The Year So Far In Cyber Security

As technology evolves, the potential to exploit it does too. Because of this, there has always been a symbiosis between cyber security and cyber threats, with each one spurring the other on to new heights of ingenuity and innovation. With every new challenge comes the opportunity to meet it and improve on systems and techniques already in place.

If you aren’t part of the cyber security sector, it can be tricky to keep up to date with all the different developments. With this in mind, we have put together a brief review of the year so far in terms of cyber security.

Significant breaches

April saw Russian-based attacks on critical infrastructure in the United Kingdom, United States and Australia. These so-called ‘nation-sponsored’ cyberattacks can be incredibly serious as the April attacks proved, with millions of computers being compromised. However, this threat was not limited to private individuals, meaning the FBI had to intervene, elevating this particular breach to a matter of national security.

Even more recently, this July saw fitness app Polar Flow experience a data breach that revealed the locations of “military personnel inside secret bases around the world”. This isn’t the only workout app that has been targeted this year; in February, MyFitnessPal had the usernames, email addresses and passwords of 150 million users stolen.

You can find a more detailed list of some of the biggest hacks and data breaches here but the common thread seems to be the scale on which these attacks are perpetrated, especially through seemingly innocuous sites and apps like Timehop and MyHeritage – and also their frequency. Further to this, the 2018 Cyber Security Breaches Survey found that 43% of UK businesses had reported cyber security breaches or attacks in the last 12 months.

How much does this cost companies?

Although the same survey reports that the average financial impact on businesses was only £3,100, in certain circumstances it can be far higher. This April, Yahoo! (now Altaba) was fined £35 million by the US Securities and Exchange Commission and a further £250,000 by the UK’s data protection watchdog for their serious 2004 breach.

Ciaran Martin, chief executive of the National Cyber Security Centre, a part of GCHQ, was quoted in the Independent as saying, “Cyber-attacks can inflict serious commercial damage and reputational harm, but most campaigns are not highly sophisticated.” However, he followed up by saying that steps could be taken to ensure that things like this don’t happen as regularly.

“Companies can significantly reduce their chances of falling victim by following simple cybersecurity steps to remove basic weaknesses.”

What is being done to protect our data?

Cyber security is such a huge industry and, as we mentioned earlier, one that is constantly evolving. However, there are a few key trends in the sector that are being pushed to the forefront.

• AI and machine learning
  This is an area with significant potential – that is the general consensus of industry experts, anyway. To quote a recent article on the subject, “Most are looking at using automation and machine learning algorithms in analytics or to speed through repetitive tasks, saving time and resources.” So, it perhaps has more potential as a tool than a solution and it should also be noted that AI is often used as weapon in cyberattacks, further complicating its potential helpfulness.
• GDPR
  It was impossible to miss the introduction of GDPR in May, as we all received hundreds of emails confirming whether we would like to opt in to mailing lists of companies we didn’t even know we were subscribed to. Despite all the buzz, most industry leaders are taking a ‘wait and see’ approach to this particular legislation and, as a result, it’s tricky to know exactly what impact it will have on security.
• Blockchain
  This is another word you may have heard bandied about recently but may not actually know much about. It is defined as “a digital ledger in which transactions made in bitcoin or another cryptocurrency are recorded chronologically and publicly.” There is a lot of very technical debate as to whether it is in fact the magical solution that it seems, and opinion is divided. The consensus seems to be that it may be AN answer, if not THE answer.
• The Cloud
  Most people are now familiar with encrypted, cloud-based storage and this particular storage solution is definitely here to stay. Discussion surrounding it tends to centre on how to improve its security and make sure it is less vulnerable to cyberattack through collaborative efforts throughout the cyber community.

Digital Minister, Margot James says, “We are strengthening the UK’s data protection laws to make them fit for the digital age, but these new figures show many organisations need to act now to make sure the personal data they hold is safe and secure. The government is investing £1.9bn to protect the nation from cyber threats.” This shows that cybersecurity is an important government concern and not just the remit of private companies.

If you would like to read more about the UK’s National Cyber Security Strategy, you can visit Gov.uk to read their proposed plans from 2016 to 2021 – these documents are available in several different languages for any non-native English speakers.

Interested in studying cyber security?

Find out more about Northumbria University London’s Cyber Security MSc here.