Analysing high profile cyber security breaches
The impact and issues surrounding cyber security are becoming more apparent for organisations across the UK.
Figures released in the Cyber Security Breaches 2018 Survey – published by the Department for Digital, Culture, Media and Sport – indicate that 43% of businesses surveyed experienced a cyber security breach or attack in the last 12 months, while 19% of charities also fell victim to an attack or breach.
It will come of no surprise that the vast majority of companies and charities included in the survey indicate that they are heavily reliant on online services and see cybersecurity as a critical issue.
Amazingly, just under a third of businesses have a formal cyber security policy whilst only 30% of firms have appointed board members for cybersecurity.
Of those statistics, 48% of attacks were fraudulent emails directing users to fraudulent websites whilst 13% of attacks suffered by businesses were related to malware and ransomware attacks.
To that end, understanding the issues surrounding cybersecurity threats has never been more important. Here we have outlined some of the cyber security issues which have harmed UK businesses over the last few years.
Probably the most high-profile – and most damaging – ransomware attack in the UK was the NHS WannaCry attack in May 2017. Over a third of NHS trusts were disrupted in the attack – resulting in at least 19,000NHS appointments cancelled as a result.
Whilst the attack was stopped, the fallout of the attack was very damaging, costing a total of £92m. Speaking at the time former chairman of NHS Digital, Kingsley Manning, indicated that that a ‘failure to upgrade old computer systems at a local level within the NHS had contributed to the rapid spread of the malware and ‘a lack of focus, a lack of taking it seriously" for individual NHS organisations' failure to keep up with cyber-security improvements.
It is fair to say that the high-profile nature of this attack set the precedent for bringing cyber security to the forefront of the public’s conscience.
Yet it’s businesses of all shapes and sizes are at risk of vicious ransomware attack as Steelite International, based in Stoke-on-Trent, discovered that hackers encrypted their servers in order to cause disruption to their payroll system.
Located in a remote location outside the UK, a hacker exploited a weakness in the company’s IT system and started to encrypt files. Thankfully, though, the hacker did not scupper any back-up files which enabled the Steelite IT team to build the serve again – despite the hacker demanding 79 Bitcoins.
As a result of these high-profile ransomware attacks, it is fair to say that companies are now taking a more stringent approach to cyber security and putting measures in places to limit any potential damage.
Here, Darren Sanders assesses the impact of ransomware attacks.
Fee paying schools were targeted in a phishing scam whereby fraudulent emails were sent from school systems to parents’ email details offering a 25% discount on fees if they paid via Bitcoin.
Not only did hackers send the fake email, but by accessing personal email addresses of parents, the school had to contact the ICO under the new GDPR regulation. The emails, which included a host of grammatical errors and punctuation errors, were sent from the address of the school's bursar, who is responsible for fees. The ICO are investigating the issue.
Coinciding with this, Action Fraud received over 5,000 complaints regarding a highly convincing phishing email disguised as TV Licensing asking customers to update their financial details. The link in the emails will direct users to a fake landing page used to retrieve full payment details including account numbers and CV2 numbers.
Boosting your awareness of cyber security threats
Are you looking to learn more about cyber security and the threats that are posed to your business?
Download our cyber security eBook to learn more.