As I See It
Cybercrime: time to stop hiding heads in sand
It didn’t take long for somebody to put the onus on the government in response to last week’s cyber attack on telecoms firm TalkTalk. The Institute of Directors said it was one of the biggest threats facing businesses and called for “urgent action”. If this was a little predictable, it was also missing the target.
It’s not a lack of government advice, but a lack of action by companies that lies at the heart of the problem. As the author of a novel which has cybercrime as one of its themes, my research led me to numerous initiatives and top level meetings aimed at tackling this issue.
The Government’s Cyber Essentials scheme, for example, provides a range of basic measures for enterprises of all sizes to follow to ensure they take cyber security seriously and are able to defend themselves against the majority of threats.
What the IoD should be doing is advising its members to take heed of these warnings and follow the advice that is available, not just from government but from those working in the private sector. Tackling cybercrime has become an industry itself and there is no shortage of experts willing to tell businesses what they should be doing.
This is another case of leading a horse to water. In spite of the information available, businesses too readily refuse to drink. It’s a “distraction” from their day-to-day business. The attack on TalkTalk shows how day-to-day business suddenly turns into managing a crisis. Its shares crashed and it has a huge PR, marketing and investor relations task ahead to restore confidence among customers and shareholders to ensure this does not develop into something worse.
It is astonishing that a company of TalkTalk’s size seems not to have heeded some of the basics that will be outlined in the government advice, including an apparent failure to encrypt data in its IT system. More astonishing, perhaps, is that the CEO Dido Harding, admitted she didn’t actually know if it was encrypted.
Making matters worse is that this was the third hacker attack on this company this year. Had it not learned anything from the earlier incidents?
There is also some irony that this is a company working in the telecoms industry which you would think had some idea of how hackers use the worldwide telecoms network to attack their victims.
Experts say companies fail to upgrade IT systems as part of cost-cutting measures, and too many rely on the simplest of security measures such as user names and passwords. Some experts believe passwords are now outdated and that the hackers have worked out how to by-pass them.
This latest attack was conducted by a distributed denial of service (DDoS) attack. These are quite common and are becoming a growing problem within the wider cybercrime phenomenon which is now regarded as a new type of global warfare.
The Office for National Statistics now includes cyber crimes into its crime figures and recent data has revealed that it has officially become the UK’s most common offence. The actual figures are widely believed to be much higher than those reported, partly because firms are reluctant to reveal they have been attacked for fear of scaring away customers and investors.
The development of social media which has the capacity to spread bad news quickly has made companies even more nervous of admitting their systems have been breached.
What is undeniable is that the global cost of cyber crime surpassed that of the drug industry back in 2011. It is becoming a focus for organised crime rings as well as terrorists and, as suggested by the TalkTalk ransom note, blackmailers.
And, yes, these issues form part of the plot in my novel (shameless plug) which was researched from 2012 to 2014. The information and the trends in cybercrime have been well known for some time. Nobody can say they have not been warned.