Despite the gradual easing of Covid-19 lockdown regulations, industry has never been more reliant upon its online networks and remote-working capabilities. The threat of cyber-attack has similarly grown. Organisations need to be clear on how their data and IT infrastructure is protected, says Professor Kamal Bechkoum, head of Business and Technology at the University of Gloucestershire
Picture a cyber-hack on your organisation as being like any other scam – tenacious, infuriating and often playing on human weakness or error to achieve access to your most important resources.
The government’s Covid-19 ‘test, track and trace’ smartphone app, piloted on the Isle of Wight, is a prime example of what can go wrong for organisations when a significant lack of trust comes into the equation.
According to a recent 1,000-person survey almost half (48%) of people in the UK questioned about the NHSX contact-tracing app say they don’t trust the government to keep their information safe from hackers.
The poll also found that 43% of respondents are worried that using the app could give fraudsters an opportunity to launch phishing attacks by email or SMS. This is in addition to the thousands of fake Covid-19 domains springing up and being used to initiate a spate of recent online frauds.
Given that one of the most important public health and safety plans of our time appears to be struggling to assure the public of its authenticity and trustworthiness, how can business leaders make the right decisions to protect themselves and their stakeholders through these troubling times?
In the first instance understand that a cyber-attack on your organisation is inevitable. It’s really not a question of ‘if’, but ‘when’.
Forecasts for the number of online-linked devices, otherwise known as the ‘Internet of Things’ (IOT), in 2020 varies from between 26 billion to 75 billion. If there’s one lesson that can be learnt from the current pandemic it’s that more of us than ever before are working remotely and often mixing the use of personal and professional devices to stay connected.
There is so much information created by these devices – up to and beyond 2.5 quintillion bytes – that 90% of the world’s data has been created in the last two years.
Considering this massive volume it is perhaps understandable that cyber defences can never be 100% secure. The grand challenge facing all organisations is the need to improve their understanding of where threats are most likely to come from, and engage in habitual good security practice at all levels of the organisation.
To begin with, a threat register should consider criminals, ‘hacktivists’, competitors, hostile states, and insiders, alongside the following tips:
Four top tips to becoming cyber-secure
All IOT devices and systems are vulnerable. Malicious apps will often sit in the background for long periods of time collecting data until the time comes for them to strike.
One devastating example was the December 2015 Ukraine power grid cyber-attack, when hackers were able to compromise the information systems of three energy distribution companies and temporarily disrupted electricity supplies for around 230,000 consumers.
This is not massively different from what the average cyber-criminal might do to gain access to your bank account, and make no mistake, even the experts are vulnerable.
Over the last year I've personally experienced six attempts to get into my own system and fell victim to a spear-phishing scam. This is an increasingly common form of attack where criminals attempt to gain sensitive information, such as usernames, passwords or credit card details, by disguising themselves as a trustworthy entity in an electronic communication.
After gaining access to my address book the fraudsters contacted 250 friends, family and associates, asking them to pay for Amazon purchases on ‘my’ behalf. Two fell for it.
On another occasion, I’m somewhat embarrassed to admit, I attempted to book some hotel rooms for visiting guests in Cheltenham, but I only had 10 minutes spare to do this. I went onto an accommodation-booking website, made the payment and received an email stating that the booking could be confirmed within three days. Later I received a call from my bank querying a transaction from Istanbul for £1,100. Luckily they managed to block any further withdrawals.
95% of internal breaches are caused by human error. Our default approach to all IOT systems should always be one of suspicion.
At the University of Gloucestershire control systems access and privileges are managed in a very rigid way. As a head of school, even I can't download anything on my PC and I'm happy about this. When you recruit new people they should be inducted into this kind of culture.
The pressures of the coronavirus pandemic has left many of us tired, putting ourselves in a position where we might fail to properly check the veracity of texts or emails received before reacting. This is when it becomes very easy to overlook crucial details and let things slip by.
Don’t make the mistake of acting in haste. Breathe, regroup and take your time. Ask the right questions, double-check your actions and ensure that everyone is alert to cyber-security issues. Your business might just depend on it.
Housebuilding is an essential part of any well-rounded property sector, and the Thames Valley is…
Siemens Healthineers has announced a new facility in North Oxfordshire that will design and manufacture…
Law firm Howes Percival has appointed commercial law and technology specialist Max Windich to its…
A University of Bristol spinout company that is developing cutting edge technology which uses acoustic…
During the Covid pandemic in 2020, doctors on the intensive care unit at Gloucester Royal…
Mr Rolls had Mr Royce, Steve Jobs had Steve Wozniak – even Elton John had…