About Us
Established in Newport in 1869 to help local people build homes, we now help people across Wales and England buy properties and save for their future.
< !--Created with SVG-edit - https://svg-edit.googlecode.com/ --> Find out more
11 Jun 2024

Tackling cyber security in Wales

In today’s digital world, cyber security is more important than ever.

Half of businesses (50%) and around a third of charities (32%) in the UK report having experienced some form of cyber security breach or attack in the last 12 months.

In 2020 Monmouthshire Building Society became a founding partner of the Cyber Resilience Centre for Wales (WCRC), in a bid to protect our and other businesses from cyber threats.

We caught up with the WCRC’s Director, Detective Superintendent Paul Peters, to learn more about the centre and the cyber resilience support it provides to businesses so they can be better protected against cyber criminals.

 

Can you tell us about the WCRC – what is it and what is its role?

The Cyber Resilience Centre for Wales is a partnership between policing, the private sector and academia, which aims to support businesses, charities, and organisations across Wales to become more resilient to cyber-crime. With cybercrime and fraud rising year after year, policing has set up a network of Resilience Centres across England and Wales to help organisations understand the threat and take steps to reduce their vulnerability to attacks. The centre is run by police, working closely with partners, and has a particular focus on supporting micro businesses, SMEs and third sector organisations.

How can you help small businesses in Wales?

We can help in several ways. The first is by providing a member’s welcome pack which contains useful guidance to help organisations become more cyber resilient. The guidance explains how to take simple steps to improve security and reduce the chance of becoming victim to a successful cyber-attack. A free 30-minute review can also be booked in with the centre on current cyber set ups.

After joining, members receive a monthly newsletter, and we also offer a range of affordable cyber services and training via the Cyber PATH programme. Cyber PATH works closely with universities to recruit a unique and talented group of students, who work alongside senior cyber security practitioners and police officers to deliver high-quality, tailored, and affordable cyber resilience services to smaller organisations. The services include vulnerability assessments, staff awareness training sessions, policy reviews and corporate discovery, which are all delivered in an easy-to-understand way.

Larger organisations which may already have a strong cyber security posture are often concerned about supply chain attacks, and we can help by highlighting the importance of having a strong cyber security culture and supporting those supply chain businesses to become more resilient.

 

Why is cyber security important?

The cyber-crime threat continues to grow, costing the UK economy £27 billion a year, and Action Fraud recorded 16,733 reports of fraud and cyber across Wales in the last twelve months with £59.7 million reported losses. The Cyber Security Breaches survey (2024) identified that half of businesses (50%) and around a third of charities (32%) report having experienced some form of security breach or attack in the last twelve months. The impact of a successful cyber-attack can be devastating. It can lead to significant financial loss, reputational damage, Information Commissioner’s Office fines, costly remedial action and not forgetting the impact on individuals.

Yet, often basic measures could have prevented a successful attack, for example a strong password policy and implementing multi-factor authentication can significantly reduce your vulnerability. Informing staff of the importance of these measures and providing them with the knowledge to recognise phishing emails, helps make your business more resilient to the regular attacks that we see.

 

What are the biggest cyber security challenges facing Welsh businesses now?

One of the biggest threats is from phishing, which is often in the form of an email, but we also see them as messages and texts. In the past, phishing emails were often easily recognisable, containing poor grammar and spelling mistakes, but these have become more sophisticated, with criminals researching freely available information to create credible phishing emails, and with the introduction of Artificial Intelligence, these will only become more difficult to spot.

By falling victim to a phishing email, you may have your account credentials compromised, which could lead to sensitive data being stolen, your account being compromised, or malware being downloaded. By clicking on a malicious link, you could potentially become victim to a ransomware attack, where all your data is encrypted and to get the encryption key you are required to pay a ransom to the criminals.

But one of the challenges that we have at the WCRC is to persuade small and micro businesses that they are genuinely at risk and the impact an attack could have on their business continuity. To quote one micro business ‘I’m a one-man band down in West Wales, who is going to attack me?’ Three months later that business had all its files encrypted by ransomware. So, the key message is that business owners need to seriously consider their cyber security and recognise that often the reason for an attack is a vulnerability, not the geographic location or business sector.

 

What are the benefits of being a member?

By joining WCRC, you will be able to access many valuable resources, guidance, training, and support for all things cyber. Moreover, you will be joining a network of like-minded business owners who are committed to reducing online risk. We regularly host events and seminars and share local, national, and international cyber threats and trends. In addition, membership allows you to learn how to procure private sector cyber security products, services, or resources. The WCRC is a trusted resource and a straightforward place to find IASME-approved Cyber Essentials and Cyber Essentials Plus Certifiers in your region.

 

How do businesses get involved?

Very simply, visit our website at www.wcrcentre.co.uk and sign up for our free membership or get in contact with us at enquries@wcrcentre.co.uk