Cyber security – why bother?
Cyber security – why bother?
Most people’s perception of cyber-attacks are either of someone in a darkened room trying to take down web sites, or countries attempting to break into other countries’ secure data storage.
The truth is, both things are happening, and much more besides.
The more the internet and the cloud spreads into our lives, the more we put our trust in technology, the more we put our data ‘out there’.
Whether it’s emails, holiday photos on social media, on-line shopping, internet banking or electronic prescription renewal or even our DNA profile – all of this is data that might be useful to someone and will contain some personal information. It is this personal information that people will pay for. Online passwords, username, credit card details are all fair game for cyber criminals. Be it an individual, or a crime ‘gang’ or even a country or state, this ‘treasure’ is valuable to them and they will not stop trying to obtain it.
These attempts, or cyber-attacks, range from social engineering (the scam phone call), through phishing (the ‘You’ve won the lottery - please click the link below …’ type email) to malware infections (on personal or organisational systems), through Denial of Service (DoS) attempts, through to hacking attempts on servers and central systems.
The recent WannaCry ransom attack shows the havoc these kinds of attacks can cause and shows why a good knowledge of Cyber Security, threat vectors and the threat landscape is important.
Every week there are stories of how some system or company, or organisation has had a data breach - how thousands, or even millions, of people’s personal data has been stolen or leaked.
In 2014, the details of 145,000,000 people were copied from eBay. In 2017, at Dixons Carphone the personal information of 10,000,000 people was stolen. In Nov 2018, passwords and passport details of a total of 383,000,000 were stolen via an external hack from Marriot Hotels. To put that into perspective, that’s more than the population of the USA!
These personal details have been offered for sale on the Dark Web.
It’s not just ‘criminals’, the systems themselves can be at fault. In 2018, Twitter urged its 330,000,000 users to change their passwords after a glitch caused some passwords to be stored in plain text.
It is therefore vital that we as individuals, businesses, organisations and states/countries follow some form of secure procedure and that guidelines are developed AND FOLLOWED to protect data.
These standards need to include everything that handles, stores and processes data, be it networks, devices, software, services and of course users – for no matter how secure the environment is made, a mistake by anyone can leave the data vulnerable to attack.
We all need to be vigilant. We all need to be careful. Security is everyone’s responsibility, whether for our own security, or that the businesses we interact with.
“Security is for life, not just for crisis” Colin Topping CISSO, CISM
By Rob Shaw, Senior Lecturer in Cyber Security at Staffordshire University
By Neil Coshan
• Staffordshire University