no secret that the industry is ever-evolving as hackers become more and more sophisticated in their techniques.
With this in mind, what will cyber security look like in 2020 and beyond, and what can organisations do to stay one step ahead?
Cyber security in 2020 and beyond: Insights from the experts
Steve Kingan, chairman and CEO at Nexor
Cyber security specialist Nexor works with the UK government, military and other medium to large-sized enterprises to enable the secure exchange of sensitive information between domains.
As the rise in cyber attacks show no signs of abating, Steve Kingan believes businesses will be hard-pressed to avoid increasing their cyber security investments in the foreseeable future.
He said: “Small businesses, in particular, bear the brunt of 43% of cyber attacks and this percentage will only increase.
“There are multiple factors contributing to this. Small businesses are less likely to have dedicated cyber security resources to protect their businesses and more likely to be reliant on outsourced suppliers and software for their IT needs, which introduces possible supply chain vulnerabilities, as well as infrastructure configuration weaknesses.
“They are also less likely to have an adequate cyber security budget, resulting in weakened security coverage.
“As new technologies emerge, hacking trends will adapt and the number of threats that industry needs to be defended against can only increase.
“Legacy equipment will continue to be used, against which old attack methods will remain effective.
“There isn’t a silver bullet that enables a business to completely protect themselves against hackers, but there are multiple defensive actions that will help.
“Focusing on doing the basics well, by thoroughly implementing ‘cyber essentials’, is an excellent starting point for any business.
“Risk identification and mitigation is crucial to business security and administrative controls are equally important to technical ones.”
Ben Griffin, director at Computer Disposals Ltd
Computer Disposals Ltd is an IT recycling and data destruction business serving large organisations throughout the UK, including the NHS.
Ben Griffin agrees that small businesses are at a heightened risk of cyber crime as they lack the knowledge, time and resources to implement the security measures needed to protect themselves.
He said: “Hackers are becoming smarter about the types of attacks that are most effective against specific businesses, and emerging techniques are making it difficult for SMEs to stay on top of their business’ cyber security.
“That said, we believe that data privacy legislation and compliance associated with GDPR has had a positive impact on opening businesses’ eyes to the risks of cyber crime.
“A more attentive approach to data and compliance has naturally made companies more mindful of digital safeguarding, and we believe that cyber security budgets will continue to increase beyond 2020 as more businesses look to stay GDPR compliant whilst reducing their overall threat of cyber crime.
“Going forward, phishing scams will remain one of the most prevalent types of cyber-attack that businesses need to be aware of, as well as the risks associated with using mobile devices interchangeably across different networks for both business and personal use.
“Businesses must educate their personnel about the risks of these attacks in particular, and ensure that their network is closely monitored to prevent rogue devices leaving gaps in their overall security.”
Craig Barnett, founder of Wisit
Wisit helps businesses to protect their IT infrastructure by providing a fully managed IT service.
Craig Barnett says attempts at hacking aren’t going to decrease any time soon, however, their conversion rates can.
He said: “The majority of small companies only invest in cyber security after the horse has bolted as we tend to have an ‘it will never happen to us’ attitude and we turn a blind eye to things we simply don’t understand.
“We would all understand zero access to systems and a several million-pound ransom, though.
“The time to invest in cyber security is now, even in something as basic as staff training.
“The consumer Internet of Things (IoT) industry is expected to grow to more than seven billion devices by the end of 2020.
“Many of us do not see IoT devices as a risk because a majority of them do not have a user interface.
“However, IoT devices are not only collecting valuable user data, they could become an entry point for an attacker or tool to launch an attack.
“IoT devices are not secure by design, because putting a focus on security would significantly increase manufacturing expenses.
“The cliché of preparing for the unexpected is often spoken about in the cyber world.
“We know you are going to be attacked – it’s how well prepared you and your business are.”
Darren Hockley, managing director of DeltaNet International
DeltaNet International offers businesses compliance and health and safety e-learning.
Darren Hockley also believes staff training could make all the difference when it comes stopping hackers in their tracks.
He said: “Without continuous awareness training to keep threats fresh in our mind, it’s all too easy to become complacent and fall into the criminals’ trap.
“This is particularly true at organisations that only offer training annually, or, worse, just once during induction.”
Looking ahead to next year and beyond, and what threats businesses could face, he added: “In an increasingly modern and technological world it seems to make sense to imagine businesses battling increasingly sophisticated cyber security threats in the future.
“And while it’s true that some hacking practices are scarily complex, you may be surprised to learn that the number one cause of data breaches for businesses is still not very futuristic at all – it’s weak and stolen passwords.
“If I could offer businesses one piece of advice to mitigate the risk of cyber-attacks, it’s don’t ignore the obvious; keep awareness levels about these things high.
“I say this because most cyber-criminals are opportunists and, in 2020 and beyond, I imagine artificial intelligence will be increasingly used to find commonplace vulnerabilities to exploit – eg unpatched or uninstalled software updates.
“AI could also be used to create highly targeted phishing attacks (a practice known as ‘spearphishing’) by quickly searching and collating large amounts of data online in order to convincingly mimic legitimate organisations and requests for information.
“Indeed, due to the sheer amount of data that AI-led software can search – and the fact that machine learning means the software can predict our online behaviours – it’s possible that phishing attempts of the future will appear more and more convincing.”
Steve Hanna, co-chairman of Trusted Computing Group
Trusted Computing Group is a not-for-profit organisation that was formed to develop, define and promote open, vendor-neutral global industry specifications and standards in computing.
Steve Hanna says analysts expect cyber security spending to increase around 9% every year for the indefinite future.
He said: “Businesses are always improving their cyber defences, but the problem is hackers also constantly expand their arsenal for cyber-attacks.
“This is a classic arms race and it moves quickly. Neither party can afford to rest on their laurels, or they will fall behind.
“One of the biggest problems for small businesses in particular is that they can’t afford to spend as much on cyber security as larger businesses.
“A way to ease this imbalance is to hire a managed security service provider who can supplement your in-house defence capabilities.
“Cyber crime is much more lucrative than physical crime and the risks are far lower; therefore, we are seeing a shift in criminals as they move online.
“Thankfully, organisations like TCG and our members are working to make computer systems fundamentally more secure, which aims to slow the increase in cyber security spending over time.
“The best bit of cyber security advice I can give is that there’s no silver bullet. Instead, you need in-depth defence where several layers are used to protect your systems.
“Further, I always advise businesses to use risk management techniques to help prioritise spending.”