With technology now prevalent in all areas of life, security of devices should be encouraged in the same way as physical security. Hannah Khoo, business engagement officer at London Digital Security Centre, explains why
The pace of growth in businesses using tech, and the tech itself, is rapidly increasing. Businesses of all sizes are increasingly reliant on the digital world to operate. This has resulted in innovative businesses seizing new opportunities that the digital world presents but sometimes the pace of change has not incorporated sufficient security. For businesses to survive and grow in the 21st century, embracing the digital age is essential; however, as more and more aspects of life and business move online, the impact of breaches and hacks increases exponentially. WannaCry, Petya and Bad Rabbit are the latest examples of mass incidents crippling organisations of all sizes, and it won’t stop there.
With this in mind, the London Digital Security Centre was set up. This not-for-profit organisation was founded by the Mayor of London, the Metropolitan Police Service (MPS) and the City of London Police (CoLP). The Centre works in partnership with private industry and academia to help businesses, primarily small and medium sized businesses, to embrace digital innovations and operate in a secure online environment.
The first step in achieving this is to encourage SMEs to reflect on how much of their business is reliant on technology. Tech in the office is now standard procedure; whether it’s to check emails, receive a payment, scan a document or take a conference call. The second step is to consider the security of that technology. Security of devices should be encouraged in the same way as physical security, and should be as customary as locking front doors, using shutters and closing windows. Simple, routine security measures can make devices less likely to be a target in the same way that locking windows, security guards, alarms and restricted pass access make premises less likely to be burgled.
A lack of security on devices allows the cyber criminal the opportunity to commit crime across the company’s network. The likes of WannaCry, Petya and Bad Rabbit caused chaos to those affected. Ransomware has a way of controlling the fate of your data until you pay a fee. These exploits were achievable simply because of out of date software, people clicking on links and poor digital health. Although these attacks had flaws and limitations, they demonstrate the capabilities of cyber criminals.
In addition to ransomware, new vulnerabilities have recently come to light. Meltdown and Spectre are affecting devices on a global scale, while KRACK renders data transmitted across Wi-Fi susceptible to interception. All three are providing opportunities for cyber criminals to steal data.
An organisation that has suffered a cyber attack could experience profit loss, disruption of service, compromised data, reputational damage and much more. For some organisations this could be difficult to bounce back from, taking years to recover from the ripple effect.
Of all the businesses the London Digital Security Centre has engaged with: 62 per cent process personal information, 49 per cent have out of date operating systems and 22 per cent do not have antivirus. With this information, it’s clear that devices lack the basic measures that can help to mitigate against ransomware and fix vulnerabilities. Even after the aforementioned attacks, statistics of SMEs in January 2018 showed: 71 per cent process personal information, 24 per cent have out of date operating systems on their network, four per cent do not have antivirus on their devices, despite the advice provided by organisations such as the National Cyber Security Centre (NCSC).
Up-to-date operating systems means that patches will be in place to help fix the vulnerabilities that have been exposed, such as Meltdown and Spectre. Manufacturers do not release patches for operating systems that are too out of date, leaving them unprotected. Additionally, with out of date operating systems the chances of falling victim to ransomware increases, as adversaries take advantage of unprotected systems to find a way in. Similarly, antivirus is a vital element to keeping data safe, as it will scan for known threats. It needs to be updated regularly for it to identify and safely remove any installation of the recent releases of malware.
Simple fixes and change of habit are easy steps to take to prevent unauthorised network access and should be routinely reinforced. Many of the basic standards cost nothing at all; clicking a button in the settings, updating software, being mindful when browsing online, having secure passwords, changing default passwords, limiting access to data, etc. Security will increase with the more time and effort invested in it, much like adding an alarm or a security guard to a door. This doesn’t guarantee immunity to attacks, it simply means that someone else without security measures is a more appealing target. Increasing awareness through training and taking advantage of the services and information provided by organisations (such as the NCSC, the Information Commissioner’s Office and the London Digital Security Centre) will increase your cyber security posture. Now with the General Data Protection Regulation on its way, it has become even more imperative that organisations take cyber security seriously, as the consequences could cost more than there is available to spend.
In essence, more vulnerabilities are being exposed and new attack methods are being created every day. It is important for businesses to stay ahead of the cyber criminals and remain alert when new vulnerabilities come to light. Take control of digital security, sign up for free and become a member of the London Digital Security Centre. Businesses across London can benefit from an assessment of their current security posture against the government’s Cyber Essentials framework. Each member is provided with a detailed report showing how the implementation of simple changes can reduce vulnerability to cyber crime. There are also free online training tools to help improve skills and knowledge, as well as masterclasses to give members an opportunity to find out more about what can be done to enhance security posture. Stay ahead of the cyber criminals by embracing cyber security.