Cyber security: Policing the internet

Sometimes it pays to be slightly paranoid. In an age when crippling cyber-attacks can be launched from a teenager’s bedroom, there is much to be said for creating a “chain of distrust” to protect yourself and your colleagues.

A Yorkshire seminar about the rise of ransomware – a type of malicious software designed to block access to a computer system until a “ransom” is paid – heard that many firms still needed to take tougher action to vet files and data that could have been sent by criminals.

Earlier this year, more than 300,000 computers in 150 countries were infected with the WannaCry “ransomware” virus after a cyber-attack crippled organisations, government agencies and global companies.

The NHS was also badly affected. Some 47 trusts in England – including a number in Yorkshire – and 13 Scottish health boards were compromised when the virus targeted computers with outdated security.

This crisis provided food for thought when experts in the field of cybersecurity gathered at the Leeds head office of smart telecommunications business aql, whose CEO, Dr Adam Beaumont, is the regional business champion for CiSP, the Cyber Information Sharing Partnership.

CisP is a national initiative operated by CERT, the Computer Emergency Response Team, which is part of the Cabinet office.

One of the speakers, Thomas Chappelow, the director of Leeds-based Nimbox, a provider of cloud-based secure file collaboration and storage tools, said companies could make ransomware attacks pointless by securing data in a chain of distrust. He said companies should never take for granted where a file has been.

Stuart Hyde, the regional leader for CiSP, who was appointed by aql, said there was every likelihood of further attacks, although not necessarily of the same type as the attack which hit the NHS.

He said: “It’s a call out to say these types of attacks can occur and there are lots of things you can do to protect yourself.

“Attacks do take place in Yorkshire and the Humber, but luckily we’ve got quite a good level of skills to be able to tackle some of those.”

A number of Yorkshire firms are doing their bit to thwart cybercriminals of all sizes.

The Leeds-based technical marketing agency SALT.agency has expanded its services into cybersecurity by releasing a CyberScanner service.

CyberScanner is a tool designed by SALT.agency’s in-house team which has the ability to scan and analyse websites to test thousands of security vulnerabilities.

John Ward, director of operations at SALT.agency, said: “Yorkshire is a diverse and forward-thinking region that’s attracting some of the most talented people in the industry. It stands the chance of becoming a leader in cybersecurity.”

However, he warned that many sizeable businesses were still being complacent about the issue.

He said: “There’s always going to be some sort of hole in the net that will let in the sharks and of course, the bigger the net, the more damage there is going to be.”

He believes that many leading professionals are unaware of the risks of using unsecure wifi in public places.

He recalled: “A member of our team set out to simply capture all the wifi signals in a well-known coffee shop in Leeds, to see what we could discover. We found about 85 per cent of all the traffic that came from laptops was unprotected, so we could see exactly which websites they were visiting, and over 72 per cent of the mobile traffic was the same.

“Although the majority of people were looking at websites like the BBC and LadBible, two per cent contained sensitive information including websites, passwords and other personal information.

“Although a number of people use VPN apps (virtual private networks) to communicate, there are still a surprising amount of people who don’t.

“There might only be a handful of companies dedicated to cybersecurity throughout the region, but it’s the damage prevention that will really help the economy grow. Cybercrime cost UK businesses £29bn last year and that’s not acceptable. Businesses close and people lose their jobs because of preventable security flaws and mild negligence. Take those issues away and we’re set for a bright future.”

David Wall, professor of criminology at Leeds University, believes that smaller SMEs sometimes lack computer security awareness.

He said: “Nation-state attacks tend to be on infrastructure, like utilities and other services. Britain seems to be well equipped to counter such attacks, although you do not hear about many of these.

“Businesses and organisations can be attacked, but they do seem to have, or they are developing, business continuity plans. The recent WannaCry ransomware attack was a major wake-up call with regard to cyber-attacks in the region.”

Prof Wall believes Yorkshire has built up a critical mass of talented people who can send cybercriminals packing.

He added: “We have a history of developing experience in this area. Don’t forget that we have had a number of major online banking and finance businesses in the region for many years, and the security experience from these has helped motivate others to think about cybersecurity.

“We have also had the two main universities in Leeds working on different aspects of cyber-security.

“It is now 20 years since Leeds University first started researching and teaching cyberlaw and cybercrimes, subjects that have remained popular ever since.

“Leeds Beckett has recently developed a cybersecurity unit in its computing department and there is also expertise in Sheffield Hallam University.”

David Porter, the cybercrime investigator at Yorkshire & Humber Regional Cybercrime Team, added: “The businesses I have interacted with across the region take cybersecurity seriously, and invest heavily in their systems, processes and people to safeguard personal data, business infrastructure and their clients.

“Recent events in the UK have tested organisations and businesses, but it’s a testament to their approach to cybersecurity that there has been minimal impact in Yorkshire.”

Yorkshire’s businesses are increasingly exposed to cyber-attacks, accidental breaches, and an ever-changing regulatory environment, according to Thomas Chappelow of Nimbox, which specialises in protecting confidential data.

Mr Chappelow said: “According to the Government’s 2017 Cyber Security Breaches Survey, just under half of all UK businesses admitted at least one cybersecurity breach or attack in the last 12 months. This number rises to two-thirds among medium-sized and large firms. In short, cyber-breaches affect most businesses.

“We are living in an age of ‘big data’, whether we’re prepared for it or not. We’re all collecting more and more data, without necessarily adapting our business systems and processes to protect.

“We started our company in Yorkshire, because we saw an opportunity to tap into the huge pool of both qualified and aspiring – and I dare say, underused – cyber-professionals in the region. In Leeds, we have access to three university cybersecurity centres, filled with academics who produce valuable research into the issues we’re all facing; a vibrant technology hub; and a specialist police unit that helps businesses to fight back against the tide of attacks.”