Cybersecurity: insight into the world of the cyber criminals
It seems that the latest ransomware cyber attack has left no industry untouched as reports of disruption grow from banks, airports, advertising agencies and transport companies around the world.
But who is behind the attack? Who are the cyber criminals and what motivates them? This was the subject of an excellent talk on cybersecurity as part of the ICAS insights series in association with Investec Wealth & Investment. There will be more great insight into this topic at the ICAS Conference, in Edinburgh on 20 September.
A key point emphasised by speakers Tim Rawlins from NCC Group; Eamonn Keane from Police Scotland; and Mandy Haeburn-Little from the Scottish Business Resilience Centre was this:
If the data that your organisation holds is of value to your business, it is of value to cyber criminals.
Who are the cyber criminals?
The speakers explained that there are essentially five types of hacker:
- The hobbyist hacker’s motivation is the pride gained from successfully breaching an organisation’s IT security.
- The activist wishes to cause disruption to an organisation by attacking its IT systems and networks. Their motives are often a perceived hatred towards an organisation involved in activities which are against the activist’s beliefs. The activist wants to embarrass or publicly shame their target.
- Insiders are those within an organisation who hold a grudge against their employer and who wish to harm them through misuse of the corporate IT systems.
- Organised crime are in pursuit of money or data which can then be monetised.
- Nation states such as Russia, China, North Korea and Iran are suspected of hacking. The recent allegations that Russian state-sponsored hackers gained access to the US Democratic Party IT systems is germane here. include
Attack points for hackers on IT systems
It was emphasised that an organisation needs a plan for cyber security. It is also vital to continuously update systems – older computer systems, “legacy systems”, are especially vulnerable to attack by hackers. The typical attack points for hackers are:
- The vulnerable points in a network of IT systems
- Connectivity to other systems e.g. those of a key supplier.
Common cybersecurity terms
Big data spying is when hackers (often those sponsored by a nation state) gather vast amounts of data for future analysis and sifting.
DDOS stands for “distributed denial of service”. A DDOS attack is an attempt by criminals to make an online service unavailable to legitimate users (such as a bank’s ATM cash machine network) by overwhelming it and flooding it with traffic from multiple sources (often using “bots” to generate the traffic)
Doxing is when criminals search online for information about key individuals within an organisation and then use it with malicious intent.
Malware is the name given to a class of software used by hackers and designed to cause damage and disruption to another computer system
Phishing is whencriminals send emails supposedly emanating from a respectable organisation to dupe the recipient to reveal personal information (such as passwords, credit card details, bank details etc).
Spear fishing is when hackers send emails to people to dupe them into divulging personal information, download a dangerous file (virus) or follow a link to a malicious website.
Trojans are malware (see above) which disguise themselves as harmless or useful programs but will cause a variety of malicious effects including downloading dangerous programs, deleting files, sending files or providing control of the computer to the hacker.
Viruses are malware designed to cause some type of malicious activity on the victim computer. They may delete files, disable anti-virus software and prevent you from using your computer.
Cyber insecurity: how worried should we be about hackers, ransomware and cyberspies?
- The National Cyber Security centre
- CiSP (Cyber Security Information Sharing Partnership) is a joint industry and government initiative established to exchange cyber threat information in real time in a secure, confidential and dynamic environment.
- Cyber Essentials is a government-based cyber security certification scheme that sets out a baseline of cyber security essentials for organisations in all sectors.