New information released by the British intelligence agency GCHQ reveals that cybercrime in the UK has almost doubled in the past year. The British agency has shown that (in an average month) it can pinpoint around 200 hacks on the vital networks of key businesses, compared to only 100 per month occurring last summer. That means that prominent firms may be getting troubled by hackers up to 7 times per day.
According to Ciaran Martin – who is in charge of cyber security at the spy agency – the hacks can be considered severe because they ‘are attacks that are of significance to national security’. ‘That is either because of who the aggressor or the victim is or because of the nature of the attack,’ he adds.
GCHQ is of the opinion that cyber attacks are of an extremely sensitive nature when they are either carried out by state players who could be accumulating critical information on British enterprises. Are made by potentially dangerous criminal organizations. Are put into action using previously unknown approaches, such as new forms of malware or novel penetration techniques. Or are believed to have penetrated businesses who provide vital infrastructure for the nation (or harbour potentially critical resources) such as is the case with nuclear establishments.
The reason for the sharp increases in these critical cyber attacks is because of the extra hacking tools that are progressively made available to would-be hackers. These include tools made available to nation states by legitimate companies such as Hacking Team, but also similar hacking software that is leaked to the internet and taken up for use by nefarious criminal actors.
Some sophisticated tools for causing online mischief cost state players around 100,000 pounds, but with those tools being leaked to online forums more and more as time goes by, we can only expect cyber crime to continue to escalate says Martin from GCHQ.
This latest report goes hand in hand with one that came out last month. That one was carried out by the Crown Records Management and Censuswide and revealed that a staggering two-thirds of businesses in the UK had suffered information theft at the hands of malicious hackers. Add to that Talk Talk’s third breach in 12 months – in which they were again embarrassingly offloaded of customer credit card details – and you start to get a pretty dire picture of the grim state of cybersecurity in the UK.
This is in part due to poorly implemented systems that rely too much on outdated legacy software – much too easy to penetrate by today’s sophisticated hacking tools and actors. To combat this, GCHQ (in cohorts with the UK government’s Department for Culture, Media & Sport (DCMS) has launched a new £6.5 million CyberInvest scheme.
The project, which was initiated at this week’s high-profile IA15 cybersecurity event, aims to help ‘build a community of industry, government and academia who are committed to sustained investment in cyber security research.’ At the flagship Information Assurance event, GCHQ, members of the government, top academics, and industry leaders all came together to participate in decision making about how to best invest new and existing funding to best combat the quickly escalating cyber-problem.
Commenting on the high-profile event, Robert Hannigan, the Director of GCHQ, said,
‘Minister-led, hosted by GCHQ and supported by leaders from across Government, Industry and Academia – IA15 will be the unrivalled IA and Cyber Security event this year. My personal objective is to use IA15 to emphasise our crucial role in supporting the digital revolution in and across government and public services. We must support the drive to increase the speed of digital inclusion, creating an environment of trust, giving the whole country the confidence to make the most of the internet. IA15 is our vital forum this year and the central platform for our engagement with Government, the Private Sector Critical National Infrastructure, Industry and Academia.’