The National Cyber Security Centre (NCSC) has recently warned businesses to bolster their cyber defences following Russia’s attack on Ukraine.
While the NCSC says it is not aware of any current specific threats to UK organisations in relation to events in and around Ukraine, its head, Lindy Cameron, has warned of a heightened threat [1] with Home Secretary, Priti Patel, saying that “as this crisis develops” the Government expects to see “cyber attacks aimed at the West.” [2]
The UK is viewed as a potential target in retaliation for imposing economic sanctions on Russia.
But according to experts at Lancashire-based Abbey ICT, the guidance on offer is likely to prove too technical for smaller firms.
Rob Stanway, who joined Abbey ICT from Stonehouse Logic as head of operations, said that small businesses are the least likely to be prepared for a cyber attack and therefore the ones that most need help and support: “The NCSC is right to warn of a potential cyber attack, however its advice to businesses needs to be much better targeted. Larger companies, that benefit from their own in-house IT capabilities, will find it easy to interpret and implement the guidance that’s been made available, but it’s generally not until a business employs more than twenty people that it develops these internal capabilities.
“Businesses of that scale are firmly in the minority, making up just 5.5% of all businesses in Lancashire, 5.2% of businesses in the North West and 5% of businesses nationally.
“That means that around 95% of businesses are unlikely to have the skills and knowledge needed to make sense of what they’re being told and, as a consequence, are likely to dismiss the guidance and leave their business systems vulnerable.”
Stanway says phrases used in the guidance, such as ‘a zero-day vulnerability in a widely used service that capable threat actors are actively exploiting’, will be meaningless to most small business owners and managers.
“The language is off-putting, and most will just find it baffling and give up. What the people running small businesses really need is simple, concise and easy to digest advice on practical steps they can take to strengthen their cyber resilience, like changing passwords, installing and keeping anti-virus software up to date and educating staff on what to look out for.”
Babs Murphy, chief executive at the North and Western Lancashire Chamber of Commerce, an accredited member of the British Chambers of Commerce, said: “Cyber resilience is important to businesses of all shapes and sizes, all of the time. According to the National Fraud Intelligence Bureau, there were more than 60,000 reports of fraud and cyber crime from businesses in 2021, although it’s widely believed the true figure is much higher.
“Businesses that suffer from cyber attacks not only risk losing data and money, but also their hard won reputations, which is why it’s so important that smaller businesses, in particular, take appropriate steps to boost their cyber security.”