13 Jul Brexit implications for IT Security
In the world of cybersecurity it is often said that “chaos breeds opportunity”. Well nothing has caused more chaos within the last 12 months (by anyone not named Donald Trump) than Britain’s departure from the European Union (EU), colloquially known as Brexit.
While Britons and Europeans alike are holding out their hands and shaking their heads, cybercriminals have been hard at work. Capitalising on the confusion set about by the Brexit, criminals have been spamming email boxes since the decision, that the UK is saying farewell to the EU, was first announced. This meant that these criminals were organised, had everything laid out in the event that an exit was announced (although they most likely had a plan laid out if the UK stayed as well), and they are continuously monitoring the news and social media to craft convincing emails with an organic feel.
Throughout the digital age, the incidences of cybercrimes spikes directly after some sort of natural disaster or global event (think 9/11 and the tsunami that devastated southeast Asia). With messages, email and correspondences flying back and forth between multiple sources, it is easy for anyone to open an interestingly titled and worded email, and maybe even download the attachment at the bottom. These phishing emails are one of the main tools deployed in a cybercriminals arsenal during this time of uncertainty, hysteria and want for information.
To make matters worse government and law enforcement agencies on both sides of the English Channel now find themselves more at odds with each other than with criminals.
Take prosecution and extradition for example. If a cyberattack occurs on British soil, but the attacker was traced to an EU country, the UK will find it much more difficult to not only extradite the criminal but also prosecute them as well. The sheer amount of paperwork, bureaucracy and red tape that must be navigated alone is mind-boggling enough. Let alone trying them for the crime in a court of law.
Adding salt to the wound, the Brexit means that the UK will not be able to dip their fingers into the funds set aside by the EU for the betterment and advancement of cybersecurity. The fund rings in at a whopping 1.8 billion Euros (yes, that’s billion with a B), with 450 million Euros of that fund earmarked for research and development. This means that UK business which include corporations, hospitals, universities and government agencies will miss out on a much needed budget boost. The fact of the matter is that the attacks mentioned above are just the tip of the iceberg. It has been noted that within the past 12 months 80% of EU business (this included business from the UK at the time), have been hit with a hack, breach or cyberattack. Let this sink in for a moment. This means that in a room of 10 business owners, 8 have had to face the consequences of poor cybersecurity measures. But don’t think that those remaining 2 business owners are any safer, as this year it has been observed that cyberattack incidences have already increased by 38%. Probably bolstered by their previous success and using the diversion of the Brexit as a smokescreen, criminals are stepping up their game to claim the rest of the bounty.