The global ransomware attack that hit the NHS made headline news. Chris Bond talked to one Yorkshire expert about the growing threat posed by cyber hackers.
Two years ago, the then Chancellor George Osborne warned that Islamic State militants were trying to launch cyber attacks on targets in the UK such as air traffic control systems or hospitals.
When the long-feared attack came, though, it wasn’t militants firing the opening salvo in a new cyber war, it was hackers using an indiscriminate ‘ransomware’ virus that quickly spread around the world.
The malicious software or malware, known as WannaCry, affected more than 300,000 computers in 150 countries, crippling organisations, government agencies and global companies. Here in the UK it was the NHS that suffered most, with 48 trusts in England – including some in Yorkshire – compromised when the attack targeted computers with outdated security.
It’s still unclear who was behind last month’s attack but it exposed our reliance on digital technology and how vulnerable we are when it’s compromised. But what is clear is that ransomware – a type of malicious software designed to block access to a computer system or its data until a ransom or sum of money is paid – is on the rise.
John Clark, Professor of Information and Computer Security at the University of Sheffield, says the cyber threat has grown in tandem with our increasingly digitised world. “It pervades every aspect of our lives. Our transport networks are highly digitised, our education system is increasingly digitised and so is our health service. Over the last 20 years we’ve been heading towards greater digitisation and that means online security is becoming increasingly important.”
However, this means our computer systems are vulnerable to attack, as last month’s attack exposed. “I think it was a wake-up call. It caused a lot of disruption but had it been more targeted against the NHS then it really could have caused mayhem. So my view is they probably got off lightly compared to what could have happened,” says Prof Clark.
“The NHS recovered quite quickly and they deserve credit for that because it means their security practices are sufficient to allow this.”
The problem now facing big businesses and organisations is the constantly changing nature of the cyber threat. “We’ve seen one form of attack which is the ransomware attack that tries to smash a system to extort money. But there are others where systems are attacked just to undermine them, or to get information. I certainly hope our Brexit strategy isn’t online, for instance.”
It’s bound up in the battle to exert greater influence in the cyber sphere. “Advertisers try to do this, as do political parties. But increasingly what we are seeing is some foreign powers are also interested in spreading their influence and this can be problematic.”
The notion of rogue states and criminal organisations using extortion as a means of getting hold of information, or undermining their enemies, might sound like something out of a James Bond film, but it’s a genuine issue. “The people behind these ransomware attacks have a business model and they run it as a business and they make money. It’s basically digital extortion and we’re going to see more of it.”
There are ways that ordinary people with laptops or tablets can better protect themselves, such as by making sure systems are regularly updated, taking regular back-ups and not clicking on dodgy links.
Big companies and organisations are better equipped to deal with the cyber threat, but smaller businesses are more likely to fall victim to an attack because they don’t have the same digital resources.
It’s led to fears that hackers could force people offline altogether, something Prof Clark believes is unlikely. “We’ve had cyber attacks in the news for many years now but e-commerce and e-banking have increased significantly nevertheless.
“We are deeply committed to the convenience the digital world provides and I don’t see that changing now. There are some generational aspects too – a teenager without a smartphone and social media accounts is almost unimaginable. We simply have to get on and solve the security problems at hand. There’s no turning back the clock.”
But as we grow increasingly reliant on machines controlled by computers the ramifications of these being hacked become ever more serious. “The cyber threat so far has been about data, such as banking data or medical data. But with things like driverless cars being developed could you imagine what would happen if it was possible to attack them? It’s the same with aircraft or drones, if someone could attack them it could have disastrous results.
“If you want safety you have to make sure it doesn’t go wrong by accident, but now you also have to ensure that nobody can deliberately cause it to go wrong.”
Computers are part and parcel of our everyday lives these days – we have vacuum cleaning robots and it won’t be long before we see robots in classrooms. “It’s all digitised and whenever there’s a good thing it’s not too long before someone comes along to spoil it, in this instance it’s the cyber criminals and hackers. So where at one time you had to secure the PC in your office you now need to secure the fabric of society because computing is everywhere.”
This has helped make cyber security a thriving part of our economy – the National Cyber Security Centre was opened by the Queen earlier this year – and places like Sheffield and Leeds can have a big part to play. “Yorkshire is well placed to make a distinctive contribution to cyber security, which is the biggest problem we face in the digital world at the moment,” says Prof Clark.
Those tasked with protecting the online world are going to have their work cut out as more threats emerge.
“If you go back to the early days of hackers they tended to be a lone wolf or a computer geek in his bedroom with a high IQ and nothing better to do. Since then we’ve seen the emergence of hacker groups and activist groups that often have a political agenda or a have it in for a big company and the 21st Century has seen nation states being linked to hacks.
“We’re seeing a shift in who is potentially responsible for cyber attacks and if you have nation states actively looking to see where the vulnerable points are you potentially have a major problem.
“Taking out a PC is a minor problem. Disabling the NHS, our defence network, or large parts of our advanced manufacturing base is a horrendous prospect. We need to stop that happening.”
The rising fears over hacking
Last month’s international cyber attack brought widespread disruption around the world, affecting more than 300,000 computers in 150 countries.
The head of Europol Rob Wainwright said the attack was “unprecedented in scale”.
The virus took control of users’ files, demanding payments, with Russia and the UK among the worst affected countries.
Germany’s rail network Deutsche Bahn, Spanish telecommunications operator Telefonica, US logistics giant FedEx and Russia’s interior ministry were among those hit.
A recent study from the Federation of Small Businesses (FSB) reported that two-thirds of SMEs have been a victim of cyber crime in the last two years.