CFC boss reinforces cyber security importance as “the majority of successful cyber breaches result from criminals preying on human weakness”

Brits have been urged to apply steps to stay safe online after results of the UK Cyber Survey exposed exploitable gaps in their personal security knowledge.

The findings, released ahead of the National Cyber Security Centre’s (NCSC) CyberUK 2019 conference in Glasgow this week, will inform government policy and the guidance offered to organisations and the public.

Amongst the results were that:

  • Only 15% say they know a great deal about how to protect themselves from harmful activity
  • The most regular concern is money being stolen – with 42% feeling it likely to happen by 2021
  • 89% use the internet to make online purchases – with 39% on a weekly basis 
  • One in three rely to some extent on friends and family for help on cyber security
  • Young people more likely to be privacy conscious and careful of what details they share online
  • 61% of internet users check social media daily, but 21% report they never look at social media
  • 70% always use PINs and passwords for smart phones and tablets
  • Less than half do not always use a strong, separate password for their main email account

The NCSC has also today published separate analysis of the 100,000 most commonly re-occurring passwords that have been accessed by third parties in global cyber breaches. 

The results show a huge number of regularly used passwordsbreached to access sensitive information.

Most used in total Names Premier League football teams Musicians Fictional characters
123456 (23.2m) ashley (432,276)

liverpool (280,723) blink182 (285,706) superman (333,139)
123456789 (7.7m) michael (425,291) chelsea (216,677) 50cent (191,153 naruto (242,749)
qwerty (3.8m) daniel (368,227) arsenal (179,095) eminem (167,983 tigger (237,290_
password (3.6m) jessica (324,125) manutd (59,440) metallica (140,841) pokemon (226,947)
1111111 (3.1m) charlie (308,939) everton (46,619) slipknot (140,833) batman (203,116)

Major risk can be avoided

Dr Ian Levy, NCSC technical director, said: “Password re-use is a major risk that can be avoided - nobody should protect sensitive data with somethisng that can be guessed, like their first name, local football team or favourite band.

“Using hard-to-guess passwords is a strong first step and we recommend combining three random but memorable words. Be creative and use words memorable to you, so people can’t guess your password.”

Margot James, Department for Media, Culture and Sport’s digital and creative industries minister, said: “Cyber security is a serious issue, but there are some simple actions everyone can take to better protect against hackers.

“Cyber breaches can cause huge financial and emotional heartache through theft or loss of data which we should all endeavour to prevent.”

Reduce the risk by building awareness

The NCSC hope to reduce the risk of further breaches by building awareness of how attackers use easy to guess passwords, or those obtained from breaches and help guide developers and System Administrators to protect their users.

Troy Hunt said: “Making good password choices is the single biggest control consumers have over their own personal security posture.

“We typically haven’t done a very good job of that either as individuals or as the organisations asking us to register with them.

“Recognising the passwords that are most likely to result in a successful account takeover is an important first step in helping people create a more secure online presence.”

Implications on a commercial level

CFC Underwriting’s chief innovation officer, Graeme Newman focussed on the implications a weak password may have on a  business’ vulnerability.

He said: “The majority of successful cyber security breaches result from cyber criminals preying on human weakness, so these findings reinforce the importance of taking cyber security seriously.”

“However, if you compare individuals to businesses, most are only risking their own security whereas businesses are responsible for protecting other people’s information and money so it’s even more important for them to take cyber security seriously.

“Because of the value of the data they hold and the volume of high value transactions they make, they have become more attractive targets than individuals.

Newman claims that cyber insurance claims rates have “more than doubled” in the past couple of years, revealing that CFC paid over 1,000 cyber claims in 2018.

We need more than just stronger passwords

He believes that simply having a stronger password as a business employee is not good enough. And feels stronger security measures must be adopted across the commercial space.

He said: “Although the report points to strong passwords as being critical for individuals, for businesses this is simply not enough. Without multi-factor authentication in a corporate environment you’re almost certain to get hacked.

“Another perhaps more shocking statistic from the report is that only 29% of people said they back-up their most important data. With the huge rise in ransomware that we’ve seen in the last two years this is a major problem – one that we’ve seen reflected in many small businesses.

“The lack of offline back-ups can increase the costs of a malware or ransomware event exponentially. Unfortunately the rise of online back-up services such as iCloud has led to complacency about this essential piece of cyber security hygiene.”