This month our Information Security Officer, Graeme Wolfe, takes a look at some very high profile cyber-attacks on companies and institutions that took place recently.
Benjamin Franklyn is credited with saying “There are only two things certain in life, death and taxes”. In our digital age, we could add cyber-attacks to that list of inevitability. It seems that every week the media coverage includes a CEO of a large organisation being interviewed over a breach of their security and the loss of customer records, reputation and potentially, the whole business.
At the time this blog was written the V-Tech hack was exposed, where 6.4 million customer records were stolen. You’ll probably have heard about the most recent Talk Talk cyber-attack, where the personal data of 150,000+ customers was stolen over three attacks in 2015. You may also have heard about the denial of service attacks on RBS and the National Crime Agency – both web sites were out of action for hours. You may not have heard about the attacks that occurred across the pond at UCLA (University of California, Los Angeles) – where up to 4 million records were stolen, or T-Mobile US, where up to 15 million records were stolen.
The University itself has also seen various attacks targeted at both staff and students. Staff have been targeted with emails containing attachments marked ‘invoices’ or spreadsheets purportedly coming from ‘scanner@westminster’ our new multi-function device printer machines. Students received a phishing email regarding ‘University grant information’ three times over a period of six-eight weeks.
We have to accept that unless we withdraw completely from the digital age (and become an ‘off grid spoon whittler’ to quote one broadband provider) we will be subjected to these sorts of scams and need to keep our wits about us. Whether that be a suspicious looking attachment from a company you aren’t expecting to hear from, or a link to a website offering you something exciting or tempting, these sorts of attacks will not just go away. In fact, security professionals are seeing an increase in the accuracy, complexity and deviousness underlying these attacks.
We also need to be aware of the fallout from the companies that get hacked. Once our details have been stolen they will be sold on, often many times over. Those that acquire the details will use many further tricks to try and con us to get a return on their ‘investment’. So not only do we have to look out for electronic scams on a day-to-day basis, but when large companies have data stolen, it gives the scammers other opportunities to target us with their tricks including over the telephone and even hard copy mail, depending on what data the hackers can obtain.
Maybe being an off grid spoon whittler doesn’t seem quite so bad now?
Information and IT Security Officer