Until the 12th May the word cyber-attack may have been unknown, or at least not fully understood, by a good deal of people. But the global cyber-attack, that released tens of thousands of ransomware attacks affecting 45 NHS trusts and businesses in over 100 countries, has woken the world up. Cyber-attacks, ransomware, etc are not a new phenomenon, but to date they have passed us by. A data breach where customer data is lost has no immediate or significant impact on our day to day lives. But the NHS being paralysed by the attacks’ changes all of that.
Bedford based cyber security business, Layer 8, were not surprised by the attacks, ‘I am disappointed with British businesses that it takes an attack with such damaging consequences for cyber-security to be taken serious’ says Managing Director Sarah Janes. ‘We work with businesses across the country to help prevent this sort of attack and it is usually an up-hill battle to get people in decision making roles to do anything even though the warning signs have been coming for years’.
Ransomware – let’s break it down:
Ransom – like the old cowboy movies, you or your family are held to ransom and only released when you’ve paid the fine or given away your crown jewels.
Ware – as in the ‘ware’ in software. This type of ransom is delivered via your computer.
The perpetrators of these types of crimes are often referred to as hackers, but few have any contextual information about who a hacker is or what their motives are, here’s a quick summary:
- Script Kiddies: term for a hacker with a moderate level of knowledge and skill they use pre-developed scripts (a plan and automated tools) and they’re usually younger. They’re often out to cause mischief and they do it for the thrill perhaps more than for personal gain.
- Hacktivists: As their title suggests, these individuals and groups combine hacking with activism. They’re motivated to expose political or social injustices, or they have an agenda that is religious or ethical.
Corporate Spies: Some companies hire hackers to spy on their competitors and steal trade secrets and intellectual property.
- Criminal Gangs: They’re in it because it pays. Some of the most elaborate and profitable attacks have simultaneously used many people across the globe.
- Cyber Terrorists: We know only too well what terrorists are about in the physical world. Cyber terrorists are motivated by the same religious or political beliefs and are out to cause damage, destruction, and chaos and spread fear and misery.
- Nation States: Hackers are employed and sponsored by governments around the world for various reasons including spying on other nations and governments, surveillance of their own citizens and to complement their political and military ambitions.
How does it happen?
Hackers will target known vulnerabilities, and unfortunately, they know that people usually make it easy for them. For example we don’t update with the latest patch because it takes too long to download or we are so busy at work we don’t or qualify the attachments we open or links we click in emails.
The good news is just by being aware and adhering to some simple tips we can protect ourselves, we don’t need to become cyber-security experts.
What hackers are really good at is using human emotions. For example, they know that if I am stressed, happy, angry etc I’m far less likely to act with my rational mind. Let’s take an email that lots of people have had ‘Dear Sir/Madame, thank you for purchasing the Little Mix Album, click here to download your purchase.’ Well, if we haven’t downloaded that are immediate emotion is either anger or fear, ‘THAT WASN’T ME, HOW MUCH WILL I BE CHARGED’. Or the phone call from ‘the bank’ saying our account has been frozen. They elicit an emotional reaction that means we act before we really think.
Top Tip – don’t act immediately. In all these examples the hacker is relying on your acting before thinking. So don’t, if you feel your emotion being spiked don’t react straight away give yourself 5 minutes to think it through, phone a friend, allow your rational mind to return.
Top Tip – patch. Big software companies are continually working to patch any flaws in their software, so yes it can be a pain to wait for the update to install, but not as much of a pain as dealing with it if it happens to you.
Top Tip – back-up. If you keep a back-up or what’s important to you then, if the unthinkable happens you will be able recover the data, think about all those family photos for instance. You could keep a copy on a USB stick.
Top Tip – it could be me. Don’t be fooled into thinking a you don’t have anything of value to a hacker. Hackers aren’t selective they cast their nets widely and will take from anyone who’s willing to pay!
Layer 8 has put together two free resources
1 – a simple checklist to see if your workforce can make the right decisions when dealing with cyber. See below.
2 – a weekly security top tip, visit https://layer8ltd.co.uk/ to subscribe, to the Layer 8 Toolkit ® EXPLORE. Layer 8 Toolkit ® EXPLORE