Page 24 - PWM_OCTOBER 2021 EBook
P. 24
BETTER BUSINESS
Terminating
cyber attacks
With more people working from home than ever
before, the threat from malicious hackers has
increased exponentially, so how do you protect
your business? by Adam Bernstein
yber-attacks are in the news £13,400.
again. First seen in 1972
when a researcher working Defining a cyberattack
in the US on Arpanet, a pre- So, what is a cyberattack?
cursor to the internet, cre- According to Dai Davis, solicitor,
Cated a computer program chartered engineer and partner at
called Creeper that could move across Percy Crow Davis & Co, the
Arpanet’s network, it left a bread- Wikipedia definition, of “any attempt
crumb trail wherever it went which to expose, alter, disable, destroy, steal
read: ‘I’m the creeper, catch me if you or gain information through unau-
can’. thorised access to or make unauthor-
But now the intrusions are more ised use of an asset… that is a
insidious. In May, Colonial Pipeline – computer information system, com-
which operates a pipeline that carries puter infrastructure, computer net-
around 3 million barrels of fuel a day work, or personal computer device,”
between Texas and New York – was is one that he agrees with.
the subject of a ransomware cyberat- He says that it “matches the broad
tack that shut its systems down for definition of an offence under section
five days leaving the East Coast short 1 of the Computer Misuse Act 1990
of fuel. A few days later, at the start of which criminalises any action that
June, the world’s largest meat proces- ‘causes a computer to perform any
sor, JBS, was also attacked by ransom- function with intent to secure access
ware and its operations in Australia, to any program or data held in any they have been breached, and those who don’t yet know.” But as to where
Canada and the US were halted. computer where that access is unau- the threats originate, Davis says that some are performed by ‘script kiddies’
While big corporations garner the thorised”. “who try and hack into a system for fun. They are mostly out to hack well-
most column inches, no business or Roy Isbell, a cyber security special- known sites, or ones that will give them some ‘prestige’”. He adds that non-
organisation should think itself ist and advisor to the UK Forensic monetary sites include those that attract opposition, such as the sites of
immune. And for the world of print, Science Regulator, agrees with Davis. political parties.
there was the attack in March of this He defines a cyberattack as “funda- Isbell takes a similar line but has seen “some operate in a more random
year on the MBA Group. The com- mentally the interaction of a threat fashion” as they look to prove their skills or develop tools in order to raise
pany reported that it had been actor with a particular system with their profile within the hacking communities.
“impacted by a cyberattack, which the intention of achieving a particular For the criminally minded, making money is always the goal and they
caused some operational disruption outcome”. attack anything where it pays them to do so. “They may,” says Davis,
to our systems and a small proportion Of course, how the attack mani- “adopt a scattergun approach, sending out millions of scam emails in the
of our client work”. The firm’s opera- fests itself is dependent upon the out- expectation that only a few people will fall for the scam, alternatively they
tions were disrupted for more than a come that the threat actor is hoping may target a particular ‘rich’ target but in a more subtle, considered man-
week as a result of the attack. to achieve, the level and type of access ner.”
The problem is acute according to that they have been able to create, and Of course, at the extreme, states such as China, Russia and North Korea
the Cyber Security Breaches Survey the skills and tools available to the attack companies to steal technology.
2021 from the Department of threat actor. Worryingly, as Isbell points out, Covid-19 has altered the landscape some-
Digital, Culture, Media & Sport. It Nevertheless, he’s aware that many what because “we now have a more distributed business model with
found that 39% of businesses were believe that ‘cyber’ is just an alterna- employees working from home, often on shared networks with only limited
subjected to a cyberattack or breach tive word for the internet and devices security implemented”. He has seen a significant increase in attacks
in a 12-month period and 21% lost that are connected to it. While this directed at organisations directly involved in dealing with the pandemic or
money, data or other assets. Further, may be true, he says “that this is not involved in vaccine research.
the average cost of the cyber security the whole scope of what the cyber Making a similar point, Davis has found that any newsworthy topic may
breaches these businesses experi- environment covers”. be used to persuade a staff member or individual to click on a link that will
enced was estimated to be £8,460. Davis recalls an old information take them to a compromised website. “In that sense, the pandemic is no dif-
For medium and large firms com- technology saying: “There are two ferent and has given malicious actors opportunity to create appealing false
bined, the average cost was higher, at types of business: those who know links, for example, with offers of having an early vaccination.”
24 PrintWeek MENA October 2021 www.printweekmena.com
