UN Chief of cybercrime speaks with the BFPP (now rebranded as The Defence Works) on the biggest threats facing UK businesses
“The sheer scale of cyber threat is immense” The Defence Works today spoke to the United Nations P5 Chief of the Global Programme on Cybercrime, Neil Walsh, in relation to the immense risk faced by businesses globally, and specifically in the UK.
Having previously worked at the National Crime Agency, Neil Walsh took up the lead role at the UN fighting cybercrime globally at the end of 2015. Walsh now helps developing countries in Central America, Eastern Africa and South East Asia develop counter-cybercrime measures to ensure they are capable of preventing, investigating and taking enforcement action in respect of cybercrime.
The weakest link is the ‘human element’
Fraud and cybercrime costs UK businesses £144 billion each year and with 42% of all businesses being a victim each year, more could (and should) be done to prevent such incidents. “Businesses can have the best technology available in an attempt to prevent fraud, but the weakest link in any business is the human element. Where new threats emerge, technology is not able to respond quickly enough to prevent it and this is why employees must be educated as they are typically the route in for criminals to expose a host of issues for businesses”, commented Walsh.
Ransomware will become the biggest risk to businesses in the future
Businesses are exposed to a wide range of fraud and cybercrime attacks; with ransomware being labelled by Walsh as “the biggest risk to businesses at the moment”, following a huge rise in attacks in recent months.
Ransomware is software which typically infiltrates computers when a user clicks on a link or document within an email. The software then blocks access to a vital computer system or folder containing business critical information, demanding that payment is made in order to regain access. Unfortunately this mode of cybercrime is on the rise as UK businesses fail to adequately protect themselves. Walsh explained, “It is important that businesses don’t pay the ransom, as much like in kidnap situations, it only propagates the threat, increasing the risk to everyone. Maintaining regular, secure backups of systems is a vital component of recovery.”
“The criminals work on a risk versus reward basis,” Walsh continued, “and many criminals no longer need to be a computer expert to carry out cyber-attacks. Would-be attackers can buy the software relatively cheaply and then send out emails to the masses – they only need to succeed with a few unsuspecting victims to justify their outlay”.
As with many cybercrimes, technology is only one piece of the puzzle – being protected against potential attacks requires a combination of adequate technology measures, and an education drive amongst staff to inform them of the potential risks of clicking on a seemingly innocent email.
UNITED NATIONS
“The work of yours, what The Defence Works do, that’s what it is all about -helping businesses to protect and prevent becoming victims of cyber-crime.”
Neil Walsh, Chief of Global Cybercrime
Criminals are turning their focus to SMEs
Alarmingly, Walsh believes that SME’s are at particular risk of cybercrime. “It never ceases to amaze me the risks that people will take when dealing with emails and this isn’t limited to a particular generation – it spans all generations and this causes no end of risk for businesses.
It is important that businesses begin to impose the element of personal responsibility upon individual employees as so many businesses cease trading due to fraud and cybercrime each year. SMEs are particularly at risk because it only takes one mistake to cause catastrophe within a business”.
The paradox for SMEs is that whilst being the most at risk, they are often the least likely to take preventative measures to protect themselves, due to the normally high costs associated with legal support – a problem that The Defence Works seeks to solve with its anti-fraud portal service.
What is the solution for businesses at risk?
“It is important that staff training is continuous, not just a one off.”
When considering the global threat to cybercrime against that of the UK’s, Walsh stated that it is crucial “to teach people to be safe online, as this significantly reduces the risk of being a victim of fraud”. Neil Walsh echoes the advice that The Defence Works gives to its members, stating that “businesses should ensure they regularly back up their data onto an offline device, as well as implementing cybercrime and information security policies and procedures which are actionable”, stressing that “responsibility for implementation should be taken seriously business wide. In addition, training and education of staff is imperative – it is important that staff training is continuous, not just a one off. It needs to be a normal part of everyday business”.
Finally, Neil recommends that business owners report all matters to authorities, but recognises that organisations often have concerns in doing so in respect of public perception, brand reputation and their own shareholder considerations.