I’ve just read the BBC News article that there were nearly six million fraud and cybercrime cases in the United Kingdom in 2015.
I doubt that will surprise anyone working in cybersecurity but what is surprising is how many people still seem to believe that this is something that is unlikely to affect them, is a minor issue or something from science fiction. I also find it surprising how many SME businesses are blasé about their risk exposure to cybercrime. Their take remains that they are too small for anyone to bother attacking them. The same also goes for individuals.
The reality is that they are precisely the easy, soft target that automated tools seek out.
While the BBC article was based on figures released by the Office of National Statistics (ONS), the Cyber Crime Assessment 2016 report published by the National Crime Agency (NCA) echoes the same sentiments.
I meet a lot of people through the various roles I undertake in a national context (such as being the Director General of the Institution of Analysts & Programmers, a director of the Trustworthy Software Foundation and a member of the Information Commissioner’s Technology Reference Panel). The conversations that I am currently having frequently return time and again to the growing cybersecurity threat to the national infrastructure, business of all sizes and to individual citizens. The topic has been buzzing in the security community for a while, has broken into mainstream IT and now slowly seems to be gaining traction with the wider public.
The overview of the NCA paper asserts that the “speed of criminal capability development is currently outpacing our response as a community”. It seems we are currently losing the battle against cybercrime. Business leaders, particularly in the SME sector, must respond and get to grips with the risks they face. Individuals need to come to terms with the fact that cybercrime is a major threat to them.