After a spate of cyber security attacks, namely computer hackers exploiting systems to access a company’s data, the Government is urging us to put systems into place to protect our valuable information. Here, RAPRA’s Wendi Beamson explains more.
With the onslaught of digital technologies, including cloud-based and integrated systems, we are getting more and more used to uploading and accessing data and information to and from a virtual world.
This brings with it a great many benefits, with many thought leaders believing the future success of manufacturing relies on the adoption of ‘Industry 4.0’, namely the connections between people, information and objects, and the rapid advances in technology it will bring for process and product improvement. In addition, the UK has positively adopted cyberspace as a means of doing business, with card transactions and WiFi and Internet access on the up.
However, despite the obvious advantages of computer-based technology, there are downfalls in using systems that are open to hackers, i.e. those individuals who use computers to gain unauthorised access to data, and both the Government and other organisations are urging companies to be proactive when it comes to cyber security.
Stephen Wright, General Manager of the National Cyber Skills Centre, said the term “Cyber Security” is much misunderstood. “It implies complexity and suggests it is an issue with just technical solutions, for example, an IT issue.” However, he insists that for most organisations, protecting important information needn’t be unnecessarily complex, but needs to be understood.
“The basics will go a long way to providing a good level of protection for most organisations – the complexity on top of that depends on who you are and what you have that someone would want,” he explained.
Very briefly, attackers are after identities, customer lists, supplier lists, banking details, ways into other systems through yours, intellectual property, payroll data, and use of your computers to attack others. Once details of how to get into your systems are sold on, multiple attackers might use them for different purposes.
Simplistically speaking, there are targeted attacks and opportunistic attacks. The opportunistic attackers often use clusters of computers with information harvested from many sources and using complex algorithms to try to gain access, targeting long lists of companies. Information from a successful breach is then often bundled and sold on the thriving black market.
The good news is that if a system’s defence foils the attack, the hackers unemotionally move on to the next one on the list. The bad news is that hackers across the world are putting increasingly sophisticated tools into play to work through the lists time and time again.
You can monitor these attacks, but most people don’t, in fact it is quite common for an organisation not to even know that it has been breached by a successful attack for many months. Interestingly though, it is often through exploiting the mistakes made by the individuals using the systems, than a fault with the actual technology, which allows hackers to gain access.
In light of this, the UK Government has stepped up with an initiative known as “Cyber Essentials” which is five key things that should be put in place to give basic protection. It’s mainly relatively simple configuration of a company’s systems. On top of that, it suggests making yourself and your employees aware of how attacks happen, as well as how to avoid them, to significantly reduce risk.
For further information, visit the resources section of the National Cyber Skills Centre: http://www.cyberskillscentre.com/resources/