Act now before it’s too late
Jonathan Sharp is CEO of Britannic Technologies
This year cybercrime has been like a tsunami taking down several well-known enterprises including Jaguar Land Rover, M&S, Harrods, Co-op, Renault and even a nursey, Kido. Costing companies billions, having to reduce staff and putting some suppliers out of business.
Cybercrime is now a national emergency and the National Cyber Security Centre (NCSC) and the National Crime Agency announced they cannot fight cybercrime alone, putting the onus on businesses and organisations to secure their systems and data, and prioritising cybersecurity as a critical agenda item, embedding it into every decision they make.
The frightening and alarming aspect is that cybercriminal groups like Scattered Spider and Scattered Laspus$ Hunters consist of teenage hackers, some from the UK. The cybercrime business model is successful and profitable, and the lure of making a lot of money and the kudos received is too tempting for some of the Gen Z to resist.
But the crimes will NOT stop unless we educate young adults of the dangers of cybercrime, companies stop paying the ransoms and businesses ensure that its cybersecurity strategy is top of their agenda.
Dr Richard Horne, CEO of National Cyber Security Centre stated, “All organisations need to see this as a wake-up call to understand what their exposure is to cyber-attacks, to ensure they’ve got the right defences in place, and to make sure they’ve got a plan to be able to continue operations and recover should they be hit by a cyber-attack.”
Don’t pay up
The National Cyber Security Centre (NCSC) and the National Crime Agency advise businesses not to pay the ransom because it encourages cybercrime and the criminal’s win. In January 2025 the government proposed a ban on the public sector organisations from making ransomware payments. However, this is a very grey area littered with loopholes especially if it is extended to the private sector.
Businesses that suffer from a cyber-attack demanding for ransomware often contact their insurance provider and/or the NCSC so they can negotiate a cheaper ransom. It’s a catch 22 if they don’t pay up and can’t operate then will the government support them to get back? If not, then they may have no option but to pay up.
It is vital to build a culture where employees feel compelled but comfortable to report any suspicious activity
Social and economic problem
It is critical that the government, education institutions and businesses collaborate on the education and awareness of how to stop cybercrime.
Research from Oxford University compiled the first ever ‘World Cybercrime Index’ identifying key cybercrime hotspots by ranking the most significant sources of cybercrime at national level. The greatest cybercriminal threats were Russia at the top of the list followed by Ukraine, China, USA, Nigeria and Romania.
However, it has recently transpired that groups of teenagers and twentysomethings from the UK are cyber criminals. So, this is a now a home-grown problem that we must tackle.
Education is key
It is no surprise that cyber criminals are teenagers and in their early twenties, these digital natives spend hours gaming and online which can be gateway to the dark web and hacking subcultures. Hacking tools, malware and phishing tutorials are easily available on the dark web along with subscriptions to a cybercriminal network that for a monthly fee provides access to data from leading companies and organisations.
The kudos and lure of making a lot of money attracts the teenagers but the reality of the crime they are committing is not realised because in the digital world it feels ureal and less serious. They are duped that they won’t be caught as its anonymous, but the reality is it is very serious, and they will go to prison for their crimes.
Young people need to be educated of the dangers of cybercrime and taught cybersecurity and ethical hacking. Talking about the dangers of cybercrime and showing them case studies of the perpetrators that got caught and went to prison. This needs to be actioned now with secondary schools, colleges and universities working together with government organisations such as the National Cyber Security Centre and the National Crime Agency.
Making cybersecurity jobs cool, glamorous and exciting informing the young people they can have well paid careers as spies for nationally recognised organisations. The 007s of the cyber world.
Education institutes can work with the government and industry to create competitions, work experience and apprenticeships. The National Cyber Security Centre have started an initiative called CyberFirst a programme creating opportunities to help young people explore their passion for cyber and emerging tech.
Offering university bursary scheme, competitions and free events and courses, partnering with schools and colleges across the UK with the intent to educate children in cybersecurity which will hopefully lead to a career in cybersecurity, and attracts local industry to offer work experience and apprenticeships.
These measures are critical to close the digital skills gap which is significant regarding cybersecurity. In 2024 the Government issued a report stating that 32% of businesses and 40% of charities lacked confidence in dealing with cyber security breaches or attacks and had not outsourced this function.
Thinking and operating differently
To fight cybersecurity, we all must change the way we think and operate in everything we do online and with technology. We need to be agile, flexible and have an open mind on learning new methods of operating and working, and we can never sit still.
It has been suggested that supply models such as ‘Just in Time’ may have to change to leaner models because if a company is hacked then the disruption to the supply chain is massive, resulting in the companies not being able to get stock.
Act before and not after
Companies and organisations need to secure their technology, people and processes from cybercrime before it happens by implementing a secure IT network and business continuity strategy. So, if a cyber-attack does occur, they can act either before it happens or immediately when it does and carry on as business as usual without facing massive consequences.
Top tips for how business can secure against cybercrime
Cybersecurity is not an optional spend for businesses it is now a critical matter of survival protecting your business, people and reputation of a cyber breach. It is no longer the sole remit of the IT department, everyone in the company from the CEO down should be accountable for cybersecurity. Security needs to be embedded into the culture of the company and to ensure it is employees need to be educated on cybersecurity.
Education and awareness
Human error accounts for a staggering 95% of cyber related incidents (Mimecast 2025) so it is imperative that employees are trained regularly on how to be cyber secure. Training them through workshops and courses using phishing simulations where companies send employees fake but realistic phishing emails to test their ability to recognise threats and how they respond to it.
Teaching employees about not to click on links, input passwords from phishing emails and messages, creating weak passwords and overall poor security hygiene.
It is vital to build a culture where employees feel compelled but comfortable to report any suspicious activity.
Robust passwords
The easiest way for cybercriminals to hack into your network is through weak or repeated passwords. Enforce a rule where all employees must use complex and unique passwords with a combination of upper and lower case letters, numbers and symbols to keep out the cybercriminals. Provide a password manager on your systems to avoid employees having to remember them and make them more secure.
Multi Factor Authentication (MFA)
For an additional security layer incorporate a multi facto authentication (MFA) for a second verification step, this could be a code that is sent to their mobile phone or an authenticator application. Research from Microsoft shows that an MFA can block more than 99.2% of cyber-attacks.
Secure devices
It is also critical not to leave work devices unattended in a public place, use a public Wi-Fi connection and in the office, employees need to ensure screen locks are activated. Protect all devices with encryption and have the ability to wipe data if they are lost or stolen. If employees use their personal devices for work, then have robust BYOD policies in place.
Secure Wi-Fi networks
The Office for National Statistics reported that over a quarter of the UK workforce were hybrid working at the start of 2025 and with the rise in cybercrime a secure network is vital. Remote and hybrid workers should use a Virtual Private Network (VPN) so employees can connect securely making it harder for hackers. Without a VPN you are exposing yourself to an attack.
Update software and devices
If your software and devices are not kept to up to date then the cyber criminals will detect weaknesses in aged unpatched systems and devices. Businesses should run strict patch management policies, turn on automatic updates and implement reputable malware and anti-virus software.
Business continuity plan
Back up your data and follow the 321 rules where you have three copies of your data, stored on two different types of storage, one online and other offsite. Conduct tests regularly to ensure they can be restored and recovered should a disaster occur. A cybersecurity plan is evolutionary that requires constant updating, maintenance and changing.
AI for good
Investing in layered security with perimeters, secure endpoints and AI monitoring that can detect threats and anomalies in real time. Providing protection for employees and customers that can be actioned before an attack happens.
AI can also be used to detect deepfakes which are used by criminals in social engineering so deploying a solution that can identify these irregularities can stop a cyberattack in advance. It is vital that employees are trained on spotting these in links and emails etc.
Building trust
Customers, suppliers and partners want to do business with a company that is secure and resilient, someone who they can trust will look after their data and their affairs. This is also a legal requirement for GDPR requirements and Directors’ fiduciary duty. Solutions such as call and messaging branding build trust because customers see the call or text message are from you therefore know it is not a scam call or text and will answer it.
It is also paramount to have the latest and up to date security standard certifications such as ISO027001 and Cyber Essentials Plus certifications to build trust with all stakeholders.
Stake holder chain
The supply chain and customer environments are often one of the weakest links in cyber resilience. It is critical to perform rigorous audits and ongoing compliance monitoring to ensure they are safe and do not expose your business to a cyber-attack.
Protect yourselves
Beating cybercrime requires a collective collaboration between education institutions, parents, the government and businesses which will take time. But you don’t have time, so it is up to you to protect your business from an cyberattack ensuring you have the latest AI real-time cybersecurity network and solutions in place to protect your business, people and technology. Don’t be a victim to cybercrime and act now before it’s too late for your business and your reputation. Some recover but some don’t!
