Brexit presents a unique opportunity for hackers as, similarly to con men, they thrive on confusion and chaos – something that today’s political uncertainty provides in spades.
Most people think of hacking as using malicious code for some nefarious purpose – be it stealing data or installing malware – but many often forget that in order to upload this malicious code, these hackers must first gain entry to a private network. Cyber-criminals therefore, need the confidence of those with access to critical data, which is where Brexit comes in. Clearswift’s recent research, which polled IT decision-makers in enterprise organizations, found that 53% of firms see Brexit as a direct threat to their cybersecurity and have increased their security spending as a response.
The data shows that respondents identified a number of significant cyber threats to their organizations including: malware (49%), phishing attacks (40%) and ransomware (40%), and expect these to increase in the run up to Brexit. Whilst these are not new threats in the cyber landscape, Brexit uncertainty has made them more prevalent. How does Brexit make the process of hacking any easier?
Hackers may use the confusion surrounding Brexit and the disorganized response to their advantage in a number of ways. One method would be to pose as a regulatory agent or consultant, exploiting the desire of these firms to keep abreast of any compliance change resulting from Brexit. To achieve their aim of infecting the network, the cyber-criminal may hide malware or ransomware in informative documents that supposedly assist in compliance efforts which, when opened, can then go on to steal data from an organization.
Alternatively, a cyber-criminal could pose as a wing of a governmental body facilitating Brexit to engage employees in a phishing or Business Email Compromise (BEC) attack, coercing individuals into voluntarily releasing critical data, such as payment information or intellectual property. For example, employees within the manufacturing industry stand to be a prime target of a phishing or BEC attack around Brexit, as much of their work is reliant on the management of information across supply chains.
In having to ensure all parties within the supply chain have the right information, and with Brexit introducing new processes for overseas communication, employees could easily and accidentally fall victim to sharing critical information with a hacker rather than a supplier.
The good news, however, is that Clearswift data shows that organizations are acutely aware of what solutions need to be invested in to offset these threats. The largest investment areas for cybersecurity were identified as data loss prevention technology (49%) regulation compliance solutions (49%) and security for the endpoint (40%). All of these solutions align with the threats identified by firms as being the greatest danger to cybersecurity.
It is imperative that firms have software capable of addressing these evolved threats. Firms must employ a suite of tools designed to protect critical data and ensure compliance with changing regulations, whilst still providing protection from threats such as malware, phishing and illicit data transfer.
As well as spending on software solutions, firms need to allocate investment and resources to training employees. Workers need to be able to recognize the myriad forms of hacking, as well as be capable of detecting any threats and know how to respond accordingly. This will allow firms to detect, identify and address the cyber risks that will arise as a direct result of the confusion that surrounds Brexit.
At times of great change there is always confusion, and at times of great confusion there are always opportunists seeking to exploit it. The key to securing any company from the threats that will arise because of Brexit is to be prepared. Increasing cybersecurity budgets that can ensure an organization has advanced tools and the right resources it needs to fight against potential threats is huge a step in the right direction.