Internet Security

Deepfake Ransomware Threat Highlighted 

Multinational IT security company ‘Trend Micro’ has highlighted the future threat of cybercriminals making and posting or threatening to post malicious ‘deep fake’ videos online in order to cause damage to reputations and/or to extract ransoms from their target victims.

What Are Deepfake Videos?

Deep fake videos use deep learning technology and manipulated images of target individuals (found online), often celebrities, politicians, and other well-known people to create an embarrassing or scandalous video such as pornography or violent behaviour. The AI aspect of the technology means that even the facial expressions of those individuals featured in the video can be eerily accurate, and on first viewing, the videos can be very convincing.

An example of the power of deepfake videos can be seen on the Mojo top 10 (US) deep fake video compilation here: https://www.youtube.com/watch?v=-QvIX3cY4lc

Audio Too

Deepfake ‘ransomware’ can also involve using AI to manipulate audio in order to create a damaging or embarrassing recording of someone, or to mimic someone for fraud or extortion purposes.

A recent example was outlined in March this year, when a group of hackers were able to use AI software to mimic (create a deep fake) of an energy company CEO’s voice in order to successfully steal £201,000.

Little Fact-Checking

Rik Ferguson, VP of security research and Robert McArdle, director of forward-looking threat research at Trend Micro recently told delegates at Cloudsec 2019 that deepfake videos have the potential to be very effective not just because of their apparent accuracy, but also because we live in an age when few people carry out their own fact-checking.  This means that by simply uploading such a video, the damage to reputation and the public opinion of the person is done.

Scalable & Damaging

Two of the main threats of deepfake ransomware videos is that they are very flexible in terms of subject matter i.e. anyone can be targeted, from teenagers for bullying to politicians and celebrities for money, and they are a very scalable way for cybercriminals to launch potentially lucrative attacks.

Positive Use Too

It should be said that deepfakes don’t just have a negative purpose but can also be used to help filmmakers to reduce costs and speed up work, make humorous videos and advertisements, and even help in corporate training.

What Does This Mean For Your Business?

The speed at which AI is advancing has meant that deepfake videos are becoming more convincing, and more people have the resources and skills to make them.  This, coupled with the flexibility and scalability of the medium, and the fact that it is already being used for dishonest purposes means that it may soon become a real threat when used by cybercriminals e.g. to target specific business owners or members of staff.

In the wider environment, deepfake videos targeted at politicians in (state-sponsored) political campaigns could help to influence public opinion when voting which in turn could have an influence on the economic environment that businesses must operate in.

Autonomous AI Cyber Weapons Inevitable Says Security Research Expert

Speaking at a recent CloudSec event in London, Trend Micro’s vice-president of security research, Rik Ferguson said that AI cyberattacks operated autonomously are an inevitable threat that security professionals must adapt to tackling.

If Leveraged By Cybercriminals

Mr Ferguson said that when cybercriminals manage to leverage the power of AI, organisations may find themselves experiencing attacks that happen very quickly, contain malicious code, and can even adapt themselves to target specific people in an organisation e.g. impersonating senior company personnel in order to get payments authorised, pretending to be a penetration testing tool, or finding ways to motivate targeted persons to fall victim to a phishing scam.

AI Vs AI

Mr Ferguson suggested that the inevitability of cybercriminals developing autonomous AI-driven attack weapons means that it may be time to be thinking in a world of AI versus AI.

Example of Attack

One close example given by Ferguson is the Emojet Trojan.  This malware, which obtains financial information by injecting computer code into the networking stack of an infected Microsoft Windows computer, was introduced 5 years ago but has managed to adapt and cover its tracks even though it is not even AI-driven.

AI Launching Own Attacks Without Human Intervention

Theresa Payton, who was the first women to be a White House CIO (under president George W Bush) and is now CEO of security consultancy Fortalice, has been reported as saying that the advent of genuine AI has posed serious questions, that the cybersecurity industry is falling behind, and that we may even be facing a situation where AI will be able to launch its own attacks without human intervention.

Challenge

One challenge to responding effectively to AI cyber-attacks is likely to be that cybersecurity and law enforcement agencies must move at the speed of law, particularly where procedures must be followed to request help from and arrange coordination between foreign agencies.  The speed of the law, unfortunately, is likely to be much slower than the speed of an AI-powered attack.

What Does This Mean For Your Business?

It is a good thing for all businesses that the cybersecurity industry recognises the inevitability of AI-powered attacks, and although it fears that it risks falling behind, it is talking about the issue, taking it seriously, and looking at ways in which it needs to change in order to respond.

Adopting AI Vs AI thinking now may be a sensible way to help security professionals, and those in charge of national security to focus thinking and resources on finding ways to innovate and create their own AI-based detection and defensive systems and tools, and the necessary strategies and alliances in readiness for a new kind of attack.

Student Textbooks Malware Threat

Kaspersky’s blog is warning students who are about to go back after the summer holidays to beware of the risk of malware that’s masked as textbooks and essays online.

Students Targeted

According to Kaspersky, K-12 and college students who may want to save money on textbooks by seeking online essays and study materials may end up unwittingly downloading malware instead.

A study by the security company of school and student-related filenames over the past academic year has revealed that out of 356,000 attempted attacks on Kaspersky users, 233,000 cases involved malicious essays that were downloaded to computers owned by more than 74,000 people (which the company claims its software blocked).

Kaspersky’s figures indicate that 122,000 of those attacks were by malware disguised as textbooks which more than 30,000 users tried to open.

Targeted Popular and Less Popular Subjects

The study revealed that cybercriminals haven’t just been focusing on popular subjects for attacks. For example, even though English textbooks hiding malware had 2,080 attempted downloads and maths textbooks hiding malware had 1,213 downloads, malicious textbooks for natural sciences also manage to fool 18 users.

The Four Most Popular Types of Malware

Kaspersky lists the four most popular types of Malware attacks disguised as online study materials as:

1. School spamming using the Stalk worm

This has claimed the greatest number of victims and is the preferred method by which the Worm.Win32 Stalk.a worm is spread.  Once downloaded to a school computer Stalk penetrates all devices that are connected to it, will infect USB sticks used by students, will spread across the whole network, can spread to the email contacts of students, and can download other malicious applications to the infected device

2. Win32.Agent.ifdx malware downloader

This downloader program is disguised as textbooks or essays in DOC, DOCX or PDF formats. Once launched it opens a text file so that the victim does not realise that anything suspicious is going on, but it is designed to download many other bad things onto the victim’s computer which can be modified to become cryptominers, banking trojans (to steal; bank details) and ransomware.

3. The WinLNK.Agent.gen downloader

WinLNK.Agent.gen downloader is hidden in archives e.g. zip or rar files and uses a shortcut to a text file to open the document itself and launch the attached malware components. This can result in cryptominers, adware, and more damaging programs being loaded onto and slowing down the victim’s computer.

4. The MediaGet torrent application downloader

This is disguised by ‘Free Download’ buttons and will download a torrent client that the user does not need.

What Does This Mean For Your Business?

Colleges and schools are known to be popular targets for cybercriminals because they have large numbers of users spread across many different departments, and sometimes across different facilities, making admin and IT security very complicated.  Also, valuable intellectual property, student and staff personal data, and the chance to use the processing power of many computers within their systems can make schools and colleges tempting targets for cybercriminals.

Part of the prevention of the kinds of attacks identified by Kaspersky can be achieved by educating students (and staff) about threats, and how to spot them and deal with them, as well as making sure that antivirus protection and patches are all up to date across school and college systems.

Kaspersky’s advice to students for avoiding the malware threat includes searching for in books you need in physical or online libraries, paying attention to what type of site is hosting the textbook download, not using outdated versions of operating systems and other software, being wary of email attachments (even those sent from acquaintances), and paying attention to the download file extensions e.g. don’t open .exe files.

Video Labelling Causes Problems

Google has already been criticised by some for not calling out China over disinformation about Hong Kong, but despite disabling 210 YouTube channels with suspected Chinese state links, Google’s new move to label Hong Kong YouTube videos hasn’t gone down well.

Big Social Media Platforms Act

Facebook and Twitter recently announced that they have banned a number accounts on their platforms due to what the popular social media platforms are calling “coordinated influence operations”. In other words, Chinese state-sponsored communications designed to influence opinion (pro-Beijing viewpoints) and to spread disinformation.  Twitter and Facebook are both blocked in mainland China anyway by the country’s notorious firewall but both platforms can be accessed in Hong King and Twitter recently suspended over 900 accounts believed to originate in China. The reasons for the suspensions included spam, fake accounts and ban evasion.

Google Labels Videos

Google’s response, which some critics have seen as being late anyway has been to add information panels to videos on its Hong Kong-facing site saying whether the video has been uploaded by media organisations that receive government funding or public funding.  The panels, which are live in 10 regions, were intended to give viewers an insight into whether the videos are state-funded or not.

Problem

Unfortunately, Google did not consider the fact that some media receives government funding, but are editorially independent, and the labelling has effectively put them in the same category as media that purely spreads government information.

Google and China

Many commentators have noted an apparent reluctance by Google to distance itself from the more repressive side of the Chinese state.  For example, Google has been criticised for not publicly criticising China over the state’s disinformation campaign about the Hong Kong protests.  Also, Google was recently reported to have a secret plan (Project Dragonfly) to develop a censored search engine for the Chinese market and it’s been reported that Google has an A.I research division in China.

Disinformation By Bot? Not

There have been fears that just as bots can be a time and cost-saving way of writing and distributing information, they could also be used to write disinformation and could even reach the point soon where they are equal in ability to human writers.  For example, the text generator, built by the research firm OpenAI, has (until recently) been considered to be too dangerous to make (the ‘trained’ version) public because of the potential for abuse in terms of using it to write disinformation.  In tests (the BBC, AI experts, and a Sheffield University professor) however, it proved to be relatively ineffective at generating meaningful text from input headlines, although it did appear able to reflect news bias in its writing.

What Does This Mean For Your Business?

The influence via social media in the last US presidential election campaign and the UK referendum (with the help of Cambridge Analytica) brought the whole subject of disinformation into sharp focus, and the Chinese state media’s response to the Hong King demonstrations has given more fuel to the narrative coming from the current US administration (Huawei accusations and trade war) that China should be considered a threat.  Google’s apparent lack of public criticism of Chinese state media disinformation efforts is in contrast to the response of social media giants Facebook and Twitter, and this coupled with reports of the company trying to develop a censored search engine for China to allow it to get back into the market over there means that Google is likely to be scrutinised and criticised by US state voices.

It is difficult for many users of social media channels to spot bias and disinformation, and although Google may have tried to do the right thing by labelling videos, its failure to take account of the media structure in China has meant more criticism for Google.  As an advertising platform for businesses, Google needs to take care of its public image, and this kind of bad publicity is unlikely to help.

Your Password Can Be Guessed By An App Listening To Your Keystrokes

Researchers from SMU’s (Southern Methodist University) Darwin Deason Institute for Cyber-security have found that the sound waves produced when we type on a computer keyboard can be picked up by a smartphone and a skilled hacker could decipher which keys were struck.

Why?

The research was carried out to test whether the ‘always-on’ sensors in devices such as smartphones could be used to eavesdrop on people who use laptops in public places (if the phones were on the same table as the laptop) e.g. coffee shops and libraries, and whether there was a way to successfully decipher what was being typed from just the acoustic signals.

Where?

The experiment took place in a simulated noisy Conference Room at SMU where the researchers arranged several people, talking to each other and taking notes on a laptop. As many as eight mobile phones were placed on the same table as the laptops or computers, anywhere from three inches to several feet away. The study participants were not given scripts of what to say when talking, could use shorthand or full sentences when typing and could either correct typewritten errors or leave them.

What Happened?

Eric C. Larson, one of the two lead authors and an assistant professor in SMU Lyle School’s Department of Computer Science reported that the researchers were able to pick up what people were typing at an amazing 41 per cent word accuracy rate and that that this could probably be extended above 41 per cent if what researchers figured out what the top 10 words might be.

Sensors In Smart Phones

The researchers highlighted the fact that there are several sensors in smartphones that are used for orientation and although some require permission to be switched on, some are always on.  It was the sensors that were always switched on that the researchers were able to develop a specialised app for which could process the sensor output and, therefore, predict the key that was pressed by a typist.

What Does This Mean For Your Business?

Most of us may be aware of the dangers of using public Wi-Fi and how to take precautions such as using a VPN.  It is much less well-known, however, that smartphones have sensors that are always on and could potentially be used (with a special app) to eavesdrop.

Mobile device manufacturers may want to take note of this research and how their products may need to be modified to prevent this kind of hack.

Also, users of laptops may wish to consider the benefits of using a password manager for auto-filling instead of typing in passwords and potentially giving those passwords away.

Over A Million Fingerprints Exposed In Data Breach

It has been reported that more than one million fingerprints have been exposed online by biometric security firm Suprema which appears to have installed its standard Biostar 2 product on an open network.

Suprema and Biostar 2

Suprema is a South Korea-based biometric technology company and is one of the world’s top 50 security manufacturers.  Suprema offers products including biometric access control systems, time and attendance solutions, fingerprint live scanners, mobile authentication solutions and embedded fingerprint modules.

Biostar 2 is a web-based, open, and integrated security platform for access control and time and attendance, manage user permissions, integrate with 3rd party security apps, and record activity logs.  Biostar 2 is used by many thousands of companies and organisations worldwide, including the UK’s Metropolitan Police as a tool to control access to parts of secure facilities. Biostar 2 uses fingerprint scanning and recognition as part of this access control system.

What Happened?

Researchers working with cyber-security firm VPNMentor have reported that they were able to access data from Biostar 2 from 5 August until it was made private again on 13 August (Suprema were contacted by VPNMentor about the problem on 7th August).  It is not clear how long before 5 August the data had been exposed online.  The exposure of personal data to public access is believed to have been caused by the Biostar 2 product being placed on an open network.

In addition to more than one million fingerprint records being exposed, the VPNMentor researchers also claim to have found photographs of people, facial recognition data, names, addresses, unencrypted usernames and passwords, employment history details, mobile device and OS information, and even records of when employees had accessed secure areas.

VPNMentor claims that its team was able to access over 27.8 million records, a total of 23 gigabytes of data,

Affected

VPNMentor claims that many businesses worldwide were affected.  In the UK, for example, VPNMentor claims that Associated Polymer Resources (a plastics recycling company), Tile Mountain (a home decor and DIY supplier), and Medical supply store Farla Medical were among those affected.

It has been reported that the UK’s data protection watchdog, the Information Commissioner’s Office (ICO) has said that it was aware of reports about Biostar 2 and would be making enquiries.

What Does This Mean For Your Business?

For companies and organisations using Biostar 2, this is very worrying and is a reminder of how data breaches can occur through third-party routes.

In this case, fingerprint records were exposed, and the worry is that this kind of data can never be secured again once it has been stolen. Also, the large amount of other personal employee data that was taken could not only affect individual businesses but could also mean that employees and clients could be targeted for fraud and other crimes e.g. phishing campaigns and even blackmail and extortion.

The breach may have been avoided had Suprema secured its servers with better protection measures, not saved actual fingerprints but a version that couldn’t be reverse engineered instead, implemented better rules on databases, and not left a system that didn’t require authentication open to the internet.  Those companies that are still using and have concerns about Biostar2 may now wish to contact Suprema for assurances about security.

Is Your Website Sending Scammers’ Emails?

Research by Kaspersky has discovered that cyber-criminals are now hijacking and using the confirmation emails from registration, subscription and feedback forms of legitimate company websites to distribute phishing links and spam content.

How?

Kaspersky has reported that scammers are exploiting the fact that many websites require users to register their details in order to receive content. Some cyber-criminals are now using stolen email addresses to register victims via the contact forms of legitimate websites.  This allows the cyber-criminals to add their own content to the form that will then be sent to the victim in the confirmation email from the legitimate website.

For example, according to Kaspersky, a cyber-criminal uses the victim’s e-mail address as the registration address, and then enters their own advertising message in the name field e.g. “we sell discount electrical goods. Go to http://discountelectricalgoods.uk.” This means that the victim receives a confirmation message that opens with “Hello, we sell discount electrical goods. Go to http:// discountelectricalgoods.uk Please confirm your registration request”.

Where a victim is asked by a website form to confirm their email address, cyber-criminals are also able to exploit this part of the process by ensuring that victims receive an email with a malicious link.

Advantages

The main advantages to cyber-criminals of using messages sent as a response to forms from legitimate websites are that the messages can pass through anti-spam filters and have the status of official messages from a reputable company, thereby making them more likely to be noticed, opened, and responded to.  Also, as well as the technical headers in the messages being legitimate, the amount of actual spam content carried in the message (which is what the filters react to) is relatively small. The spam rating assigned to messages by anti-spam filters is based on a variety of factors, but these kinds of messages command a prevailing overall authenticity which allows them to beat filters, thereby giving cyber-criminals a more credible-looking and effective way to reach their victims.

What Does This Mean For Your Business?

Most businesses and organisations are likely to have a variety of forms on their website which could mean that they are open to having their reputation damaged if cyber-criminals are able to target the forms as a way to initiate attacks or send spam.

The advice of Kaspersky is that companies and organisations should, therefore, consider testing their own forms to see if they could be compromised.  For example, registering on your own company form with your own personal e-mail address and entering a message in the name field such as “I am selling electrical equipment” as well as including a website address and a phone number, and then checking what appears in your e-mail inbox will show if there are any verification mechanisms for that type of information.  If the message you receive begins “Hello, I am selling electrical equipment”, you should contact the people who maintain your website and ask them to create simple input checks that will generate an error if a user tries to register under a name with invalid characters or invalid parts. Kaspersky also suggests that companies and organisations could consider having their websites audited for vulnerabilities.

Free Ransomware Killers Save £88M in Ransoms

Free downloadable ransomware tools launched by Europol in association with several cybersecurity firms as part of the ‘No More Ransom’ initiative are estimated to have saved businesses £87.6 million.

Who / What Is Europol?

Europol is the European Union Agency for Law Enforcement Cooperation.

No More Ransom

‘No More Ransom’ is the name given to the initiative launched July 29th 2016 by Europol’s European Cybercrime Centre.  This is the National High-Tech Crime Unit of the Netherlands’ police and McAfee that works to help victims of ransomware to retrieve their encrypted data without having to pay ransoms to criminals.  The idea is that, by restoring access to their infected systems free of charge, victims now have a third choice they did not have before.

Portal

The ‘No More Ransom’ portal ( https://www.nomoreransom.org/ ), which was originally released in English, is now available in 35 other languages, and thanks to the cooperation between more than 150 partners, provides a one-stop-shop of tools that can help to decrypt ransomware infections – see https://www.nomoreransom.org/en/decryption-tools.html.

Impressive Stats

Europol has reported that its ‘No More Ransom’ portal has visitors from 188 countries and since its introduction in 2016 has enabled 200 000 victims of ransomware recover their files free of charge.  In money terms, Europol reports that this equates to $108 million / £87.6 million that cybercriminals have not been paid in ransoms.

For example, No More Ransom’s tools led to 40,000 decryptions of the ‘GandCrab’ ransomware, thereby stopping those victims from having to pay over £41 million.

More Tools This Year

This year has seen the introduction of 14 new tools, thereby enabling the portal to provide the means for users to decrypt 109 different types of potentially crippling ransomware infections.

What Does This Mean For Your Business?

Until the introduction of Europol’s ‘No More Ransom’ portal three years ago, victims of ransomware were faced with a very stark choice of not paying the ransom (potentially losing all their data and/or suffer a permanent shutdown of certain computer systems) or pay the ransom and not only have to find a very large sum of money but also run the risk of the attackers still doing nothing to help even though they’d been paid.  In both cases, the balance of power was very much in favour of the criminal rather than the victim, who may have accidentally downloaded the virus with a mistaken single click in the first place.

The growing number of tools on the No Ransom portal offers businesses that vital third option of being able to restore their valuable data free of charge, thereby providing a practical, easily available way to defeat ransomware attackers.  This could lead to criminals moving away from ransomware as it becomes more difficult to make money from this attack method.

Business owners should remember, however, that even though the No Ransom portal offers real hope, it should not provide an excuse not to take as many preventative security measures as possible in the first place such as educating and training staff and keeping anti-virus software and patches up to date.

Commercial Release of BlueKeep Malware Causes Concern

Tech and security commentators have expressed their fears that a version of the BlueKeep malware (that’s been included in a commercial penetration testing toolkit) could prove to be dangerous if it falls into the wrong hands.

What Is BlueKeep?

BlueKeep is a kind of malware that can be deployed to exploit a vulnerability in older versions of the Windows operating system.  The malware, which was discovered in May, is estimated to have already affected one million systems globally, and is, therefore, thought to have the potential to become a bigger threat than WannaCry (the ransomware from 2017 that affected 300,000 computers in 150 countries worldwide).

The vulnerability that BlueKeep uses is the Remote Desktop Protocol (RDP) and can affect Windows Vista, 7, XP, Server 2003 and Server 2008 operating systems. BlueKeep will not affect Windows 10.

BlueKeep is self-replicating, without the need for user interaction, and once an attacker has sent malware packets to an unpatched system where RDP is enabled the attacker is then able to perform several actions including adding user accounts, installing more malicious programs and changing data.

A patch was issued by Microsoft back in May for all supported Windows operating systems, Windows XP and Server 2003.

Version Commercially Available

Bearing in mind the threat to businesses and individual users posed by BlueKeep some tech and security commentators have expressed concern that a working version of BlueKeep has been released commercially by Immunity as part of its CANVAS penetration testing toolkit.  Even though the price of the toolkit may deter purchases by potential attackers just to get their hand on BlueKeep, the fear still exists that this commercial release may be dangerous if it falls into the wrong hands.

Healthcare and Telecoms Systems Risk

Some security commentators have noted that older healthcare computer systems and the kind of end-customer systems that can’t be upgraded themselves that are used by telecoms companies may be at risk of being infected.

What Does This Mean For Your Business?

BlueKeep is a real threat for those businesses still using the older versions of the Windows operating system (Vista, 7, XP, Server 2003 and Server 2008).  Although a patch has been issued, patching some business systems can be complicated and time-consuming, but businesses are advised to do so as soon as possible bearing in mind how quickly and easily BlueKeep has spread to date.

In addition to making sure Windows systems are patched and up to date, business IT administrators can also take precautions like disabling any unused and unneeded RDP services, blocking TCP Port 3389 and enabling network-level authentication in RDP services so that would-be attackers can be prevented from performing remote code execution without valid credentials.

UKCIS Offers Online Safety For All

The government has announced that the UK Council for Internet Safety (UKCIS), which is the successor to the UK Council for Child Internet Safety (UKCCIS), has had its scope expanded to improve online safety for all in the UK.

Part of Government Commitment

The introduction of The UK Council for Internet Safety (UKCIS) is part of the government’s commitment to making the UK the safest place in the world to be online, and it will feed into the development of the forthcoming Online Harms White Paper.  The whitepaper, which sets out the government’s plans for a package of online safety measures that also supports innovation and a thriving digital economy, comprises the legislative and non-legislative measures that will make companies more responsible for their users’ safety online, especially children and other vulnerable groups.

Executive Board From Many Organisations

One of the key ways in which UKCIS is expanding its scope and expertise is by including Executive Board members from a wide a range of organisations in the technology industry, civil society and the public sector. The hope and intention are that these diverse organisations will be able to collaborate effectively and coordinate a UK-wide approach to online safety.

The Executive Board member organisations include Apple, Google, Facebook, Twitter, Microsoft, GCHQ, Internet Service Providers, BBC, Childnet, the National Crime Agency and National Police Chiefs’ Council, the Scottish Government, the Welsh Assembly, the Northern Ireland Executive, and the ICO.

This Executive Board will be jointly chaired by ministers at the Department for Digital, Culture, Media and Sport (DCMS), Department for Education and the Home Office, and representatives from the administrations of Scotland, Wales and Northern Ireland.  The Board’s membership will be regularly reviewed to ensure maximum relevance to the evolving challenges that the UK faces in the broad prevention of online harm.

Priority

The government says that the priority of focus for the work of UKCIS will not only include well known online harms experienced by children e.g. cyberbullying and sexual exploitation but will also include risks such as radicalisation and extremism, violence against women and girls, hate crimes and hate speech, and any discrimination against any groups protected under the Equality Act e.g. on the basis of disability or race.

Criticism

The government’s approach with the new UKCIS has, however, been met with criticism from tech commentators who have expressed concern that it may be too vague and that the UKCIS may not be able to act effectively if some difficult problems and trade-offs are ignored.

What Does This Mean For Your Business?

The online economy and the digital society that it serves needs effective protection in order to improve safety for all and to benefit the growth and prosperity of the UK economy.  This new approach of widening the scope of expertise in a collaborative way and bringing more sections of UK society under the umbrella of protection appears to be a very positive step in making the UK a safer place to be online.  This can only benefit businesses, many of which now rely heavily on digital communications and trading platforms.  A safer online environment at home may mean that UK businesses can use more of their resources on making themselves more competitive in the global marketplace.