Staying safe: the future of cybercrime

Around half of UK SMEs were successfully infiltrated by hackers last year
A recent report into the macroeconomics of cybercrime have calculated that it generates $1.5trn in revenue
Standards have been created to help businesses improve cyber security, such as the government's Cyber Essentials 
[standfirst] As connected devices and artificial intelligence hit the mainstream, experts are warning that we are entering a new era - one rife with cybercrime. 

For many people, the threat of cybercrime finally became a reality last year when over a third of England's NHS trusts were disrupted by the devastating ransomware WannaCry.

The malware - which brought A&E departments and GP surgeries to a standstill - encrypted data on the infected machines, with hackers demanding a ransom of around £230 per computer. At least 6,900 NHS appointments were cancelled as a result, with 19,000 estimated to have been affected overall. Yet, despite the severity of the attack, WannaCry was described as “relatively unsophisticated” by the National Audit Office, and deemed to have been easily avoided had the NHS followed basic IT protocol.

The rise of ransomware

Conservative estimates suggest that around half of all UK SMEs fell victim to cybercrime last year, with ransomware - typically spread via phishing emails - a notably growing threat. As with WannaCry, most of these attacks could have been prevented, according to Oz Alashe MBE, who runs the cyber-security training platform CybSafe. “Roughly three quarters of all data and security breaches can be attributed to people,” says Alashe.

“This emphasises the need for ongoing employee cyber-security education”
- Oz Alashe, CEO and founder, CybSafe

Alashe believes ransomware attacks will go on rising as businesses continue to digitise. As companies increase the size of their IT systems and reliance on digitised services, so too do they increase the number of possible attack vectors.
“As organisations have begun to embrace the internet of things, related threats targeting IoT have spiked,” he says.

Contrary to popular opinion, complex business systems are not necessarily harder to hack either - as was made clear by the Deloitte data breach reported last September. Cybercriminals prefer the path of least resistance, explains Alashe; companies with sophisticated IT systems are usually undone by lapses in basic cyber-security practices, rather than elaborate hacks.

A platform economy - but for cybercrime

It's not just about our devices becoming more connected and our systems more sophisticated. A recent report into the macroeconomics of cybercrime valued its global revenue at $1.5trn, revealing a 'platform economy' of crime built around access to data, much like the one we've grown used to today (whereby digital platforms connect users to services, rather than directly providing the service themselves). The report, authored by the University of Surrey's senior lecturer in criminology Michael McGuire, talks of a “web of profit” where criminals can order off-the-shelf services much like you or I might order a book off Amazon.

In a column penned for tech news provider VentureBeat, McGuire writes: “There are large organisations in the burgeoning cybercrime economy that very closely match the structures and business plans of companies like Uber, Airbnb, Facebook, Twitter, and WhatsApp. These platform owners act more like service providers than criminals; they don't commit the crimes directly but enable and profit from cybercrime, and are helping to create a world where cybercrime is a permanent state.”

The problem with AI

Arne Uppheim is a senior director at Avast Software - which, with its several hundred million users, is one of the best-known and largest cyber-security companies in the world. For Uppheim, McGuire's “permanent state” of cybercrime isn't exclusive to the dark web and illegal operations, but extends into the mainstream as well. It's only a matter of time, he warns, before criminals abuse perfectly legal off-the-shelf machine-learning algorithms to launch sophisticated attacks that can evade threat detection.

This makes artificial intelligence “something of a double-edged sword”. On the one hand, its ability to detect threats in real time and to predict emerging threats as they evolve gives it the potential to revolutionise how cybercrime is fought. On the other, readily available AI codes can equip criminals with devastating weapons.

The solution? Greater collaboration. 

“Cybersecurity researchers' latest and potentially greatest tool in the fight against cybercrime could soon be used in nefarious ways,” says Uppheim.“This is why industry collaboration and education is so important: it's the only way to ensure the good guys stay one step ahead.”

Fighting back

When it comes to securing connected devices - such as printers, webcams, mobile phones and electronic locks - Uppheim emphasises the need to be broad in scope so that the software and the network are both protected.
“There must be an emphasis on installing multi-layered security at both the endpoint and network level,” he says.

Uppheim and Alashe are united in stressing the importance of education when it comes to fighting cybercrime. “The government's National Cyber Security Centre has prevented thousands of attacks and incidents, and is helping to foster a talent pipeline of the next generation of experts,” says Alashe. “It has some fantastic guides online showing how easy it can be to protect your organisation's data, assets and reputation. Listening to this advice will dramatically increase your protection from the most common types of cybercrime.”

Mark Lomas, a technical architect at IT support company Probrand, agrees. “SMEs can now benefit from Cyber Essentials, a set of IT security standards created and backed by the government,” he says. “The standards have been developed with small businesses in mind, for those that are looking for ways to improve their security and mitigate the risk of attack.”

As well as helping businesses test and establish security policies, once a business has completed the Cyber Essentials certificate (at a cost of around £300), it can display the Cyber Essentials stamp of approval. “This provides confidence to customers and partners,” says Lomas.

By Mentor

Mentor offers expert business advice on employment law and HR, health and safety, and environmental management.