Bridewell research reveals the toll of economic uncertainty on the transport and aviation sector, with employee sabotage, ransomware, and reduced cyber budgets emerging as top security threats.
Reading, UK – Wednesday 14th June 2023 – Almost four in ten (38%) UK transport and aviation organisations anticipate a rise in cyber crime as a direct result of the current economic crisis, according to new research by leading cyber security services firm Bridewell.
The ‘Cyber Security in CNI: 2023’ research report, which surveyed cyber security decision makers across UK critical national infrastructure (CNI), including utilities, finance, government, communications, and transport and aviation organisations, found that cost-of-living security concerns are particularly high in the UK transport sector. Over a fifth (22%) of organisations now rank employee sabotage among the biggest risks to their IT environment, reflecting broader fears as energy inflation triggered by the Russia-Ukraine war spikes fuel prices and stunts employee wages.
With rising bills putting transport workers under increased financial strain, security incidents relating to employee sabotage have already surged by 180% over the last 12 months, threatening companies once every 13 days, compared to less than once a month in the previous year. This reflects a longer-term rise in cyber security risk from insiders (both malicious and negligent) over the past three years, with almost three-quarters (72%) of transport decision makers reporting an increase in insider threats since 2020.
Ransomware and other social engineering tactics are also rife in the transport sector, with organisations suffering an average of 28 ransomware-related security incidents a year, up 250% from 2022. Employees struggling with the current cost of living could be more susceptible to these attacks, as criminals seek to exploit financial fears to gain access to critical transport data and systems.
Social engineering tactics deployed by cyber criminals such as Business email compromise (BEC) attacks, a phishing scam that costs UK companies around £140 million in losses each year, is now impacting transport and aviation organisations over once a month on average, a much higher rate than for any other CNI sector.
However, after a period of increased security spend last year, 73% of transport organisations are now seeing a reduction in their security budgets due to the economic downturn, potentially opening the sector to more insider threats at a time of heightened risk.
Craig Moores, Principal Lead Consultant at Bridewell, commented: “Insider sabotage and ransomware threats have been prevalent across the transport and aviation sector, but current economic pressures are leading to increased efforts amongst criminals to target the vulnerabilities of both organisations and their employees in order to disrupt the UK’s travel network. With a focus on reducing financial overheads, minimising security budgets is the wrong approach for transport companies, as it will only exacerbate the dangers. The sector needs to continue investing in strengthening its cyber defences from the inside out, encompassing robust monitoring and testing of systems and access controls, proactive threat detection and response, and supported by the continuous education and training of employees to raise awareness of cyber security best practices.”