The impact of cyber-attacks can be bruising for a business with both short and long term effects to consider.
A 2016 survey of 428 businesses that have suffered cyber-attacks in the previous months.
You can see from the statistics above for 2016, that the biggest impact reported by businesses that have suffered from cyber-attacks is the provision of new measures to prevent further attacks. This can be costly but is essential to protect against further attacks.
There are the short term issues:-
Bringing in expert technical staff to find out how the attack happened
Technical expertise needed to start to build defences against further such attacks
Extra staff to deal with recovery, communications with customers, legal ramifications etc.
Disruption to staff and service to customers
Then there are the long term effects:-
Steps needed to restore reputation and customer confidence
It is better to build strong defences against cyber-attacks than simply trust to luck.
It is prudent to have plans in place for how to deal with such attacks as the FBI now say that it’s not a question of whether any organisation will be attacked, but simply when.
Do Share this post on social media – click on the post title then scroll down to the social media share buttons.
The National Cyber Security Centre (NCSC) has reported on 2017 and here are some key points from the report.
“It was a year of ransomware attacks, data breaches and online fraud.”
The WannaCry ransomware attack in May spread rapidly and randomly. 300,000 devices were infected across 150 countries and affecting services worldwide, including the NHS. The attack demonstrated the real-world harm that can result from cyber attacks, particularly when they are designed to self-replicate and spread.
The enormous scale of the 2013 Yahoo breach , the 2016 Uber breach and the 2017 Equifax breach came to light, demonstrating that data is a valuable target for cyber adversaries. It is clear that even if an organisation has excellent cyber security, there can be no guarantee that the same standards are applied by contractors and third party suppliers in the supply chain. Attackers will target the most vulnerable part of a supply chain to reach their intended victim.
Between October 2016 and the end of 2017, the NCSC recorded 34 significant cyber attacks. 762 less serious incidents were also recorded. With interest in cryptocurrency still strong, cryptojacking – where an individual’s computer processing power is used to mine cryptocurrency without the user’s consent – will likely become a regular source of revenue for website owners. Increased use of cloud technology to store sensitive information will continue to tempt cyber attackers, which could result in UK citizens’ information being breached.
Distributed Denial of Service (DDoS) attacks – where hackers threaten to conduct DDoS attacks unless a ransom is paid – have increased since mid-2017 when a South Korean web hosting company paid a ransom fee in Bitcoin equivalent to US$ 1 million. In late 2017.
The reported number and scale of data breaches continued to increase in 2017, with Yahoo finally admitting in October that all of its 3 billion customers had been affected by the 2013 breach.
Groups assessed to have links to state actors – were likely responsible for some of the larger breaches.
Examples of data breaches included: • Equifax, where the personally identifiable information of 145 million US users and almost 700,000 UK users was compromised. • Verizon’s data on 14 million customers stored in the cloud, and controlled by a third party company, was exposed to anyone who could guess the web address. • Uber was forced to reveal that it deliberately covered up a year-old breach by paying the hackers US$ 100,000 to destroy the data they had stolen. The data of 57 million accounts, which had not been encrypted, was exposed. • An aggregated database of data, collated from multiple breaches, was discovered by security company 4iQ in December 2017. This contained 1.4 billion credentials in clear text, including unencrypted and valid passwords. Analysis indicated a large number of incidents were caused by third party suppliers failing to secure data properly.
If you have any experiences with scammers, spammers or time-waster do let me know, by email.
The government has been surprised by the level of Internet attacks on government systems, the defence industry, the NHS and on critical business such as the electric companies, water companies etc. and even attacks on household names such as Tesco.
It can be hard to pin down who’s to blame for these attacks but they say there are basically 3 groups involved – government sponsored cyber specialists, criminals and people who just take up the challenge of hacking.
The obvious guess as to the state sponsored cyber hackers is China and more recently Russia. Both countries deny this of course.
The British government has employed cyber specialists for some time to prevent these attacks from succeeding but the time has come for a big increase in spending on this and to officially warn the cyber attackers that the UK will not only defend itself against such attacks but will respond aggressively to any such attackers.
Philip Hammond confirmed that UK security services would cause “damage, disruption or destruction” against those that attack the UK. These “offensive” capabilities would include proactive cyber attacks as well as the ability to defend against incoming disruption attempts.
This seems to be a significant ramping up of the country’s ability in this arena and in particularly that they will go on the offensive where required.
This is a five year strategy and effectively doubles the current spending on cyber defence.
The government claim it is making progress in cyber defence
e.g.1. where it used to take a month to shut down a website spreading viruses it now can be done in 2 days
e.g.2 websites pretending to be government departments can be shut down in hours where it used to take days.
Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.