Cyber Attacks On Personal Information - An Ever Increasing Problem.
"The PC has improved the world in just about every area you can think of. Amazing developments in communications, collaborations and efficiencies. New kinds of entertainment and social media". Here Bill Gates expounds how technology encompasses our lives and how it has revolutionised all we do. However, with this liberation comes vulnerability. The rise in computer-based crime has made the work of internet security essential to Governments and organisations across the globe. The more information we impart, the greater the levels of liability and the risk of fraudulent and disingenuous activity. The internet has revolutionised how we go about daily tasks. We can now do our banking, shopping, stream music, videos, play video games online and communicate with one another. As we go about doing such tasks, we disseminate personal information such as our name, address, date of birth, home address etc without the thought or worry of being deceived. We are also relying on companies to store and protect this data from malicious attacks and data breaches. If these were to take place you could suffer from identity theft, phishing attacks, blackmail/extortion or even worse.
In mid-2018 the payment details of up to 380,000 customers from transactions with British Airways were compromised. Names, email addresses and credit card details including card numbers, expiry dates and CVV codes were stolen by the hackers. According to cyber security expert Professor Alan Woodward at the University of Surrey it is likely that the hackers were able to implement a script onto the British Airways website (https://www.bbc.co.uk/news/health-43795001). As customers entered their details this script harvested and copied the data. This is known as cross site hacking. It is an attack on a webpage where a vulnerability allows an attacker to input a malicious script discretely.
There are a number of methods a hacker can use to gain access to and steal your data, whether this be by attacking you or a company. One commonly known method is phishing attacks. This is where emails are sent to people typically impersonating a well-known and reputable company or person, with the hope of a naive user inputting their personal information. Another possible aim of some phishing attacks can also be to install malware onto a system. This is another method used by hackers. One type of malware is ransomware. This is where a user or company is blocked from accessing their data. The hacker will effectively hold the data hostage with the aim of the victim paying a large fee. Failure to do so would then result in a public posting of the information. The data is often encrypted and therefore makes recovery very difficult. In May of 2017 the NHS fell victim to this type of attack. Hospitals and Doctors surgeries were unable to access patient records and as a result nearly 20,000 hospital appointments were cancelled (https://www.bbc.co.uk/news/health-43795001). In some cases doctors were even unable to treat patients as they had no way of knowing their medication, dosage or allergies.
The theft of personal information can have a number of impacts on both users and companies. Firstly, is that customers/users can become victims of identity theft as their data could be used for activities such as loan applications. With this inevitably comes distress and discomfort. Furthermore, with financial details often being stolen it is not uncommon for them to also see unauthorised credit/debit card spending. As for companies, with the GDPR coming into full effect as of May 2018 the consequences are increasing and becoming ever harsher. Companies are susceptible to fines under GDPR, evidenced by Yahoo who were fined £35 million after failing to declare a data breach from 2014. There are also the ramifications of financial loss, damage to reputations and a loss of trust and loyalty from customers.
These types of incidents are continually on the rise and we need to be better equipped to handle them. Security on the Internet has been neglected for too long. We need to increase awareness and educate people on common signs to look out for. A sudden slowing down of a system, unexpected changes to directories or even files suddenly disappearing could all be a sign of a malware infection. There are also a number of other preventative measures that can be taken. Stricter control on access to data, more advanced firewalls and anti-malware software, intrusion detection and by updating software regularly.
Cyber Security is an area of computer science that I find extremely interesting. There is an increasing demand worldwide and it is an ever changing environment. It is necessary to evolve quickly and the result is that you are constantly learning and developing your skills. This area of work is not only fascinating it is also extremely rewarding and provides a great deal of personal satisfaction. The battle against cyber crime is never ending as new technology continues to emerge.
