By Bruce Skinner, CEO, Alto
HEARING cybersecurity described as: “a game of chess and no longer a war” recently resonated with me in many ways, not least because organisations have to stop working out their defence and start devising their strategy.
The topic of cybersecurity was to the fore in the media again last week, when the Scottish Environment Protection Agency (SEPA) published a series of independent audits carried out in the wake of a cyberattack which was launched against it in late 2020. These reports found that the attack was: “likely by international serious organised criminals” and that it: “displayed significant stealth and malicious sophistication with a secondary and deliberate attempt to compromise SEPA systems as the team endeavoured to recover and restore back-ups.” And this for an organisation which had already been identified as: “not a poorly protected organisation.” For the many organisations which are poorly protected, it will make for uncomfortable and worrying reading.
The fight against cybercrime is relentless and the increasing amounts of technology we use to run our businesses generate and gather increasing volumes of data, thus increasing the likelihood of attack. In a nutshell, it quickly becomes a matter of when and not if an attack will happen to your business or your supply chain. Indeed, the head of UK spy agency GCHQ, Jeremy Fleming, was recently quoted as saying that the number of ransomware attacks on British institutions has doubled in the last year. Whilst he wouldn’t be drawn on the exact number, data from the US Treasury gives us a sense of the magnitude of the problem – ransomware-related transactions for the first half of 2021 stood at a staggering $590 million.
So, with the stakes so high, it’s little wonder that the unscrupulous hackers are using every weapon in their arsenal, and rapidly devising new ones, to keep up the attack and try to infiltrate any system where they might find valuable data that could be turned into cash. And it’s not just individual businesses at risk anymore because hackers know that, if they can break into a Managed Service and Security Provider (MSSP), they potentially unlock a treasure chest of ill-gotten data.
Just as the sophistication ramps up, so too does the number of methods deployed in the online battlefield but email systems remain the most common method of entry. Some are weapons many of us have heard of such as hacking (where people or automated systems try to access a system by any means possible) and phishing (sending deceptive emails which aim to lure the recipient into divulging data for the hacker to use). Others include ransomware attacks such as the one SEPA experienced; data breaches or identity theft, cases of which have risen by a reported 160% since 2019; and malware (malicious software) which is designed to disrupt, damage or spy on a system to build up a picture of a person’s habits or online activity.
To find out more and to use our cybersecurity gap analysis tool, visit www.itsalto.com