As the Cyber Resilience Centre for Wales (WCRC) welcomes its first anniversary as a cyber resource offering guidance to more than 330 Welsh businesses, the centre warns that the grip of cybercrime is only set to get tighter if companies do not build further defences to keep threats at bay.
Director of the WCRC, Detective Superintendent, Paul Peters, says: “We have identified that over the last 12 months, the most common attack attempt experienced by our members is phishing. We have seen the emergence of Welsh language phishing emails¹, and increasingly sophisticated and targeted attacks on businesses and charities.
“In 2021 phishing accounted for 83% of businesses (87% of charities) that identified a breach or attack on their organisation. There were also over five billion recorded breach, and many of these will have been as a result of a phishing email, so this really highlights the importance of staff awareness and the critical role everyone plays in recognising this type of attack.”
The WCRC is already supporting more than 330 members, making significant inroads across the Welsh business landscape in driving awareness of cybercrime. Paul continues: “At the WCRC, we want organisations to take an active approach to improving their cyber resilience, taking simple steps such as improving password security, using anti-virus, backing up date, putting in place an incident response plan to become embedded in an organisation’s culture.”
Worryingly, cyber-attacks are on the increase and, as recently reported in the Cyber Breaches Survey- which is conducted on behalf of the UK Government – in last twelve months alone, four in ten businesses and three in ten charities have reported being a victim of a cyber threat.
It also found that smaller organisations took little proactive action on cyber security, driven by a lack of internal knowledge and competing priorities with their budgets. With 99% of Welsh companies operating as SMEs and micro-businesses, cybercrime poses a huge risk for many across the region and it’s these more vulnerable companies that the WCRC works hard to protect.
Looking ahead, the WCRC’s role will become even more crucial to Welsh businesses as a resource. Cybercrime has been increasing significantly since 2019, and there seems to be no let up on this rising trend. Paul believes that cyber-attacks will continue to evolve and diversify over the coming years, with ransomware being the preferred method of attack.
He adds; “We have seen a number of instances where the cybercriminal has exploited weaknesses in the supply chain to target an organisation, and I can only see this trend increasing. An organisation may have strong cyber security in place, but they are potentially as vulnerable to an attack as their weakest supplier if they do not monitor their supply chain This is where having Cyber Essentials² is so valuable, as it certifies that an organisation has put measures in place to defend against the vast majority of common cyber-attacks.”
Paul concludes: “We are thrilled to be celebrating our first anniversary. This is a significant landmark for any new venture, and with our membership figures climbing steadily we know that we are making great inroads into providing key knowledge of cybercrime and the serious threat it poses.
Chief Constable Pam Kelly said; “Offering practical support to Welsh businesses to protect themselves from cyber-crime is crucial. I’m proud to be part of the WCRC and immensely supportive of the progress that we have made in the first year. WCRC brings together technical expertise and skills from industry and policing to use our knowledge and skills to protect ourselves from the emerging cyber-crime trend and I would encourage business leaders to join us in protecting themselves.”
The WCRC offers a variety of support in the form of membership packages, starting with free ,membership as well as a number of additional services that offer companies training and assessments in cyber security.
1 - A cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
2 - Cyber Essentials - A UK Government-backed self-assessment certification that helps you protect against cyber-attacks while also demonstrating to others that your organisation is taking measures against cyber-crime.