As an IT Service Provider, we spend a lot of time talking to businesses about the risk posed by cyber threats. We don’t do this to scare monger, every IT Service Provider is at war! The 21st century has forced us to enlist in the infantry, shooting across a virtual no man’s land, at an enemy, well organised, technologically sophisticated, unseen.
The recent spat between the US and Iran is testament to how the new power of technology will be used for political advantage and warfare. As tensions have been escalating between the two countries (Here I will make no political judgement). As a response to the tension, The United States launched a cyber-attack against the Iranians missile control computers which has been described as crippling.
Homeland security in the U.S and the wall street journal are confident that Iran will retaliate, with spear-phishing strike’s back against the U.S.
Its already being reported by researchers at FireEye and CrowsStrike. Both have seen an increase in activities linked to a well-known Iranian hacking group. This is the group, responsible for an attack in 2012 that hit Saudi Government targets and destroyed 35,000 machines. No small matter.
Christopher Krebs, Director of Cyber Security and Infrastructure security Agency (CISA) has issued to US companies to take protective measures against the hackers’ common practices, including data wiping malware, credential surfing attack and spear phishing.
Uncertainty is the New Norm
This scenario isn’t unique and frankly is the normal state of things and this will affect you. Your business, however small or big, may not be a direct target, you may just fall into a political attack.
If Iran could cripple US businesses in the UK, that would be a celebrated achievement. This same rule applies to terrorists, hacktivists and other governments/Rogue States that can inflict casualties and economic challenges on others without firing a single physical bullet.
Be under no illusion, these attacks will impact each one of us. the WannaCry attack that crippled NHS systems, had a life altering impact on some UK citizens. The Telegraph reports that some 900 lives are lost in the UK due to IT failings in the NHS and cyber-attacks are a key cause.
The New World Order and Expectation
Recent studies report that 64% of SME businesses have been targeted in cyber-attacks. Some of these are probably state sponsored. However nearly 43% of companies openly admit they do not have an understanding of cyber threats.
Whilst that statistic is scary enough, there is also a common expectation that businesses don’t need to worry, as the “IT company takes care of everything”.
This means service Providers must be the generals, commanders, officers and front-line infantry. A provider is expected to protect the populous, from every threat and be prepared for every threat vector and outcome. Throughout the history of mankind, no army or empire has ever been this prepared or capable!
In addition, there can also be a reluctance from many top-level executives to approve investment in the latest defences, intelligence or combative weaponry. This poses a dilemma, If the IT provider are responsible for security can they be expected to repel the hostile forces, with an aged arsenal and no insight into enemy plans.
The truth is, we are already at war and being attacked by states and criminals. Your business will be hit at some point, even potentially as a result of friendly fire. (thanks, the US for leaking great hacking tools like Eternal Blue).
Your IT Provider should do their utmost to protect you, but you also need to be investing in Security. Antivirus won’t repel most attacks and it’s not fair to be expecting a 1000% strengthening of your cyber security without incurring some additional expenditure.
If you are looking for robust security, you will need to create a defined budgetary pot for investment and engage with companies that spend time understanding risks and emerging threats. What we face today won’t be the same in a years’ time, and a legacy approach to security will not protect your business in the long term.
“The truth of the matter is that you always know the right thing to do. The hard part is doing it.” – General Norman Schwarzkopf, U.S. Army
If you would like to understand the threats facing your business in 2019 book a free Cyber Risk Assessment call us on 0114 361 0062 or Click Here for More Information >>