The enormous scale of the 2013 Yahoo breach, the 2016 Uber breach and the 2017 Equifax breach came to light this past year, demonstrating that data is a valuable target for cyber adversaries, said a new report from the UK’s National Cyber Security Centre.
Supply chain compromises of managed service providers and legitimate software (such as MeDoc and CCleaner) provided cyber adversaries with a potential stepping stone into the networks of thousands of clients, capitalizing on the gateways provided by privileged accesses and client/supplier relationships. It is clear that even if an organization has excellent cyber security, there can be no guarantee that the same standards are applied by contractors and third-party suppliers in the supply chain. Attackers will target the most vulnerable part of a supply chain to reach their intended victim.
Fake news amplified on malicious websites and via defamatory social media campaigns had an impact on UK businesses in 2017, showing the potential commercial impact of these practices.
Cyber attacks have resulted in financial losses to businesses of all sizes. The costs arise from the attack itself, the remediation and repairing reputational damage by regaining public trust. Attacks have also triggered declines in share prices and the sacking of senior and technical staff held to account for massive data breaches. The enforcement of the General Data Protection Regulation (GDPR) in May 2018 could, under certain circumstances, lead to severe fines for organizations which fail to prevent data breaches, which result in a risk to the rights and freedoms of individuals.
Between October 2016 and the end of 2017, the NCSC recorded 34 significant cyber attacks (that is, attacks that typically require a cross-government response), with WannaCry the most disruptive of these. 762 less serious incidents (typically confined to single organizations) were also recorded. 2018 will bring more of these attacks. The Internet of Things and its associated threats will continue to grow and the race between hackers’ and defenders’ capabilities will increase in pace and intensity.
With interest in cryptocurrency still strong, cryptojacking – where an individual’s computer processing power is used to mine cryptocurrency without the user’s consent – will likely become a regular source of revenue for website owners. Increased use of cloud technology to store sensitive information will continue to tempt cyber attackers, which could result in UK citizens’ information being breached.