‘[Criminals] are going after everybody – every business. It’s like trying every car door just to find one that isn’t locked.’
These words were spoken at a recent cybersecurity meeting – and they’re a good reminder that businesses of any size across UK infrastructure are vulnerable to a potentially crippling attack from online criminals.
Thales – a multinational aerospace and defence corporation and a leader in cybersecurity and data protection – recently put some figures on the situation in their Data Threat Report:
- 93% of organisations in the Critical National Infrastructure (CNI) sector have observed an increase in cyber-attacks.
- 42% of critical infrastructure organisations have suffered a data breach.
- 24% of CNI organisations said they had fallen victim to a ransomware attack in the past year – with median payouts for the ransom at around £4m.
- 11% went on to pay the ransom.
- 33% of CNI organisations reported insider threat incidents – when the security error came from inside the company. This could be accidental or purposefully criminal.
- 20% of cases happened due to a failure to apply multifactor authentication to important internal accounts – such as system or admin accounts.
It’s interesting to note that getting 100% clarity on cybercrime and its impact on UK businesses can be difficult. Cyber criminals exploit any kind of information – new-employee announcements on LinkedIn for example – and the result is that very few organisations feel comfortable in sharing information that could leave them exposed.
Types of cyber criminals
It can be useful to visualise the sources of cyber crime, the range of which can be surprising:
- Organised criminals
- Other states and state-sponsored groups
- Individuals or groups who can code and disseminate software to attack computer networks and systems
- Protestors
- Cyber terrorists intending to cause maximum disruption and impact
- Insiders and employees
The Crown Prosecution (CPS) suggest that most criminals have relatively low skill levels, but also that there’s a growing online marketplace providing access to sophisticated tools with which to launch an attack.
The devastating impact of one small mistake
A recent example from the haulage industry puts the impact of cyber threats into a troubling perspective. A ransomware gang needed just one password “to destroy a 158-year-old company and put 700 people out of work.”
Big names like M&S, Co-op, and Harrods have all been attacked in recent months, but it was KNP – a Northamptonshire-based transport company with 700 employees and 500 lorries – who were put out of business.
In June 2023, the company was hit by a ransomware attack “from the Russian-linked Akira cybercrime gang” who managed to guess one employee’s password. Once they gained access, the hackers encrypted the company’s data, locked its internal systems, and left a ransom note alongside expected demands of around £5m, which was too much. The data was lost, and the company folded.
KNP insist that their IT complied with industry standards, and that they had taken out insurance against cyber attacks. But weak security controls, poor anticipation, and no planning around data recovery proved terminal.
More specifically, a lack of two-factor authentication (2FA) and other easily avoided security oversights led to this catastrophic incident. Very little needed to have been differently to have saved the business – and to have likely got the company up and running again within hours. Unfortunately, in the realm of cyber security, these lessons sometimes often too late.
Field management cyber security essentials
The claim that cyber security needs to be an essential part of any modern business is an easy one to make. By 2025, worldwide cybercrime costs are estimated “to hit $10.5 trillion annually”. It is an unescapable reality that (as sure as anyone has ever received a phishing email or text message) criminals are targeting businesses like your own.
Attacks can halt operations, lead to significant delays, impact timelines for other jobs, increase costs, and put you out of work.
The stakes are your company’s reputation and survival.
The good news is that keeping your operations safe from cyber-attacks can be managed, and when looking for field management software it’s essential to choose a system with multiple security features:
- 2FA and single sign on
- Encryption during transfer
- Protected and monitored servers
- Regular data back ups
- Individual logins for each user
It’s important that software providers have accreditations like Cyber Essentials Plus. Ideally businesses would also invest time into making sure their teams understand the risks and types of threats that can occur – the telltale signs of phishing emails, the tricks of social engineering, and the risks found in clicking links and opening unprotected documents.
With Re-flow, companies across UK infrastructure are bringing their field operations into a single dedicated platform that covers all their compliance requirements – including those related to cyber security.
Firms like M.V. Kelly currently send 15,000 forms, 18,000 images, and capture 10,500 signatures on average every month using the software, helping to build audit trails, data insights, and KPIs that are stored on a secure, reliable system that operates around the clock with no downtime.
