£2.5 Million in 11 Days

Friday 1st September 2017
For Argyll & Highlands cyber-crime victims

£2.5 million is the sum that Highlands businesses lost through cyber-crime in one eleven-day window from the 19th to the 30th July 2017, according to Police Scotland. An older foray on the creator of "For Argyll " publication putting that excellent news source into initial silence and latterly a much slower mode.

Digitify records that around £500,000 of this total was stolen in a single case when the Highland Hospice care (right courtesy P&J) home became the victim of a banking scam. Investigators have so far recovered some ‘tens of thousands’ of the money stolen. CEO Kenny Steele (left) condemned the attacks: “People are horrified that a hospice could be attacked like this. It is abhorrent. They fully understand what has happened and we are acutely aware the money was donated to us to deliver the care services.

“That is why it is really sickening. Often in cases like this the victims almost blame themselves, but we would like to say that nobody has to be a victim of crime. It doesn’t matter how it happened or whether we were at fault or not, it is just sickening it happened at all.”

The Growing Threat
15 million: This is the number of malware items released worldwide every day in 2015, a number which is only likely to have increased in subsequent years. This figure forms the base of a survey of Scottish SMEs in the face of the threat of cyber-crime. The Information Security: Perceptions & Resilience report was published in 2016 by the University of Glasgow’s School of Computing Science and the Scottish Business Resilience Centre. The majority of companies questioned were small businesses: 63% of those surveyed employed less than 30 people. Yet the smaller size of Scottish firms does not decrease what’s at stake – the Highland Hospice may only be a single unit, but it lost half a million pounds.

Heads in The Sand? 
46%: is the number of respondents to the survey that had ‘no idea’ how to detect a cyber-breach once it had occurred. The report noted that most staff were aware of ‘basic security practice’, but many were unaware of the “need for a full suite of protection tools and measures”. These insights are striking, especially as the report also found that 45% of the ‘best’ i.e. most sophisticated methods of phishing – such as targeted spear phishing – now succeed. As cyber-crime methods become more effective, it is essential to develop more advanced defence tools to fight them. Courtesy left.

Nearly 50% of respondents to the survey regarded controlling access to smartphones as ‘extremely important’, yet only 20% of respondents classed updating their OS (operating systems) as ‘extremely important’. That despite the fact that out-of-date Windows XP versions were the main access points for the spread of well publicised WannaCry infection, that ravaged some 11 of Scotland’s 14 NHS Trusts. This vulnerability is probably the reason behind  
a  more recent cyber-attack against NHS Lanarkshire very recently.  The board looks after 650,000 individuals across three hospitals, yet was forced to suspend non-immediate care for part of last weekend.

Too Close for Comfort
 There were 34 reported ransomware attacks in Scotland in the past year, an investigation by The Scotsman has revealed.  Thirteen  of these were the  attacks were launched against NHS boards during the WannaCry attack, which demanded £230 per infected terminal for the release of patient’s information.

Malware that struck NHS Lanarkshire  recently did not demand payment, but opted to knock out telephone systems and staff directories. These attacks illustrate that Scotland’s cyber-landscape is a level playing field. Where larger organisations, could be expected to be more-heavily fortified than the smaller businesses, turn out to be equally, if not more, vulnerable.

51%: According to a new report issued by IT security magazine SC Media, more than half of critical infrastructure organisations – police forces, fire and rescue services, NHS Trusts, energy and transport organisations – have simply  ‘ignored’ risks that ‘short/stealthy’ DDoS attacks present. That data was compiled from a survey issued by Corero Network Security to 338 critical infrastructure organisations in the UK. The survey disclosed that 42% of NHS Trusts had not completed the UK Government’s 10 Steps to Cyber Security programme issued 5 years ago.

What We Don’t Know
39,339 is the number of cyber-crimes reported to police forces in England and Wales in the last 12 months, an increase of 50% over the previous year.
Police in England and Wales have been required to flag cyber-crime when it is reported since 2015.  Yet no equivalent rule exists in Scotland. These rises in England and Wales are an increase of 87% over figures from 2015/16, with around 85% of reported cyber-crimes going unsolved.

The Scottish Government and Police Scotland say they are working on systems to classify cyber-crimes, but until those are in place, we can only assume figures in Scotland are rising at the same rate. 

 Nearly 900 people were convicted in Scotland’s courts last year under the Communications Act in
 2015-16, 719 of which under section 127,  of sending of harmful messages. Only one person was convicted last year of the Computer Misuse Act (1990), which covers spreading malicious software and unlawful access to machines. Laws concerning fraud and the selling of illegal goods are covered in non-online laws – and do not have their own digital counterparts.

Risk management firm IT Governance has compiled a thoroughly interesting list of all recorded individual cyber-security incidents, worldwide, for this August. According to the report, August was ‘a pretty quiet month’ relatively speaking, with only 4.6 million recorded breaches, in comparison to over 140 million recorded in July. But many of the attacks are very high-profile, ranging from leaks of details of HBO’s flagship fantasy show Game of Thrones, to a voting machine company’s exposure of 1.8 million Illinois residents’ personal data post-Election.

The Safeguards
Fast, inexpensive measures are readily adaptable to even small businesses.  Cyber Essentials and Cyber Essentials Plus are official UK Government schemes aimed to provide basic protection for both large and small companies. Training schemes, which only take a few days for smaller firms, upgrade and then test companies’ strengths in the face of cyber-attacks.  Firms are subsequently awarded certification on successful completion.

Similarily,  the SBRC recently launched its SwiftPass e-mail protection service, which offers insight and alerts into potential cyber-breaches for only £5 per user per month.  Preventative measures such as patching can help immensely.  Experts claim that had the  NHS’s systems been up-to-date,  WannaCry’s spread through its networks would have been severely curtailed.

The cyber threat to Scotland’s businesses – and economy – is a deep and growing crevasse. Understanding the scope of the danger is the first step in combatting it. But businesses – and government must be willing to act on that understanding, or they will leave themselves vulnerable to an increasingly sophisticated variety of attackers.

Stuart Mackinnon of the Federation of Small Businesses said to DIGIT: “Cyber-crime is a growing threat for Scottish small firms. While our members can access cyber insurance products and advice, all Scottish businesses should ensure their systems are secure. Firms should approach Business Gateway and the Scottish Business Resilience Centre to get good advice – and most operators should look into the Cyber Essentials accreditation programme.”

To stay on top of Scotland’s business landscape against the growing global threat of cyber-crime, requires a very
watchfull eye on DIGIT’s ongoing cyber-security coverage.
 

Custom Search

Scotland, Computer News in Scotland, Technology News in Scotland, Computing in Scotland, Web news in Scotland computers, Internet, Communications, advances in communications, communications in Scotland, Energy, Scottish energy, Materials, Biomedicine, Biomedicine in Scotland, articles in Biomedicine, Scottish business, business news in Scotland.

Website : beachshore