A new report on the impact of cyber activities on UK businesses

    16 April 2018 | Rianda Markram

    A new report on the impact of cyber activities on UK businesses

    The National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) have jointly authored an annual report on cyber activities in the past 12 months and the impact on businesses. Rather worryingly, the report makes it clear that criminals are launching more online attacks on UK businesses than ever before.

    The main players

    The National Crime Agency (NCA) is the UK law enforcement agency responsible for cybercrime. The National Cyber Security Centre (NCSC) is part of GCHQ, and was set up to help protect UK critical services from cyberattacks, manage major incidents and improve the underlying security of the UK Internet through technological improvement and advice to citizens and organisations.

    Cyber crime and cyber attacks

    Cybercrime is commonly defined as any crime conducted via the internet or some form of computer network. 

    Cyberattacks have resulted in financial losses to businesses of all sizes. Costs usually arise not only from the attack itself, but also following it, from remediation and the repairing of reputational damage by regaining public trust. 

    The report confirms that interest in cryptocurrency remains strong. It is anticipated that cryptojacking, where an individual's computer processing power is used to mine cryptocurrency without the user's consent, will become a regular source of revenue for website owners. In addition, increased use of cloud technology to store sensitive information will continue to tempt cyber-attackers, which could result in UK citizens' information being breached.

    Examples: ransomware and denial of service attacks

    Ransomware and Distributed Denial of Service (DDoS) attacks, where hackers threaten to conduct DDoS attacks unless a ransom is paid, have increased in particular demanding a re-instatement of services payment in Bitcoin. Using this method of payment allows cyber criminals to conduct bold attacks and potentially make a profit. A DDoS attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.

    Further examples:

    At least two software companies had their products compromised at source, resulting in their customers being infected with malware when downloading the software/updates. When executed well, supply chain compromises are extremely difficult to detect.

    One more area of concern: fake news and information operations

    Reputational damage to a business can often be caused through the use of social media. The spreading of fake news can also affect a company's share price or sales and can, in some cases, force a smaller business to close.

    More to come: future threats

    The report highlights future threats are:

    • Data breaches and legislation;

    • Cryptojacking;

    • Supply chain compromises;

    • Internet of Things;

    • Cloud security.

    This feature was written in collaboration with the lawyers at Markel Law, who regularly comment on SME related matters. You can stay up to date with the latest legal changes on the Markel Law Blog, written in plain English, so that you understand the implications that is has for you as a small business owner.

    For media enquiries, please contact: Marketing via email