BT LF4 Cyber theft help

BT’s annual survey, The Future in 2021, revealed that almost two thirds of business leads believe digital attacks have become more prevalent in recent years. Rob Waugh explains the increase and how BT is helping businesses combat this urgent problem

business.bt.com/insights/the-future-in-2021

Find out more from BT’s Future in 2021 survey at

Cyber theft is the fastest growing crime in the world – but help is at hand

Research by security firm Tassian found that 56pc of IT technicians felt that workers had picked up bad habits while working from home.

More than a quarter (27pc) of businesses face cyber-attacks such as phishing on a weekly basis, according to DCMS statistics. The effects of a data breach can destroy companies, with damage often counted in millions in terms of fines, lost customers and lost revenue. IBM’s Cost of a Real Data Breach report, based on 537 real data breaches at large companies, found that the cost of a data breach has risen from $3.86m (£2.87m) to $4.24m (£3.15m) globally in a year, a rise of 10pc. Remote work is amplifying the damage caused by breaches, the report found, with the average cost being $1.07m (£800,000) higher in breaches where remote work was a factor. Data breaches can bring businesses to their knees, warns Helena Nimmo, chief information officer at software development company Endava. “In the short term, cyber breaches can interrupt core revenue-producing operations for extended periods of time,” she says. “The erosion of trust by customers, regulators and the market can have more subtle, long-lasting and crippling effects on a business.” Leaked data can have serious long-term effects for a business, says Prof Curran: “Data breaches can lead to reputational damage and potentially serious fines. Customers may move on to competing services and there also may be a need to set up a call centre to deal with customer queries in the wake of a data breach.” Organisations need to ensure that every employee is aware of the potential impact of a data breach, says Bryan Fite, global account chief information security officer at BT. “The bottom line in a lot of these situations is that people don’t realise the potential significance of their actions on the company,” he says. “Making sure your employees appreciate the impact that a breach would have can really shift their approach to security – as can an open culture.”

How to respond to a cyber threat

The most important step to preventing cyber breaches is taking a people-first approach, says Bryan Fite at BT: “Start by making poor security practice harder by putting guard rails on your system. For example, use filters for web searches and email click-throughs that block access to risky sites. “Then turn your attention to providing education and coaching on how to behave safely online. The good news here is that the attack vectors you’re training people about have remained fairly consistent over the past 15 years, so you know what you’re up against.” BT’s Skills for Tomorrow programme offers tips on security for small businesses.

Take a people-first approach

Cybersecurity teams have increasingly complex jobs – but defences have evolved too, says Martin Lee, EMEAR lead at Cisco Talos Strategic Planning & Communications: “Adopting the zero-trust model means that teams are able to identify users, allow them only access to the systems needed, and block access attempts by criminals with stolen or guessed passwords,” he says. “The emerging SASE model (Secure access service edge) of system access allows cybersecurity teams to protect and manage remote-working users accessing services delivered through the cloud via connections that wouldn’t touch a traditional office network.”

Proactively target threats

Organisations should take control of their data, says Prof Curran. “All aspects relating to the protection of data need to be considered,” he says. “This includes examining security of physical locations and employee access, data storage, data backups, network security, compliance and recovery procedures – and, of course, all IoT [internet of things] devices. It can be easy to neglect software, but it also needs to be audited and a security architecture survey should follow.”

Watch your data

Private sector organisations are more likely to say that cybersecurity is a major consideration when buying technology solutions, according to BT’s research. 42pc of public-sector organisations consider security a major consideration, compared to 36pc of private firms. Businesses in the medical sector have to take cyber-risks very seriously, says Dr Justin Davies, chief executive of Wondr Medical: “Businesses in the medical sector are at constant threat of cyber-attack, but the medical community gains more from open-networked connectivity instead of everything being locked down behind a closed local network. At Wondr Medical we deploy military-grade encryption to all our communications to make our platform secure.” For businesses in the hospitality and retail sectors, network security is the priority (with 51pc of businesses seeing a role for it), followed by cloud-based security at 46pc. Businesses in the hospitality sector can face serious cyber threats, says Ryan Jones, co-founder of plant-based eatery chain KOJO. “During the pandemic, the KOJO management team has experienced an increase in threats to a global digital presence, with fears of ransom to be paid in digital currency and hacks to customer information. Due to the nature of my own tech background, KOJO’s cloud infrastructure security configuration has been developed in line with the best practices and advanced log analytics to provide visibility and control, through advanced privacy and security protocols.”

With employees increasingly working from home, antivirus protection is important on all devices.

Antivirus protection

When working from home began, many businesses left employees ill-prepared to deal with new challenges. Research by internet security firm Kaspersky found that almost three-quarters (73pc) of employers did not conduct any training on how to interact with corporate information remotely. Businesses need to raise cybersecurity awareness, says Simon Hepburn, CEO of the UK Cyber Security Council: “More than 90pc of cyber breaches are down not to a failure of technology but – and this is key – to human error,” he says. “It’s ordinary people making everyday errors: not checking an external email address, or clicking a link in an email. Businesses should teach staff real skills – not just to follow the company’s security policies and procedures, but to take a few seconds to stop and think, and to maintain a tangible level of cynicism.” IBM’s research found that making an effort at digital transformation helps to fend off the damage of data breaches, with companies that have made no effort at digital transformation facing an average cost of $5.01m – $0.77m more than average. Many UK businesses are not confident that their security budgets are correctly allocated, with just 38pc confident that their cyber budget is allocated to the most significant risks, according to PwC research. UK businesses are aware that partners and vendors have an important part to play, with 51pc of businesses saying the role of partners is more important than ever before. When UK construction firm Willmott Dixon wanted to digitally transform, the company worked with BT to upgrade nearly every aspect of its business. Willmott Dixon used 5G technology to deliver videoconferencing to its sites, and used Microsoft’s Hololens headsets to show customers what a completed building would look like. Cybersecurity was at the heart of this transformation. Steve Witty, the company’s head of IT security and compliance, says: “Like most businesses, we operate in a digital world where data is king. All businesses are at risk of a cyber-attack – be that targeted or being caught in a wide-net attack, resulting in possible loss of connectivity or data, either through ransomware or theft. “Without cybersecurity, the keys to the kingdom are hanging up by the door, allowing access to systems and data. As these threats become increasingly sophisticated, cybersecurity is fundamental to protecting our people, business, customers and partners. “It is important to identify the most proportionate product or service for the business. Partnering with a supplier gives access to a range of products, for an effective side-by-side comparison. Partners also have experience of both the products, services and our business, so are in a great position to provide quality guidance which helps us make informed business decisions.”

UK businesses are facing an ever-increasing amount of cyber-attacks – and the pandemic has only made things more challenging. Almost two-thirds of business leaders (65 per cent) believe that cybersecurity breaches have become more of a threat in the last 12 months, according to a BT survey of 1,217 business leaders. To compound the issue, pandemic-induced changes such as home working have made things worse, according to Amanda Finch, chief executive of industry body the Chartered Institute of Information Security: “Rapid advancements in technology, and the world’s reliance on it to stay connected, have made any disruptions due to cyber-attacks one of the most pressing concerns for any organisation – and COVID-19 has only exacerbated the risks,” she says. Nearly four out of every 10 UK firms (39pc) have experienced a breach or attack in the year 2020-2021, according to statistics from the Department for Digital, Culture, Media and Sport (DCMS). There are more attacks occurring every year – and it’s due to the increasingly digital nature of our lives, says Professor Kevin Curran, senior member of the Institute of Electrical and Electronics Engineers (IEEE) and professor of cybersecurity at Ulster University. Prof Curran says: “People are also in a semi-state of ignorance when it comes to safe computing practices. A recent report stated that cybercrime damage is to hit $10.5trn annually by 2025 and cybertheft is the fastest growing crime in the world.” Thankfully, defences are evolving, too, as new models emerge for cybersecurity teams to deal with threats. Working collaboratively with external partners provides a more holistic approach to cybersecurity, says Tris Morgan, director of Global Advisory at BT, which helps businesses with long-term planning for investment in technology. “According to a recent PwC survey, 56pc of respondents said their organisation is at risk due to a lack of cybersecurity staff,” he says. “They lack the expertise, insights and technology needed to fully protect themselves from today’s new breed of attackers in a post-pandemic digitally transformed world. “Co-sourcing is an ideal opportunity to augment your existing investments and then find areas to boost or develop through partnership to make the most of your own in-house provision.”

Cyber-attacks such as ransomware can cause immediate and crippling financial damage, locking up crucial systems so businesses cannot earn money.

Lost revenue

Analysing companies who had seen a breach of one million or more records, Comparitech found that the reputational damage caused by breaches led to share prices falling by 3.5pc on average.

Reputation

The fines for data breaches can be huge. The Information Commissioner’s Office fined BA £20m for a breach which exposed the personal and financial details of more than 400,000 customers.

Regulatory

Businesses may have to invest considerable sums to persuade customers to trust them again after a breach through which customers’ private data is exposed.

Loss of trust

Businesses also incur hidden costs, as employee hours are lost to dealing with the breach, and resources are diverted to ensuring no more breaches occur.

Hidden costs

Larger businesses are more aware of the threat of cyber-attacks, and more determined to deal with the problem, BT’s research found. Bigger businesses feel more under threat: 70pc of business leaders at major corporations said they felt the issue was more of a threat than last year, compared to 54pc at small business and 64pc at medium-sized businesses. Cybersecurity is important among all organisations, whatever their size, warns Dr Jessica Barker, author of Confident CyberSecurity and co-founder of security company Cygenta. “There’s a common myth that cybersecurity applies only to big banks and governments,” she says. “In my book, I looked at case studies that show how important cybersecurity is to everyone, including hospitality, retail, healthcare, small businesses and even internet influencers, the entertainment industry and celebrities.”

Tools for analysing network traffic can help to boost security.

Security monitoring tools

Find out more from BT’s Future in 2021 survey at

business.bt.com/insights/the-future-in-2021

How covid-19 has impacted cybersecurity

Working from home

Almost three-quarters (73pc) of employees received no training in dealing with business information remotely, according to research by security firm Kaspersky.

Poor training

Cybercriminals deliberately target software used by people working from home, according to Deloitte, with 500,000 attacks on video-conferencing software.

Targeted attacks

Impact of data breaches

Tech tools to help stay cyber secure

Using a VPN (Virtual Private Network) is a key tool for remote work.

VPN

BT’s research identified cloud security as a top priority for businesses.

Cloud security

Retailers are increasingly aware of the security of customer data, says Ofri Ben-Porat, CEO and co-founder of technology developer Edgify. He says: “One supermarket chain we work with is moving all of the data collected at the point of sale to the self-checkout machines, which remain on premise at all times and only share the data between their own network of devices rather than third parties. This essentially means they are avoiding use of the cloud entirely in order to stay cybersecure.”

of private firms and 42pc of public-sector organisations say security is a major consideration when buying tech solutions.

of large businesses believe cybersecurity is an important challenge for the next five years.

of large firms think that cybersecurity has become more of a threat in the past year.

of large firms believe that they are facing a skills shortage in cybersecurity.

40%

36%

72%

of small businesses consider cybersecurity a major factor when buying new technology.

28%

of organisations see data security as a major challenge for the next five years.

49%

Paid for by

Designed and produced by Telegraph Media Group Creative director: Matthew Brant Illustration: Michael Driver Project manager: Tom Gadd Editor: Jim Bruce-Ball Web editor: Vanessa Woodgate and Katherine Scott

BT is dedicated to digital transformation and wants its customers to be ahead of the game when it comes to tech. Find out more from BT’s Future in 2021 survey at

business.bt.com/insights/the-future-in-2021

Survey statistics