CONNECTING THE DEFENCE COMMUNITY WITH INSIGHT, INTELLIGENCE & OPPORTUNITIES

Officially Supported By: dco_logo_land_webonly_k dcb_logo_land_webonly_k
Official Media Partners for: dPRTE_logo_land_webonly_k

Ransomware is a major concern, but it isn’t the only cyber risk your organisation will face this year. Edward Whittingham, former police officer and qualified solicitor, now founder and MD of The Defence Workstakes a look at the expanding array of threats and vulnerabilities that has kept the cyber security industry on high alert this year. 

Attacks involving phishing, malware, mobile apps and smart devices are growing in sophistication, putting the intellectual property and personal data held by corporations, governments and individuals under constant risk. 

Despite valiant attempts by security vendors to develop better defences, cyber criminals are an inventive and resilient bunch. Hacking is here to stay; and as business models continue to go digital, things could potentially get worse. 

The Information Security Forum warned in its 2019 review of the cyber security landscape that globally, businesses face more disruption. That’s down to: 

  • The increased sophistication of cyber crime and ransomware 
  • The proliferation of smart devices, and vulnerabilities inherent in the Internet of Things (IoT)  
  • Supply chain risks; and 
  • The growing insider threat 

 

With the cost of cyber crime set to hit £4.75 trillion by 2021, here is a closer look at the most significant security threats for the rest of this year and beyond. 

Phishing gets more sophisticated 

Phishing attacks involve creating crafted emails, texts and instant messages to fool people into clicking on a link that installs malware on their machineand opens the company network up to intrusion. 

As more organisations invest in security awareness training, employees have become more conscious of phishing and the risks in clicking on links sent by someone they don’t know. But cyber criminals and hackers are upping the ante, using AI tools to create convincing fake messages more quickly in order to compromise networks and systems. Once inside the corporate network, attackers can steal user logins, credit card details and other types of business, personal and financial information. 

Ransomware strategies evolve 

Ransomware attacks are on the rise, costing billions every year as hackers use malware to lock up an organisation’s systems and data and hold the unlock key for ransom. Cryptocurrencies like Bitcoin have helped make ransomware attacks more popular as they allow payments to be made anonymously. 

As companies continue to focus on building stronger defences and back-up plans to prepare for ransomware infectionscyber criminals are turning their attention to other, less wellprepared targets like high-net-worth individuals. 

Cryptojacking gathers steam 

The growth of cryptocurrency has had another direct impact on cyber – the growth of cryptojacking. The process whereby crypto enthusiasts get paid to help verify (minetransactions and ensure the crypto network is validated requires massive computing power and expensive ASICS machines. Cyber criminals who can’t afford the equipment (or pay the energy bills) have turned to hijacking home or work computers to mine on the cheap, secretly hijacking someone else’s machine. 

For businesses, cryptojacking can cause systems to slow down or lock up entirely, spike energy bills and create costly downtime as IT teams work to track down the source of the issue. 

Hacks jump from the virtual to the physical world 

 Could a cyber attack kill you? The return this year of the Triton virus serves as a stark reminder that the vulnerabilities in computing systems can extend beyond data loss and disrupted operations to causing physical harm. 

 Triton is a powerful virus that turned up in the industrial control mechanisms of a Saudi oil and gas plant back in 2017. Infected systems included those designed to kick-in when dangerous conditions are detected – closing valves and triggering pressure-release mechanisms, or shutting machinery down completely. 

Attackers managed to get their virus into plant systems that didn’t hold information of any particular commercial valuebut which would have been the last line of defence against a life-threatening disaster. 

State-sponsored attacks 

Beyond attacks designed to make a profit through theft and blackmail, nation states are now creating cyber attack and infiltration units to breach other governments and test their defences around critical infrastructure. The Bank of England (BoE) warned earlier this year that cyber attacks by rogue states could corrupt the records of high street banks and other financial institutions – possibly over a period of months. 

GCHQ has issued warnings about the risk of cyber attack emanating from Russia and China, and the BoE has urged banks to strengthen their defences and backup readiness to avoid disrupting the City of London – one of the world’s leading financial centres. 

IoT attacks 

According to Statista, the total number of Internet of Things devices will surpass 75 billion by 2025, while the number of IoT devices connected to the internet will reach almost 31 billion by next year. That includes home security cameras, smart household appliances, smart watches, medical devices, manufacturing equipment and inventory control systems. 

Connected devices are convenient for end users and capture immense amounts of insightful data for businessesBut more connected devices means a larger attack surface and greater risk of breach. Once a cyber criminal gains control of a device or smart home network they can create havoc, overload devices, lock down essential systems or monitor security cameras to work out the best time to burgle a home. 

Smart medical devices and digital medical records 

The healthcare industry is going through a major digital transformation as patient records move to digital formats and medical professionals see the benefits of smart medical devices. However, as the industry adapts to the digital age, there are serious concerns about privacy, safety and cyber security threats. 

 Just this month, US medical equipment giant Medtronic initiated a massive recall of its industrystandard insulin pumps after researchers found serious security flaws in the devices. Through an exploit found in the pumps wireless Bluetooth connection, it was feared that an attacker could potentially tamper with the system to over- or under-dose a patient, with serious health consequences. 

Earlier this year, Medtronic issued a separate alert when researchers uncovered vulnerabilities in the wireless protocol used by the company’s implantable heart monitors. 

Vulnerabilities in the supply chain 

Thirdparty suppliers and contractors can pose a huge risk to the organisations they supply goods and services to. Because they transmit or have access to their clients’ data, suppliers with smaller IT budgets and weaker defences can offer an easier way into the systems of large organisations – the weakest link in the chain. 

Supply chain risk is often discussed in the context of manufacturing and retail, but it affects the public sector too. In June police forces across the UK were forced to stop working with the country’s largest private forensics provider after a ransomware attack locked essential case data held on the company’s systems. The company,Eurofins, typically processes more than 70,000 cases each year, including murder and terrorism offences. 

Not enough experts – so you need to create your own 

As cyber crime evolves and escalates, organisations are struggling to hire enough qualified cyber security professionals to protect essential systems and data. This is a pressing issue now and will remain so for the foreseeable future.  

Globally there are understood to be more than a million cyber security roles going unfilledpotentially rising to 3.5 million by 2021. That shortage is a cause for concern since a switched-on digital workforce is essential to fighting the rise of increasingly clever cyber attacks. And that’s why training and a culture of security awareness is so important to cracking cyber crime now. 

Harvard Business Review calls security awareness training the best cyber security investment a business can make. That includes training for everyone – from executives to employees, supply chain partners, consultants and contractors. 

Cyber criminals are weaponising staff, who often become the source of a breach inadvertently by falling victim to a phishing scam. If we’re going to turn the tables on them, arming employees with the skills they need to identify a phishing email or attempted breach can minimise the risk of cyber attack.  

By switching everyone on to the telltale signs of an attempted breach, organisations can create a culture of security awareness that – along with investments in the latest security technology – can keep the cyber wolves at bay. 

If you would like to join our community and read more articles like this then please click here.

Edward Whittingham phishing ransomware The Defence Works

Post written by: Matt Brown


LATEST STAKEHOLDER

Become a Stakeholder today and benefit from an exclusive marketing package which will allow you to:

  • Engage with active defence buyers and key supply chain partners
  • Create your own branded micro-site which within Defence Online which is managed by you
  • Have a dedicated Digital Account Manager to help enhance your Stakeholder page
  • Promote your news, products, press releases, eBooks and Videos as a Defence Online partner which feeds through to our homepage and social media channels
  • Have your company promoted on our partner website Defence Contracts Online (DCO)
  • All news promoted in mynewsdesk, a major hub for all of our news articles which enables news to be picked up from trade magazines, national newspapers and many other publications which offers extra exposure at no additional cost!

Contact us today or call us on 0845 557 1315 to take advantage of this exclusive marketing package


.

RELATED ARTICLES

April 3, 2017

New developments in the war on phishing

Cyber attacks through the technique of phishing rely on human error to be effective and it is through training its

February 13, 2017

Staying secure on line

Cyber security has seen more and more exposure over the last few months, with high profile hacking including in the