The war on cyber-crime: every organisation can have a Snowden

Such is the scale of attacks in recent years, the UK government’s very own National Cyber Security Centre (NCSC) was launched in 2016. The NCSC replaced the old information security arm of the Government Communications Headquarters. In February this year, Chancellor of the Exchequer, Philip Hammond announced a whopping £1.9bn investment and initiative to embed 100 experts into the NCSC in an attempt to stem the flow of cyber-attacks. The Chancellor noted that: “The cyber-attacks we are seeing are increasing in their frequency, their severity, and their sophistication,” giving an idea of the destructive nature these attacks are responsible for.

The field of cyber-security is enormous and there are more ways than you might think for others to get access to your data or system. Mundane tasks such as locking your PC and regularly updating your OS and the programs/applications installed on your devices can help reduce the risk of a breach. Since the infamous and at times vilified, Anonymous and WikiLeaks have come around showing people that nobodies online presence is secure, there has been an underlying fear factor amongst the public. Some are duly warranted; others are based upon completely fabricated claims designed to achieve nothing more than scare-mongering.

Which leads us to one of the biggest myths going, ‘Only big businesses and important persons are targets for cyber-attacks’. If you have this sort of mindset, then your business and personal data is at an enormous risk. In 2015, a UK government report stated that 74% of SME’s reported a security breach in the past year. This number is going to continue to rise and so will the destruction left in its trail. Forbes estimate that by 2019, the complications of cyber-crime will soar to $2 trillion! Two trillion dollars. That is a totally obscene figure and how we got to this stage in the first place is just as ridiculous.

GDPR is a method being introduced as European Law which will see organisations incur a fine of up to 20m Euros should they be subject to a data breach. Harsh? Not really, considering we, the public, put our trust and at times money into these organisation with the belief that our confidential information is safe. It’s a large fee, yes, but in reality, it’s a drop in the ocean in comparison to the $2 trillion reward for cyber-criminals. It’s been a topic of great discussion, especially given the increased reporting on data breaches affecting big companies including Sony PlayStation, LinkedIn, Yahoo and TalkTalk.

But data-breaches aren’t always due to faulty hardware/software or leaving a hole open for hackers to exploit. Social Engineering and the human ‘factor’ are major contributors. Edward Snowden is one such example of a man who walked out of one of the most secure places in the world with a plethora of top secret, classified data. Snowden exposed the National Security Agency’s (NSA) global surveillance programs. Or global spying programs as some might prefer to call them, depending on what side of the coin you’re looking at it from. Whether he was a hero or a traitor or a peacekeeper is all relative, the fact is that one man managed to expose all this information, just by downloading the data onto an external hard drive.

When it comes to cyber-security, prevention is the best cure. Stopping it before it happens is key. That’s why – going back to my earlier point – that governance and regular patching is so important for your systems. As is employee training and awareness. However, it’s impossible to expect every employee to be a trained specialist in dealing with cyber-security and the risks, which is why you must make it easier for them by introducing governance tactics for prevention. Making it more difficult for them to send a classified document to external contacts, making it easier for them to dispose of confidential information and making it more challenging for anyone to access their devices with BitLocker. Snowden may or may not be a true peace patriot, but either way, it’s imperative to ensure your organisation isn’t left with the same level of exposure.

About the author