Fighting Cybercrime
14th July 2017
Cybercrime has hit the business news headlines numerous times in the last few months, and following on from this, Sussex Business Times outlines the importance of cyber security and explores the methods to take to ensure a secure and stable business
Cybercrime is a huge and growing issue in today’s business world, and it’s becoming more and more of a concern for business owners and their employees.
According to an article that appeared in Computer Weekly, almost half of the UK’s firms lack advanced cyber defenses, despite the high – and growing – level of concern surrounding cyber attacks and the costs associated with this. Managing malware alone costs around £7.5 billion, while data theft incidents cost £6.2 billion, and so it’s clear to see that the costs surround this issue are especially high.
Managing Director at UKi, Graham Johnson commented: “Cybersecurity breaches are now happening regularly on an international scale and thus hacking into autonomous vessel or vehicle technologies is a very real threat. The transport industry needs to stay one step ahead of the cyberterrorists. With many of the world’s leading experts in shipping and automotive autonomous technology speaking and presenting papers at our conferences, solutions can be found, discussed and debated.”
Up until recently, it has generally been rare that IT news hits the headlines, but you can’t have missed the news about the Ransomware attacks that happened across the globe in recent months, one of which exploited a flaw in Microsoft software, led to cyber-attacks on 200,000 computers across the world. Victims of the attack included 48 NHS Trusts in England as well as Germany’s rail network, Deutcsche Bahn, and the global FedEx network.
The spread was limited in part by 22-year-old Marcus Hutchins, a researcher who ended up being an accidental hero as his tracking the spread of the virus helped to prevent it. There are concerns that systems remain vulnerable, however, and it’s important to keep this type of security top of mind when managing IT.
Results of a new RSM survey has revealed that 40% of organisations admit they have been a victim of cybercrime, with over a quarter saying they have been hit in the past 12 months. Worryingly, despite the high level of incidents, one in five firms that have suffered breaches have since done nothing to protect themselves against future attacks.
The survey also pointed to significant complacency with respect to data held with third parties. More than 60% of respondents said they outsourced data hosting or handling to a third party, but over half of said they were not aware of the third party’s cybersecurity policies.
“The events of the last few days have shown just how disruptive a cyber-attack can be and how important effective defenses are,” said Steve Snaith, a technology risk assurance partner at RSM. “However, our recent ethical hacking exercise has revealed some startling weaknesses in the defenses of sizeable middle market companies that you would expect to be better prepared to withstand an attack. If we had been carrying out a genuine hacking attempt with malicious content, the business ramifications could have been catastrophic.”
Industry Analyst, Digital Transformation at Frost & Sullivan, Vijay Michalik commented on the attack: “While the attack was stopped in its tracks as a kill-switch was found and activated by a cybersecurity researcher known as MalwareTech, it is highly likely that a new strain will appear without this flaw. The kill-switch doesn’t decrypt the files that are already compromised, and it doesn’t appear that the encryption has its own exploitable flaw.”
Here, we spoke to JSPC Computer Services who provides you with everything you need to know surrounding the nature of these attacks, and the methods to take to ensure a minimised risk…
What is Ransonware?
“Ransonware is the name for a specific attack, which prevents access to files and demands a payment – essentially a ransom – for their return. Often the demands start small and if they are ignored, increase over time or threaten the destruction or sharing of valuable or sensitive files.”
How can you prevent attacks?
“The extent of the spread of this attack demonstrates that you can’t entirely prevent attacks. A determined hacker will at some point find a loophole in security and exploit it. However, there are measures to limit the likelihood of an attack and the impact if it does occur.
“An audit of current security precautions is the first place to start. This includes not only looking at whether firewalls and virus trackers are up to date and effective, but also looking at practices that may be making a network vulnerable. This includes considering how data is stored and shared across an organisation. In many cases, staff training is as important as the technology.”
Incorporate cyber-attacks into your disaster recovery strategy
“This latest threat may have been stopped for the most part, but in time, it is likely that another threat will arise from so-called “black hat” hackers. This is why it’s important that alongside protective measures to prevent an attack, to also prepare for the worst. A disaster recovery plan should include details of how to prevent the spread across the network, backup storage and data encryption.
“JSPC Computer Services track the trends in cyber security to help clients protect themselves. Not all of them hit the headlines as this high profile ransomware attack has done because often they can be stopped before they do too much damage. To avoid becoming a victim of ransomware or other malware, contact JSPC Computer Services a call to audit your current set up and advise how you can protect yourself.”
Companies are also encouraged to protect themselves against some of the recognisable, common cyberattack methods, some of which include:
- Insider attacks: Employees downloading sensitive or confidential data and selling it on.
- Phishing: Multiple individuals are targeted by a single scam. A blanket email is sent in the hope that some will reply with sensitive information, transfer funds or open rogue links or attachments.
- Whaling: A small group of individuals with significant data access are targeted. A hacker poses as a senior company official and requests personal information, bank detail changes or a large funds transfer.
- System vulnerability exploitation: Weaknesses in system controls, for example not patching systems with the latest security updates and uncontrolled use of open source software, can lead to consequential loss.
Of course, it’s not just UK businesses that are affected by cyber attacks – many aspects of life in the UK are exposed to potential cyberterrorists and attacks, especially in a day and age where the majority of day to day tasks are completed with the help of technologies. An example of this is voting in the General Election.
The most clear threat to online voting is the prospect of a cyber attack. If malicious actors were able to hack into the voting system, they might be able to manipulate the result. The threat of this has grown in recent years. Russian hackers are said to have interfered in last year’s US election by stealing information from US Democrats. Being able to target the voting system itself would be a much bigger prize.
Cyber attacks might not even have to be successful to undermine online voting; even the suggestion that the system could be targeted could damage trust in the result of an online election. After all, we might not know if something did go wrong.
Voting on paper almost guarantees anonymity, as there is no record of who completed each slip, whereas this might not be the case online. In theory, every vote would have a digital trail linking it back to the voter themselves.
This list could go on, but the bottom line here is that, while cybercrime has always been an issue, it’s becoming a growing concern and all the while technologies and softwares are innovating, the importance of making sure your business is secure from attacks of this kind should be very high on the list of priorities for business leaders.