UK cyber attacks are “a matter of when not if”
The potential risks of ever-growing digital integration are not unknown to us. Computers, smartphones and other devices provide countless benefits but, as day-to-day services become progressively reliant on these technologies, the consequences of their failings become more disastrous, with our cyber-security at an increased risk.
Last year saw a massive data breach at American-based credit reporting agency Equifax. Personal information of over 145.5 million people was stolen including addresses, credit card and social security numbers. WannaCry, a piece of ransomware software, infected hundreds of thousands of computers worldwide, most notably hitting NHS facilities across the UK, resulting in widespread disruption of services.
Personal information of over 145.5 million people was stolen
It is increasingly true that cyber-attacks are a matter of when not if. In an interview to The Guardian, Ciaran Martin, head of UK’s National Cyber Security Centre (NCSC), anticipates the UK will be hit by a category one (C1) attack before the end of the decade saying, “we have been fortunate in avoiding having one to date.” Examples of a C1 attack could include a major attack on infrastructure, election interference or a deliberately provocative move by a hostile state. For reference, the ransomware attack on the NHS was only a category two. NCSC figures from their opening in October 2016 through to December 2017 show the UK has faced 34 C2 and 762 C3 disruptions in that time frame.
Costs related to cyber-crime are also increasing. Ponemon Institute’s Cost of Cyber Crime Report shows the average cost to business of cyber-security rose to $11.7m a year, rising 22.7% last year compared to 2016. The number of security breaches rising 27.4%. Unfortunately, complete security can never be guaranteed. Martin commented, “Some attacks will get through. What you need to do [at that point] is cauterise the damage.”
Costs related to cyber-crime are also increasing
For businesses, dealing with an attack primarily relies on recovering lost data and alerting those affected quickly and accurately. Equifax came under fire for its exceptionally sub-par response. The breach occurred in July last year and was only made public in September after, supposedly coincidentally, three top executives sold roughly $1.8m worth of shares. Their TrustedID Premier Service launched to help victims, was criticised for including an enrolment clause which meant users couldn’t participate in a class action lawsuit against the company. Changes to their processes were made but the damage was done to their public perception.
Governmental response to cyber-crime on the other hand, may also include a retaliatory attack. The UK has been publicly growing their cyber-offensive capabilities, though Martin suggested a range of retaliation could be employed such as sanctions or as the Trump administration postulated, nuclear force.
The UK has been publicly growing their cyber-offensive capabilities
On an individual level, there are generally advised practices which can help to boost our own cyber-security. It is common for hackers to target less secure sites to gain login information which they then use on other more secure services. If passwords are different for every online account, it makes breaches much more manageable and less severe. Also storing passwords digitally is not advised, write them down physically and keep them safe. Updating devices is another simple protection, malicious software often targets known exploits in outdated firmware which have been patched out in later versions. WannaCry targeted computers running Windows XP which was succeeded by Windows Vista in 2007. These and other practices like being careful what information we give out and what files we download are often beaten over our heads but as a victim of hacking myself, it is much less stressful to take preventative action than it is to handle a breach.
Comments