The current economic crisis in the United Kingdom has raised concerns regarding the potential increase in cybercrime across critical national infrastructure (CNI). Recent research by Bridewell, a leading cyber security services firm, reveals that more than a third of organizations in CNI anticipate a surge in cybercrime as a direct consequence of the ongoing financial hardships.
This article aims to delve into the key findings of the research report and provide insights into the rising cyber security risks UK CNI faces. Furthermore, it emphasizes the importance of strengthening cyber defenses within organizations to mitigate the growing threats.
Impact of Economic Crisis on Cybercrime
The research report, titled “Cyber Security in CNI: 2023,” surveyed 500 cyber security decision-makers across various sectors, including transport and aviation, utilities, finance, government, and communications. The study revealed that the utility sector, encompassing energy and gas, expressed the highest level of concern, with 41% of respondents predicting a surge in cybercrime due to financial hardships.
The COVID-19 pandemic sent shock waves through the world economy and triggered the largest global economic crisis in more than a century.
The ongoing Russia-Ukraine conflict, which has affected oil and gas flows to the UK, has contributed to rising prices for fuel and food, further exacerbating the situation. These economic pressures have created an environment where threat actors can exploit vulnerabilities within CNI.
Employee Sabotage as a Growing Risk
As employees face increased financial strain due to the rising cost of living, a significant risk identified by CNI decision-makers is employee sabotage. Over 21% of respondents ranked it among the most significant threats to their organization’s IT environment.
In the past 12 months alone, instances of security incidents related to employee sabotage within CNI have risen by 62%, from 13 cases per organization to an average of 21. This alarming increase emphasizes the need for proactive measures to address insider threats.
Phishing and Social Engineering Threats
CNI decision-makers also expressed concerns about the prevalence of phishing and social engineering attacks during the economic downturn. Approximately 33% of respondents believed these attacks would grow, with threat actors exploiting employees’ vulnerabilities and financial fears to gain illicit access to CNI data and systems.
Preliminary evidence suggests that the crisis led to a dramatic increase in inequality within and across countries.
The combination of economic strain and psychological manipulation creates a fertile ground for cybercriminals to exploit.
Long-Term Rise in Insider Threats
The research report highlights a longer-term trend of increased cyber security risks from insiders, including malicious and negligent actors. Over the past three years, two-thirds (66%) of CNI decision-makers reported a rise in insider threats since 2020.
However, despite the growing risks, 65% of CNI organizations are experiencing a reduction in their security budgets due to the economic downturn, potentially leaving them more vulnerable to insider attacks. This calls for reassessing resource allocation to ensure cyber defenses are not compromised.
Defenses from the Inside Out
To mitigate the growing threats, decision-makers in CNI must prioritize strengthening cyber defenses from within their organizations. This approach entails implementing robust monitoring and testing of systems, enhancing access controls, investing in data loss prevention measures, and providing continuous education and training to employees regarding cybersecurity best practices.
Decision makers need to invest in strengthening their cyber defenses from the inside out.
By adopting a comprehensive strategy, organizations can raise employee awareness, cultivate a cyber security culture, and reduce the likelihood of successful cyber attacks.
Proactive Measures
The economic crisis faced by the United Kingdom has heightened the risk of cybercrime across critical national infrastructure (CNI). Research conducted by Bridewell, a leading cyber security services firm, reveals that over a third of organizations in CNI anticipate a surge in cybercrime as a direct consequence of the ongoing financial hardships.
This alarming trend necessitates immediate attention and proactive measures to strengthen cyber defenses from within organizations.
One of the key risks identified in the research report is employee sabotage. As employees face increased financial strain due to the rising cost of living, the risk of insider threats has grown significantly. CNI decision-makers rank employee sabotage among the top risks to their organization’s IT environment, and instances of security incidents related to employee sabotage have increased substantially within CNI.
The benefits of strong and early action far outweigh the economic costs of not acting.
Decision-makers must invest in robust monitoring and testing of systems, enhance access controls, and prioritize continuous education and training of employees to foster a culture of cyber security awareness.
Expectations
Additionally, the prevalence of phishing and social engineering attacks is expected to grow during the economic downturn. Threat actors may exploit employees’ vulnerabilities and financial fears to gain illicit access to CNI data and systems. Therefore, organizations should remain vigilant and implement robust security measures to counteract these threats.
Despite the pressing need to strengthen cyber defenses, the research report highlights a concerning trend. Due to the economic downturn, many CNI organizations are experiencing reductions in their security budgets.
This budgetary constraint poses a further challenge in effectively mitigating the rising cyber security risks. Decision makers must recognize the importance of prioritizing cyber security investments and allocate resources to safeguard critical infrastructure.
Strengthening cyber defenses
In conclusion, the economic crisis faced by the United Kingdom has elevated the risk of cybercrime across the critical national infrastructure. The surge in cyber threats, particularly insider risks and social engineering attacks, necessitates immediate action.
Reducing security budgets will exacerbate the issue.
Decision-makers must invest in strengthening cyber defenses from within organizations by implementing robust monitoring systems, enhancing access controls, and providing continuous education and training to employees.
Furthermore, it is essential to allocate adequate resources to address the growing cyber security challenges, ensuring the resilience and protection of critical national infrastructure in the face of evolving cyber threats.
