'˜Chain of distrust' can protect firms from cyber criminals
COMPANIES and public sector organisations must create a 'chain of distrust' to protect themselves from potentially crippling cyber attacks, a major business event was told.
A seminar about the rise of ransomware - a type of malicious software designed to block access to a computer system until a “ransom” or sum of money is paid - heard that many firms needed to take tougher action to vet files and data that could have been sent by criminals.
Earlier this month, more than 300,000 computers in 150 countries were infected with the WannaCry “ransomware” virus after a cyber attack crippled organisations, government agencies and global companies.
The NHS was also badly affected. Some 47 trusts in England - including a number in Yorkshire - and 13 Scottish health boards were compromised when the virus targeted computers with outdated security.
The event was held at the Leeds head office of smart telecommunications business aql, whose CEO, Dr Adam Beaumont is the regional business champion for CiSP, the Cyber Information Sharing Partnership. CisP is a national initiative operated by CERT, the Computer Emergency Response Team, which is part of the Cabinet office.
One of the speakers, Thomas Chappelow, the director of Leeds-based Nimbox, a provider of cloud-based secure file collaboration and storage tools, said companies could make ransomware attacks pointless, by securing data in a chain of distrust. He said companies should never take for granted where a file has been.
Speaking afterwards, Stuart Hyde, the regional leader for CiSP, who was appointed by AQL, said there was every likelihood of further attacks, although not necessarily of the same type as the attack which hit the NHS.
He said: “It’s a call-out to say these types of attacks can occur and there are lots of things you can do to protect yourself.”
He encouraged people to use CiSP because the service is free and links businesses with Government.
He added: “We saw over the weekend just how valuable that was in helping NHS staff particularly understand what’s going on, share information and work together.”
When asked who he thought was behind the latest large scale ransomware attacks, Mr Hyde said: “You’ve heard today speculation that it could be anything from the North Koreans to a couple of thirteen year-olds in a bedroom, so I think it’s really unfair to put the blame anywhere yet until we’ve got a really good analysis of what’s gone on.
“It was definitely global; this wasn’t an attack specifically against the NHS. The way it was configured and operated possibly made it more vulnerable, but this was a global issue, and quite clearly global issues will impact on day to day services in all sectors. Attacks do take place in Yorkshire and the Humber, but luckily we’ve got quite a good level of skills to be able to tackle some of those.”
In 2015, a survey into cyber-crime which was supported by AQL found that on average, the typical business in Yorkshire and the Humber would fall victim to cyber crime once a year. This compares with an average rate of 2.3 “normal crimes” per business per year.
Dr Beaumont said: “If we are trying to drive growth through digital innovation, we are wasting our time, unless we get the fundamentals right..the fundamental building block is cyber security.”