Cyberattacks are mounting, pushing more people to think more about cyber resilience and how well the UK is equipped to deal with large-scale cybersecurity incidents. The risk is especially high when considering Internet of Things (IoT) devices, as increased connectivity makes it easier for threat actors. Andy Norton, European cyber risk officer at Armis tackles the perception of cybersecurity in the UK.
With so many cyberattacks hitting governments, schools, factories, and organizations, people are waking up to the imminent threat we are all facing. It has pushed people to think more about cyber resilience regarding their own best practices and that of the government in the UK. But, how well is the UK equipped to deal with large-scale cybersecurity incidents? How do people manage on an individual level? And, what is the awareness when it comes to cybersecurity in the first place?Â
This risk is higher when considering Internet of Things (IoT) devices. Increased connectivity makes it easier for threat actors to gain unauthorized access and move across devices and networks laterally. Â
The UK’s cyber-resilience
A recent surveyOpens a new window looked into the thoughts of 2,000 UK workers to gather insights into their attitudes on cybersecurity and how they view the country’s cyber resilience. Unsurprisingly, the research found that cybercrime is blighting the everyday activity of UK workers. More than 4 in 5 workers (82%) revealed they had been affected by some sort of cyberattack, be it a phishing attack on themselves or their employer (27%), a data breach (23%), or a malware attack (20%). To add to this, just over a fifth (21%) of UK workers believe that a large-scale cyberattack on national infrastructure is equally as worrying as the UK going to war. Consequently, most workers want their employers and the government to emphasize cybersecurity within their organizations in the form of mandatory cybersecurity training or employing a Minister for Cybersecurity.Â
Despite the general worry about cyber threats, there is still a prevailing lack of best practices to lower the risk of attack. The research has shown that organizations must do more to protect their staff and enforce the usage of security tools. Only 27% of workers were aware of their organizations’ security risks and adopted the appropriate best practices to address this. In addition, 11% aren’t worried about cybersecurity as they believe it doesn’t affect them and is someone else’s problem.  Â
Even though awareness is slowly rising, and people are beginning to acknowledge the importance of cybersecurity, workers are still reluctant to pay for services to secure their data and devices. Only 1 in 5 respondents admitted to paying for online security products such as anti-virus software or password managers, while 1 in 3 paid for home security. This becomes highly dangerous regarding the devices that workers use and how they use them. Â
See More: 4 IoT Trends Developers and Designers Should Watch Out for in 2022
IoT security and readiness
While the threat of cyberattacks targeting the Internet of Things is rising, it hasn’t significantly impacted UK workers – yet. Considering the lack of awareness and best practices regarding devices, UK organizations are vulnerable to being targeted by threat actors looking for an easy way into the network. Many organizations don’t have the correct policies and processes to secure their employees’ devices and defend themselves against the risk of IoT-based attacks. To put it into perspective, 99% of workers use connected deviceOpens a new window s to work from home, a vast majority of these being personal devices rather than ones given to them by their organizations. 61% intend to take their devices into the office when they return, and 25% don’t have any policies in place to secure these devices. This puts organizations at risk of attack, as threat actors can use an employee’s personal device to gain access to the entire company network to launch more significant attacks, steal data and wreak as much havoc as possible. Â
See More: 7 Top IoT Security Trends and Predictions for 2022
Looking to the future: How can the UK improve its cyber-resilience?
Unfortunately, cybersecurity isn’t a priority for many UK workers. This is often due to a lack of emphasis from a government or legislative perspective. Despite a general lack of best practices, UK workers have been concerned about increasing cybercrime’s impact on the country. 87% recognized that cyberattacks could majorly affect everyday life if they hit critical infrastructures, such as emergency services, healthcare, oil and gas, and water treatment supplies, some of which we have already witnessed in the past year. More than 1 in 5 (20%) of respondents believe a serious cyberattack to be a significant worry, being most concerned about Russian-backed cybercriminals. At the same time, other threats include financially motivated hackers and Chinese-backed cybercriminals. Â
That being said, the majority of those surveyed don’t see cybercrime as part of the top three threats facing the country, which are economic recession (54%), another pandemic (50%), and climate change (48%). In reality, many UK workers who take cybersecurity seriously only do so because their employers have mandated it. Hence, organizations must do more to provide user-friendly tools to keep their employees secure and to help them understand the risk exposure. Â
Organizations can do this by implementing cybersecurity training on best practices and providing robust security software such as antivirus, firewalls, multi-factor authentication, and VPNs. Indeed, 35% of workers rely on information about the latest cybersecurity trends and threats from their employers. As such, it would go a long way for companies to begin cybersecurity training and awareness to foster a strong cybersecurity culture from the ground up. The UK has already started emphasizing cybersecurity with the new national cybersecurity strategy. However, two in five (40%) UK workers would like to see more focus on this issue, specifically in the form of free resources to improve cybersecurity savviness. They also want to see more investment in cybersecurity education at secondary and primary school levels and a provision of grants and vocational training to encourage students to pursue a career in cybersecurity. Â
Ultimately, improving the country’s cyber resilience is a complex, multi-faceted issue that requires more awareness and input from various sources. By putting more funding toward and focusing on the growing issue of the cyber threat landscape and its risks, the UK government, organizations, and educational institutions could significantly help in combating cybercrime. With growing awareness and understanding, the UK population would be better equipped to deal with potential cyberattacks and implement best practices to prevent severe damage. Individual workers must also take responsibility for themselves by looking beyond national news headlines to understand the threats facing them and how they could be putting their organization in danger with bad security practices. They can take steps to ensure their devices are updated, install the latest security patches, secure their accounts and devices with strong passwords and multi-factor authentication, avoid insecure links, and avoid public Wi-Fi networks wherever possible. Nonetheless, this type of individual action will only come to fruition with a consensus on cybersecurity from legitimate institutions. This is why it is so important for employers, especially, to push for a strong cybersecurity culture within their organizations by having strong measures in place to protect their employees.Â
Did you find this article helpful? Tell us what you think on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d be thrilled to hear from you.
MORE ON IOT SECURITY: