Cyber-security incidents are at large, and everybody knows it. Data breaches are now a daily occurrence and threaten both businesses and individuals. But just how many people do these incidents affect, where do the hackers come from, and what should I look out for to prevent a cyber-security attack on my device?
Serviceteam IT’s Beyond the Cloud: UK Technology Research 2018 in partnership with Doogheno, 50% of respondents reported an increase in cyber-security incidents in the last 12 months. This reflects the government’s national survey whereby 43% of businesses experienced a breach or attack in the last calendar year. In Serviceteam IT’s 2017 research, 34% of respondents reported an increase in cyber-security incidents in the last 12 months. Therefore, cyber-security incidents have increased by around 15% in one year.
What individuals have said
According to Serviceteam IT’s research, Russia and China are the main sources of attack. Although this is unsurprising, other unexpected sources included South America and South Africa. These locations have not been presented in the media demonstrating the location of cyber-security sources is expanding. As John Noble, a Director of Incident Management NCSC comments “This increase in major attacks is mainly being driven by the fact that cyber-attack tools are becoming more readily available, in combination with a growing willingness to use them,”. The technique to hacking however according to respondents consistently seems to be phishing.
Phishing is a fraudulent attempt by an attacker masquerading as a reputable organisation to try to obtain financial or other confidential information. This is typically via email but can be through other communication channels.
However, it is not just phishing that individuals need to worry about. Spearphishing is another fraudulent practice via emails; yet it is disguised as a known or trusted sender. This is a further method to induce individuals to reveal sensitive data. American network technology Ubiquiti Networks Inc lost $46.7 million from spearphishing emails. This was through employee impersonation and fraudulent requests to the finance department.
So, are cyber-security attacks becoming more sophisticated or is IT security in the UK inadequate?
Not just in the news…
The biggest cyber-security incident to date was Yahoo between 2013-14 which impacted 3 billion user accounts. However, there have been huge cyber-security hacks in 2018 too. In July of this year, Timehop harnessed a breach of 21 million people, including email addresses, names and “keys” for previous posts to be taken.
However, these attacks are not all newsworthy. It is estimated just in June 2018, there were 145,942,680 records leaked. This is from individuals to businesses and charities to government bodies.
Reason for these results
With the GDPR regulation in force in May of this year (I’m sure that you have read enough about this and you would prefer to be spared the details) and the new cyber-security centre in London, you wonder where Serviceteam IT’s and the government national figures have come from. Cyber-security is clearly a British government priority. The first £13.5 million cyber innovation centre in the Queen Elizabeth Olympic Park was set to help secure UK’s position as a global leader for cyber-security.
This is mainly because it is almost impossible to keep up with all the new tech hackers are using. There are now services where it is possible to pay someone to hack into an account, or if you buy a certain app and install it, this will hack a server. It is hard to keep up. This is especially so as it is virtually possible to hack anything.
The typical Hollywood portrayal of a teen hacker in their bedroom is not the case. It is criminal gangs, office buildings and governments with money who are carrying out these threats. Just look at Donald Trump siding with Vladimir Putin against his own Intelligence agency; you don’t have to look far. The industry is worth a fortune. However, globally only around one phishing gang is caught per year. In March this year it was the head of the organised crime gang located in Spain who ran the Carbanak and Cobalt malware campaigns. This gang targets banks and is suspected of stealing £870 million.
What can be done?
Cyber-security hacks will happen to every business or individual and range from opportunistic attacks to sophisticated and targeted attacks. However, cyber-security may seem unimageable. In fact, it is not.
However, what can be implemented is good practice. Tracing the source of an invoice, regularly carrying out risk assessments and continuously educating yourself and others about the seriousness of a cyber-security breach, yet how the risk can be reduced with training. Read the news for the most recent cyber-security hacking techniques and do not be naïve or believe that it will not happen to you. If you are a business, it is also a good idea to regularly carry out your own cyber-security checks and infiltration drills in your data centres.
Risk management techniques include component-driven risk management and system-driven risk management. Threats can be mitigated but it is up to you to be proactive.