Clear the Lobby: What Laws are MPs voting on this week? W/C 12th December 2022
December 11, 2022
Choosing A Law Firm For Your First Job: A Guide For Student Solicitors
December 11, 2022
Article by Lauren Bryant
Cyber security is the application of processes and technologies designed to protect networks, devices, and critical systems from internal and external threats. This reduces the risk of cyber-attacks. In the digital age, mobile phones, computers and the internet are fundamental parts of modern life, and it is more important than ever to implement the necessary steps to prevent cyber criminals from obtaining data and sensitive information.
Cyber Attacks and data breaches in 2022
Advanced NHS Cyber Attack:
On the morning of 4 August, the NHS experienced a ransomware attack on one of its health and care software suppliers, Advanced, in which hackers successfully obtained and extracted client data. Ransomware attacks are when a group gains access to an entity’s computer system, via email “phishing” or virtual private networks. A piece of malware, in this case Lockbit 3.0, is then deployed to encrypt the system. Those impacted included Adastra, which aids 111 call handlers in dispatching ambulances; Caresys, which is utilised in care homes; Carenotes, which is used by mental health trusts for patient records; and Crosscare, which helps run hospices.
As a result of this, the Oxford Health NHS foundation trust’s chief executive, Dr Nick Broughton stated, “We have now been advised that we should prepare for a system outage”. Advanced hinted in a statement that contingency plans would have to be in place “for at least three to four more weeks”, demonstrating the impact of the attack. Significantly, some trusts were left without access to key software for over two months. The attack’s disruption of NHS services, including 36 mental health trusts, demonstrates the increased risk of online databases potentially leaking crucial information.
Going forward, Advanced reported that they will now be “required to satisfy an assurance process set forth by our partners at the National Cyber Security Centre, NHS, and NHS Digital.”
Russian Hacktivists Attack US Airport Websites:
In October 2022, the pro-Russian hacker group, KillNet, took responsibility for attacking more than a dozen US airport websites, flooding servers with phoney internet traffic and forcing websites offline. The group is best known for carrying out DDoS (distributed denial-of-service) attacks on government institutions in reaction to the Russian invasion of Ukraine. Given that there was no serious impact on airport operations, experts concluded that KillNet’s main aim was to gain media attention. Security expert Kevin Beaumont stated, “A reminder to media that KillNet is [a] bunch of kids, not Russian state cyber capabilities.”
Yet, according to Senator Rosen, the attack “is indicative of a broader trend of cyber attacks on American transportation infrastructure, which are escalating in frequency and severity”. He continued, “While, reportedly, this incident did not directly impact airport operations, I am concerned that our nation’s aviation ecosystem remains vulnerable to debilitating cyber attacks… This vulnerability potentially threatens the smooth operation of an air travel system key to tourism-dependent economies across the country’”.
To minimise future risk, the FBI advised all Critical National Infrastructure (CNI) firms to enrol in DDoS mitigation services, to cooperate with ISPs (Internet Service Providers) and formulate a disaster recovery plan.
Major Types of Cyber Security
- Network security refers to the protection of computer networks from both internal and external threats, utilising various processes to prevent malware and data breaches. The most important layer to securing the network is the firewall, which blocks or allows traffic to a site based on security settings.
- Most people use storage platforms like Microsoft OneDrive, Apple iCloud, and Google Drive. Cloud security allows these systems, and the large amounts of data stored on them, to remain protected.
- Application security involves protecting sensitive information within apps, thus preventing unauthorised access or modification. This can involve a two-step authentication, and other measures to confirm the user’s identity.
Major Types of Cyber Security Threats
- Malware is designed to help hackers gain unauthorised access. Different types include ransomware, viruses and worms, and Trojans. Anti-virus software and several layers of protection, like changing passwords or additional authentication, can make it far more difficult for hackers to gain digital assets.
- Phishing is the most common form of social engineering, which involves sending fake messages to people within a company. This can be avoided through the use of corporate emails and spam folders, but also by educating employees.
- Man-in-the-Middle (MITM) attacks occur when the hacker inserts themselves into an information relay process, such as a user logging into an account or a device connecting to a network. Such attacks could be prevented by avoiding public Wi-Fi networks or those that don’t require login details.
Cyber Security Legislation
At the beginning of 2022, the UK government began proposing new laws to strengthen British businesses’ cyber security, following a number of high-profile attacks. Firms providing essential digital services must follow cyber security duties, or they’ll receive large fines for non-compliance. Other proposals include the improvement of incident reporting, as well as making legislation more flexible in order to keep up with technological change.
As part of its new £2.6 billion National Cyber Strategy, the government plans to utilise cyber power, which both protects and promotes national interest through its use of “cyberspace”- a digital medium allowing communication across worldwide computer subnetworks.
The amended Production Security and Telecommunications Infrastructure Bill (PSTI), introduced to the House of Commons on 11 May 2022, will force firms to be honest with their consumers about the steps taken to fix security flaws, also banning universal default passwords.
Minister of Media, Data and Digital Infrastructure, Julia Lopez said, “Most of us assume if a product is for sale, it’s safe and secure. Yet many are not, putting too many of us at risk of fraud and theft.”
“Our Bill will put a firewall around everyday tech from phones and thermostats to dishwashers, baby monitors and doorbells, and see huge fines for those who fall foul of tough new security standards.”
The Future of Cyber Security
By 2025, 60% of businesses will consider cyber security risk as a determinant when carrying out third-party collaboration and transactions. American consulting firm, Frost & Sullivan, suggests that in the next 8 years, there will be a complex network of 200 billion devices, averaging 20 devices per person. With an ever-growing, heightened risk of cyber attacks, it’s imperative that those in power budget for higher spending on cyber security.
References
https://www.digitalhealth.net/2022/10/client-data-exfiltrated-advanced-nhs-cyber-attack/
https://purplesec.us/security-insights/killnet-ddos-airport-websites/
https://www.infosecurity-magazine.com/news/fbi-cyberthreat-from-russian/
https://triadanet.com/different-types-of-cyber-security/
https://safetyculture.com/topics/cyber-security/
https://www.techopedia.com/definition/2493/cyberspace
https://www.gov.uk/government/news/new-cyber-laws-to-protect-peoples-personal-tech-from-hackers
