Calendar An icon of a desk calendar. Cancel An icon of a circle with a diagonal line across. Caret An icon of a block arrow pointing to the right. Email An icon of a paper envelope. Facebook An icon of the Facebook "f" mark. Google An icon of the Google "G" mark. Linked In An icon of the Linked In "in" mark. Logout An icon representing logout. Profile An icon that resembles human head and shoulders. Telephone An icon of a traditional telephone receiver. Tick An icon of a tick mark. Is Public An icon of a human eye and eyelashes. Is Not Public An icon of a human eye and eyelashes with a diagonal line through it. Pause Icon A two-lined pause icon for stopping interactions. Quote Mark A opening quote mark. Quote Mark A closing quote mark. Arrow An icon of an arrow. Folder An icon of a paper folder. Breaking An icon of an exclamation mark on a circular background. Camera An icon of a digital camera. Caret An icon of a caret arrow. Clock An icon of a clock face. Close An icon of the an X shape. Close Icon An icon used to represent where to interact to collapse or dismiss a component Comment An icon of a speech bubble. Comments An icon of a speech bubble, denoting user comments. Comments An icon of a speech bubble, denoting user comments. Ellipsis An icon of 3 horizontal dots. Envelope An icon of a paper envelope. Facebook An icon of a facebook f logo. Camera An icon of a digital camera. Home An icon of a house. Instagram An icon of the Instagram logo. LinkedIn An icon of the LinkedIn logo. Magnifying Glass An icon of a magnifying glass. Search Icon A magnifying glass icon that is used to represent the function of searching. Menu An icon of 3 horizontal lines. Hamburger Menu Icon An icon used to represent a collapsed menu. Next An icon of an arrow pointing to the right. Notice An explanation mark centred inside a circle. Previous An icon of an arrow pointing to the left. Rating An icon of a star. Tag An icon of a tag. Twitter An icon of the Twitter logo. Video Camera An icon of a video camera shape. Speech Bubble Icon A icon displaying a speech bubble WhatsApp An icon of the WhatsApp logo. Information An icon of an information logo. Plus A mathematical 'plus' symbol. Duration An icon indicating Time. Success Tick An icon of a green tick. Success Tick Timeout An icon of a greyed out success tick. Loading Spinner An icon of a loading spinner. Facebook Messenger An icon of the facebook messenger app logo. Facebook An icon of a facebook f logo. Facebook Messenger An icon of the Twitter app logo. LinkedIn An icon of the LinkedIn logo. WhatsApp Messenger An icon of the Whatsapp messenger app logo. Email An icon of an mail envelope. Copy link A decentered black square over a white square.
More
Home Opinion

We all need to prepare for online attacks and realise we’ll never outsmart cybercriminals

By John Isaacs
Cyberattacks are becoming increasingly common and we must get ahead of them rather than picking up the pieces, writes Dr John Isaacs
Cyberattacks are becoming increasingly common and we must get ahead of them rather than picking up the pieces, writes Dr John Isaacs

Almost daily across every news organisation, often well below the main headlines, you are likely to come across details of the latest cyberattack.

Terms like “ransomware” and “data breach” are used to describe the often catastrophic impact on the target.

Dr John Isaacs

While cyberattacks may seem like something that only happens to large enterprises, it can impact a whole range of businesses, public bodies, education providers, charities and individuals.

Across the globe, there is a continued rise in online criminality and general security concerns. These have become particularly prominent during the pandemic.

Over the last 18 months, organisations have adapted to the “new normal” of working from home and there has been a growing reliance on the internet to provide services or carry out business.

Many companies are rapidly undergoing a digital transformation to adapt to this new way of working. This rapid move online can expose them to vulnerabilities or attacks, especially if cyber security aspects are not considered.

Cyberattacks we hear about are just the tip of the iceberg

The attacks and breaches that we do hear about are just the tip of the iceberg, belying a secret digital war constantly being waged between organisations and a range of anonymous attackers.

Due to the desire for secrecy among both victims and perpetrators, it is hard to know the true scale of cybercrime

Most attacks remain unpublicised for security and reputational reasons. While UK Government figures indicate that one in 10 companies have experienced some form of attack in the last 12 months, even these statistics could be underestimating the problem. Due to the desire for secrecy among both victims and perpetrators, it is hard to know the true scale of cybercrime.

We do know, however, that it is becoming more prevalent. There has been significant rise in ransomware-type attacks in the last few years.

 

Ransomware is sophisticated computer code that prevents users, or an entire organisation, from accessing their systems or data and demands a payment for access. Often the ransomware collects sensitive data and directs this back to the perpetrators as leverage in blackmail. The impact on the groups targeted is enormous.

Criminals target digital weakness

This month, a cyberattack on a US fuel pipeline company Colonial Pipeline caused a reduction in oil supply across America’s east coast. The drop in supply caused a rise in consumer petrol pump prices, sparking a crisis during a period of economic recovery.

Last week, the Irish health service (HSE) suffered a digital attack, described as the most significant in the state’s history. It resulted in cancellations of appointments and outpatient services.

A cyberattack target won’t have actually been selected by anyone – at least not anyone human

Closer to home, Scotland’s Environmental Protection Agency suffered a similar ransomware attack in December. It affected a range of systems and shut critical operations for a considerable time.

The thing about these attacks is that the target won’t have actually been selected by anyone – at least not anyone human. In the vast majority of cases, the attacks are the result of a vulnerability in a piece of software, a network or information security policy.

Let’s get ahead of attacks

One of the factors that make cybercriminal groups so dangerous and successful is their ability to adapt and grow. Cybercriminals and the tools they use are adept at finding new vulnerabilities to exploit. This underscores the importance of being able to foresee and anticipate potential threats and strengthen an organisation’s cyber defence.

Organisations must invest in cyber security in order to protect their reputation and finances

Often cyber security experts are brought into a company after an attack or breach has happened. This is important, as it does provide a picture of what has happened and help identify the vulnerability.

Wouldn’t it be better, though, if the organisation was protected in the first place?

We need more cyber security experts

To do this, companies need access to staff with key skills and training in cyber security. However, there is a gap in the demand and supply of people with these skills across Scotland. Encouraging young people into cyber security roles, creating apprenticeships and upskilling for existing staff is vital.

RGU’s new Graduate Apprenticeship course in cyber security provides students with the skills required to become competent in this growing, fast-paced sector.

Our cyber security Masters course was recently accredited by the National Cyber Security Centre – a part of the UK Government Communications Headquarters (GCHQ). GCHQ themselves have highlighted the importance of taking a national approach to cybersecurity, calling it “an increasingly strategic issue”.

All organisations must embed highly trained and skilled cybersecurity experts within their workforce, not only to protect their IT infrastructure but also for the sake of their reputation and finances.

Dr John Isaacs is Head of the School of Computing at Robert Gordon University