Dr Emma Philpott MBE, CEO, The IASME Consortium Ltd, writes:
The last few years have seen massive change in how people work and use IT. This has, of course, been exploited by the cyber criminals but something that has not changed is that cyber attackers always try the easy routes first.
Why would you bring out your best and most expensive hackers when an organisation has weak passwords and no two-factor authentication on their email? Even a non-technical criminal can break into a system like that.
I think in 2023, we will see a growing awareness of the importance of the security basics. Through the UK Government’s Cyber Essentials scheme, we can now see that small organisations with the Cyber Essentials controls in place are 60% less likely to have to make a cyber insurance claim than those without.
Over the year, larger organisations will increasingly ask for reassurance that the security basics are in place before sharing data with partners and suppliers.
The lack of cyber security basics is often cited by the Information Commissioners Office when announcing fines when personal data is lost and the understanding that a Cyber Essentials certificate can reduce an ICO fine will push awareness and growth of the basics in 2023.
The rise of ransomware is well documented. I am sure 2023 will see further increases of these attacks and the malware itself will continue to become more sophisticated. Having the basics in place as well as off-line backups and a known response plan in case ransomware does strike, very much improves your resilience to these incidents.
2023 must also see action to protect against the targeting of vulnerable people in cyber enabled fraud. This describes fraud that takes place over an electronic device or phone. The instances of fraud have been increasing sharply and the criminals target the most vulnerable in society. The effect of the fraud is not only the loss of money, although this is significant. It often erodes an individual’s confidence and makes them afraid to use the internet. This can make someone very isolated.
Currently, the primary weapon in the battle against cyber enabled fraud is advice and training, but for many people this does not have a big enough effect. The scammers are very malicious and adaptable and deliberately target the elderly and other vulnerable people.
IASME is currently working with a group of cyber security providers to try and develop an affordable method that protects the device of the vulnerable person with technical controls.
This would mean that, even if they believe Bill Gates is asking them to click a link and make a payment, nothing would happen when they do click that link because of the protection we have put in place on the device.
We are about to pilot this project and hope it will be the start of a valuable process to tackle this significant problem in 2023.
BIOGRAPHY OF DR EMMA PHILPOTT MBE
Dr Emma Philpott MBE is a scientist-turned-cyber security ambassador who is known for her work with neurodiversity and SMEs. She discovered her love of science at an early age, showing a teacher how make a rainbow by directing a light prism. She won a place at Cambridge University to study natural sciences. Today she is the CEO of IASME, based in the beautiful Malverns.
The organisation works alongside a network of almost 300 expert bodies across the UK and Crown Dependencies to help advise and certify them in both cyber security and counter fraud.