2017 was a huge year for cyber crime, more attacks than ever took place, with headlines coming through an almost a daily basis, telling of large-scale cyber attacks crippling well-known organisations. Remaining at the forefront of technology is key when it comes to data protection as threats are constantly evolving. As we enter 2018, it’s important to reflect back on the main events that happened over the last 12 months and ensure we learn from them.
We saw some of the largest ransomware attacks ever performed last year. Major Spanish multinational broadband and telecommunications provider, Telefonica, were forced to instruct their employees to literally pull the plug on their computers as a dangerous form of malware, named WannaCry, breached their network in May. The hacking group behind the attack demanded a huge sum of money in the form of Bitcoin in order to unblock their files.
The NHS also fell victim to WannaCry around the same time. The health sector has always been heavily targeted by ransomware due to the impact of infection and the potential for casualties if networks are unavailable. Since the goal of ransomware is to extort money, it makes sense to target an industry that wouldbe desperate to resolve problems if they were hacked. In fact the very first known case of ransomware was known as the AIDs Trojan and infected 20,000 healthcare facilities across the globe.
The businesses being brought down are huge multinational companies who already have global multi-layered security strategies in place, which doesn’t give much confidence to smaller businesses. Conventional firewalls, IPS and anti-virus systems are clearly not always enough to deal with rapidly evolving threats these days. More and more organisations are choosing to invest heavily in new security solutions and technology such as Cisco AMP or Palo Alto Networks Traps every day.
Everyone knows the importance of backing up data, but some organisations and individuals still neglect to do so. The statistics of how many companies actually have adequate backing up protocol is frankly shocking; 58% of businesses report to have no contingency plan for data loss according to the research firm, Clutch.
As technology progresses, not only does the ability for malicious software to evade detection increase, the ease with which low-skilled hackers can become involved opens the door to a greater volume of cyber attacks. It is now entirely possible to download a pre-built package of ransomware that can be unleashed on organisations throughout the world.
The problem here is that the traditional and somewhat ironic honour that hackers would unblock data once the ransom has been paid has disappeared. Often these low skilled criminals simply don’t possess the knowledge or ability to decrypt it. Therefore you will lose vital data no matter if you concede to the hackers demands or not.
With a huge financial reward available to those willing to distribute ransomware, it should come as no surprise to see the frequency of ransomware attacks increasingly rapidly.
Across the globe, there is a crippling lack of talent available to deal with cyber security and the UK is one the most significantly affected. This scarcity is also predicted to get worse throughout the year. The industry of security experts is simply not growing anywhere near as fast as the industry of cyber crime. Smaller businesses in the UK are going to struggle to employ the right people to prevent bankruptcy-inducing attacks. These smaller businesses often feed into larger businesses and so the results can be catastrophic.
According to research by the Center For Cyber Safety and Education, just 12% of the UK’s cyber security workers are below 35 with the majority of them being aged 45 and older. The only redeeming takeaway from this situation is the government announced in 2017 that they are currently in the process of investing £20m into a cyber curriculum in order to grow the UK skill set.
“This forward-thinking programme will see thousands of the best and brightest young minds given the opportunity to learn cutting-edge cyber security skills alongside their secondary school studies,” said Matt Hancock, the digital and culture minister. “We are determined to prepare Britain for the challenges it faces now and in the future and these extracurricular clubs will help identify and inspire future talent.”
The question is whether this will be enough to match the soaring demand in this country, the common consensus is that it will not. Therefore, if you’re thinking about implementing a security strategy or expanding your security footprint we would recommend you do this sooner than later, before the skills gap gets any worse.
This point may seem fairly obvious but customers really stood their ground in 2017 and protested against data leaks more than they ever have in the past. Companies such as Morrison’s, Uber and Yahoo have all experienced lawsuits in the last year that will continue into 2018. No longer are consumer groups willing to be disrespected by a firm that doesn’t put value into adequately protecting their customers private information.
One of the biggest data breaches in 2017 was the US consumer credit reporting agency Equifax. Hackers managed to get hold of an astounding 143 million consumers social security numbers and other important information, almost half of the country’s population. What made it worse was they discovered the breach on July 29th but waited over a month until September 7th to make any sort of announcement regarding it.
The backlash was from consumers was extreme. Mounting public pressure forced the resignation of the CEO, Richard Smith, along with several other executives and the schemes put in place by Equifax to ‘make-good’ with their customers are likely to cost them millions of dollars over the coming years.
The general public understanding of how a data breach can effect people personally is increasing alongside consumer power. These issues cannot be swept under the rug by companies any longer because attempts to do this only seem to make the situation worse.
Arguably, 2017 was the biggest year in the war of cyber security vs cyber crime the world has seen to date. Learning from mistakes in key to not becoming tomorrows headline news for the wrong reason. Investments in cyber security have to be at the top of any organisations priority list because, depending on severity, one breach could potentially have a critical impact. Cyber crime is not going away and so the question is not IF you will invest in security but WHEN. The answer should be as soon as possible.
If this article has got you thinking about your own company’s security and you’d like to find out how you can improve, please get in touch with us and we can have a more in-depth conversation and answer any questions you may have.
Tesrex also provide a full range of services centred around Cyber Security and Cyber Crime prevention. Contact us to arrange a consultation and to find out more about how we can help you understand where you are and how to get to where you want to be.
solutions@tesrex.com
01923 77 66 44
London, UK
