Cyber Security

Serviceteam IT UK Cloud Snapshot Survey 2017

UK business, infrastructure and government face an unprecedented level of threat from cyber-security attacks. The new National Cyber-Security Centre (NCSC) contended with 480 major incidents in its first 8 months, from global ransomware outbreaks to smaller breaches at British businesses, and the pace shows no sign of slowing.

Have cyber-security incidents increased?

A third of respondents to the survey had experienced an increase in cyber-security breaches in the last 12 months. When interviewed, the IT Infrastructure Manager from Sanderson House commented that they have not only experienced an increase in the frequency of attacks, but also the nature in which they are carried out. He commented that the type of attack has:

“changed from phishing to ransomware attacks. Companies need to be aware and have a plan to deal with it when you do get caught”.

It is this increase in the frequency of attacks that has been the primary focus for Sanderson House over the past year. However, the opinion that cyber security incidents are becoming more frequent is not shared by all. When interviewed, one interviewee commented that, due to the fact that it is now mandatory to inform people when there has been a cyber attack:

“there is now just more attention on attacks . . . this is where the visibility has come from”.

There is now a greater awareness of the scale of cyber crime as a result of the availability of this information. While it is clear that from the survey not all respondents have experienced an increase in cyber -security incidents, illustrating that for some UK firms cyber- security is a major priority and has become increasingly important over recent months.

34% of the respondents said they had experienced an increase in cyber-attacks

Yes: 34%
No: 66%

Has your company experienced an increase in cyber security incidents within the past 12 months?

1.8% average share price drop following data breach

£42bn lost by investors due to cyber-security incidents

Cyber-security threats will have an impact on every business, whether they are an organisation that has carried out a full digital transformation program or they are just a small business with online banking. The threats are varied and adaptable. They range from high volume, opportunistic attacks where technical expertise is bought, not learned, such as DDoS attacks to highly sophisticated threats involving bespoke malware created to compromise specific targets.

The idea of cyber-crime being carried out by script kiddies in hoodies has been replaced by criminal groups attacking financial institutions and state sponsored cyber-attacks with the potential to influence elections. The past year has seen cyber-attacks on a scale and boldness we have not seen before. These include the largest recorded cyber heist, the largest DDoS attack and the biggest data breach ever being revealed. And the attacks on the Democratic National Party, Ukrainian energy infrastructure, the NHS and Bangladesh Bank demonstrate that no organisation is safe.

The threat is real and it isn’t just an IT problem causing minor disruption. The financial impact is vast. A study conducted by Oxford Economics found that companies’ share prices fall by an average of 1.8% on a permanent basis following a severe data breach. In August 2017, the Government announced that British organisations could face fines of up to £17m, or 4% of global turnover if they fail to take measures to prevent cyber-attacks that could result in major disruption to services such as transport, health or electricity networks. This means a typical FTSE 100 firm is worse off by an average of £120m after a breach, according to the study. It looked at 315 breach events with a focus on 65 “severe” and “catastrophic” breaches occurring since 2013 across seven global stock exchanges.

The analysis showed that investors have lost at least £42bn due to severe public domain cyber-security incidents since 2013.

Which external factors will impact on IT over the next 3 years?

When asked about the external factors threatening their IT strategy, many of the respondents said they had experienced an increase in cyber-attacks, also reporting that the nature of these incidents had changed. Attempts to encrypt data and charge a ransom had been experienced by many of the respondents.

Despite the prevalence of this issue in the media, only 21% of respondents to the survey highlighted an increase in cyber-crime as the greatest challenge. 60% of respondents listed GDPR as the biggest challenge to their IT plans over the next 3 years, making this the most popular answer amongst respondents to the survey. In addition, only 19% of respondents highlighted Brexit as the greatest challenge to their IT plans, despite the huge changes this is likely to have in the UK.

21% consider cyber-crime having the biggest impact on IT in the next three years

Cyber-Security: 21%
GDPR: 60%

Which external factors do you feel will have the biggest impact on your IT plans for the next 36 months?

What are the barriers to cloud expansion?

50% of respondents to the survey felt that there were not any barriers preventing them from moving additional applications to the cloud, whilst the other 50% thought that there were. 46% of respondents to the survey highlighted security as one of the main barriers to the expansion of the use of the cloud in their business. This therefore correlates with the findings of previous reports on the use of the cloud.

The format of this question allowed respondents to be able to input their own response in addition to the multiple-choice options given. Looking at these individual responses produced some interesting information. One of the answers given was customer acceptance. This therefore suggests that some companies are reluctant to make greater use of the cloud due to a lack of trust from customers.

“…the location of data was a significant barrier to further expanding the use of the cloud. This …demonstrates that some businesses are aware that the location of data is likely to become more significant in the future as a result of changes in legislation such as the implementation of GDPR.”

46% highlighted security as a barrier to cloud expansion in their business

None: 50%
Security: 46%
Cost: 33%
Vendor Lock-in: 27%
Data Control: 26%
Latency: 26%
Existing Infrastructure: 24%
Reliability: 26%
Lack of experience: 20%
Other: 28%

Do you feel there are any barriers halting further expansion of the use of the cloud in your business, if so, what are these barriers?

Cyber-crime is not going to stop, it is the new reality in which we have to operate, it will adapt and change to every attempt to bring it under control. The threats will be larger and potentially far more damaging to more than just business with national infrastructure already being targeted. Businesses have recognised this issue but there is a skills shortage of experienced cyber-security professionals resulting in a high cost to bring these skills in house. Businesses that do not pay enough attention to the threats will be hit by ransomware attacks. It is important that the understanding of the real risks of cyber-crime are understood at board level so that the IT team can be sufficiently resourced to mitigate that risk.