Devices such as smartphones, fitness trackers, TVs and watches could hold people to ransom over their data, according to a new report from the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA).
The new report says the cyber threat to UK business is “significant and growing” as the rise of internet connected devices gives attackers more opportunity.
It forecasts that ransomware attacks will target devices containing photos, emails and even fitness information. According to Gartner, as many as 21 billion devices used by businesses and consumers around the world are predicted to be connected to the internet by 2020.
“This data may not be inherently valuable, and might not be sold on criminal forums but the device and data will be sufficiently valuable to the victim that they will be willing to pay for it,” says the report.
The impact of attacks on smaller businesses is often disproportionate to technical skill, as easy access to cyber capabilities such as ransomware and DDoS is becoming more prevalent. A key problem is that there is no clear understanding of the true scale and cost of cyber attacks to the UK as these are under-reported.
Donald Toon, director for economic and cyber crime at the NCA, said: “Businesses reporting cyber crime is essential if we are to fully understand the threat, and take the most effective action against it.”
The report notes that the last year “has been punctuated by cyber attacks on a scale and boldness not seen before.”
Over the three months since the NCSC was created, the UK has been hit by 188 high-level attacks which were serious enough to warrant NCSC involvement, and countless lower level ones.
Ciaran Martin, chief executive of the NCSC, said: “Cyber attacks will continue to evolve, which is why the public and private sectors must continue to work at pace to deliver real-world outcomes and ground-breaking innovation to reduce the threat to critical services and to deter would-be attackers.”
The report has been published today as the NCSC hosts ‘CyberUK, a cybersecurity conference in Liverpool.