Article by Lauren Bryant
Cyber security is the application of processes and technologies designed to protect networks, devices, and critical systems from internal and external threats. This reduces the risk of cyber-attacks. In the digital age, mobile phones, computers and the internet are fundamental parts of modern life, and it is more important than ever to implement the necessary steps to prevent cyber criminals from obtaining data and sensitive information.
On the morning of 4 August, the NHS experienced a ransomware attack on one of its health and care software suppliers, Advanced, in which hackers successfully obtained and extracted client data. Ransomware attacks are when a group gains access to an entity’s computer system, via email “phishing” or virtual private networks. A piece of malware, in this case Lockbit 3.0, is then deployed to encrypt the system. Those impacted included Adastra, which aids 111 call handlers in dispatching ambulances; Caresys, which is utilised in care homes; Carenotes, which is used by mental health trusts for patient records; and Crosscare, which helps run hospices.
As a result of this, the Oxford Health NHS foundation trust’s chief executive, Dr Nick Broughton stated, “We have now been advised that we should prepare for a system outage”. Advanced hinted in a statement that contingency plans would have to be in place “for at least three to four more weeks”, demonstrating the impact of the attack. Significantly, some trusts were left without access to key software for over two months. The attack’s disruption of NHS services, including 36 mental health trusts, demonstrates the increased risk of online databases potentially leaking crucial information.
Going forward, Advanced reported that they will now be “required to satisfy an assurance process set forth by our partners at the National Cyber Security Centre, NHS, and NHS Digital.”
In October 2022, the pro-Russian hacker group, KillNet, took responsibility for attacking more than a dozen US airport websites, flooding servers with phoney internet traffic and forcing websites offline. The group is best known for carrying out DDoS (distributed denial-of-service) attacks on government institutions in reaction to the Russian invasion of Ukraine. Given that there was no serious impact on airport operations, experts concluded that KillNet’s main aim was to gain media attention. Security expert Kevin Beaumont stated, “A reminder to media that KillNet is [a] bunch of kids, not Russian state cyber capabilities.”
Yet, according to Senator Rosen, the attack “is indicative of a broader trend of cyber attacks on American transportation infrastructure, which are escalating in frequency and severity”. He continued, “While, reportedly, this incident did not directly impact airport operations, I am concerned that our nation’s aviation ecosystem remains vulnerable to debilitating cyber attacks… This vulnerability potentially threatens the smooth operation of an air travel system key to tourism-dependent economies across the country’”.
To minimise future risk, the FBI advised all Critical National Infrastructure (CNI) firms to enrol in DDoS mitigation services, to cooperate with ISPs (Internet Service Providers) and formulate a disaster recovery plan.
At the beginning of 2022, the UK government began proposing new laws to strengthen British businesses’ cyber security, following a number of high-profile attacks. Firms providing essential digital services must follow cyber security duties, or they’ll receive large fines for non-compliance. Other proposals include the improvement of incident reporting, as well as making legislation more flexible in order to keep up with technological change.
As part of its new £2.6 billion National Cyber Strategy, the government plans to utilise cyber power, which both protects and promotes national interest through its use of “cyberspace”- a digital medium allowing communication across worldwide computer subnetworks.
The amended Production Security and Telecommunications Infrastructure Bill (PSTI), introduced to the House of Commons on 11 May 2022, will force firms to be honest with their consumers about the steps taken to fix security flaws, also banning universal default passwords.
Minister of Media, Data and Digital Infrastructure, Julia Lopez said, “Most of us assume if a product is for sale, it’s safe and secure. Yet many are not, putting too many of us at risk of fraud and theft.”
“Our Bill will put a firewall around everyday tech from phones and thermostats to dishwashers, baby monitors and doorbells, and see huge fines for those who fall foul of tough new security standards.”
By 2025, 60% of businesses will consider cyber security risk as a determinant when carrying out third-party collaboration and transactions. American consulting firm, Frost & Sullivan, suggests that in the next 8 years, there will be a complex network of 200 billion devices, averaging 20 devices per person. With an ever-growing, heightened risk of cyber attacks, it’s imperative that those in power budget for higher spending on cyber security.