The University of Southampton
×
Electronics and Computer Science

Helping companies beat cybercriminals

Companies are going out of business all over the world because of cybercrime. UK government statistics published in 2015 showed that 90 per cent of large organisations and 74 per cent of small- to medium-sized enterprises (SMEs) in the UK reported a cyber security breach in 2015. For the most severe breaches, the costs can exceed £3m for large companies and £300,000 for SMEs.

Dr Gary Wills, Associate Professor in Computer Science, leads a team of researchers who work in the field of secure systems engineering – looking at the way secure systems such as cloud-based systems, the ‘internet of things’ and cost-effective protection for SMEs are designed, implemented and used.

The team use computer simulations and mathematical models to develop tools to help organisations test how secure their systems are. As well as looking at the systems themselves, they work with owners and employees of SMEs using surveys to glean the latest information on current cyber security in SMEs. Using these methods, they are helping organisations protect their data, deal with a cyber security breach and find out how the breach occurred so they can improve their systems to prevent similar attacks in the future.

“A fundamental problem is that the internet was built on a non-secure platform, with an ethos of openness – but now that we rely on it to store so much confidential data, it is vulnerable to cyberattack,” says Gary. “Our research focuses on helping SMEs, as they often don’t have a sophisticated IT department with the expertise to protect their online assets.”

Building secure systems that aren’t easily hacked is vital for the future of the global digital economy. “Laws are changing and a serious breach in privacy can result in a company being fined a 10th of their turnover.” And, without sophisticated systems, many small businesses don’t detect a cyber fraud for around 18 months, during which a lot of damage can be done.

“Imagine if you were to leave your house with all the windows open and you put the front door key under the mat on your front step. You shouldn’t be too surprised if your valuables go missing. However, often people – and companies – don’t change the default passwords (‘door key’) or close the unused ports on their server (‘windows’),” says Gary. “Through our research, as well as improving the systems, we are informing companies of the importance of carrying out these fundamental security checks.”