Navigating the Challenges of Cyber Security: Tips and Insights

Hello and welcome to my AI newsletter, aimed at breaking down the AI news in Health and Social Care, into a bite sized, easy to understand newsletter..

If you’ve been forwarded this, please join nearly 4,800 people and subscribe here so that you receive future newsletters straight to your email inbox ??

I am conscious of this amazing community I have created through this Caring Bytes Newsletter, but also the responsibility that comes with this. I thought I would take a moment to not write about AI per say, but about some steps you can take to navigate cyber security challenges in the current business landscape

In this modern digitised world, the threat of cyber incidents are increasing which affect the corporations at large. These incidents, ranging from data breaches to system infiltrations, can have long-term and far-reaching consequences. Identifying the severity of these threats is crucial. Criminals are capitalising by exploiting the speed, convenience and facelessness of the internet to commit crimes.

What is a cyber attack

It's useful to group attacks into two types: targeted and un-targeted.

Un-targeted cyber attacks

In un-targeted attacks, attackers indiscriminately target as many devices, services or users as possible. They do not care about who the victim is as there will be a number of machines or services with vulnerabilities. To do this, they use techniques that take advantage of the openness of the Internet, which include:

• phishing - sending emails to large numbers of people asking for sensitive information (such as bank details) or encouraging them to visit a fake website
• water holing - setting up a fake website or compromising a legitimate one in order to exploit visiting users
• ransomware - which could include disseminating disk encrypting extortion malware
• scanning - attacking wide swathes of the Internet at random

Targeted cyber attacks

In a targeted attack, your organisation is singled out because the attacker has a specific interest in your business, or has been paid to target you. The groundwork for the attack could take months so that they can find the best route to deliver their exploit directly to your systems (or users). A targeted attack is often more damaging than an un-targeted one because it has been specifically tailored to attack your systems, processes or personnel, in the office and sometimes at home. Targeted attacks may include:

• spear-phishing - sending emails to targeted individuals that could contain an attachment with malicious software, or a link that downloads malicious software
• deploying a botnet - to deliver a DDOS (Distributed Denial of Service) attack
• subverting the supply chain - to attack equipment or software being delivered to the organisation

How will I know if I am being attacked?

It is important to be aware of the signs to look out for to determine if you have been attacked or hacked. These are the usual tell-tale signs that you or your organisation have been attacked:

1. Strange user activity (such as logging in at non-office hours, from abnormal locations, or from several locations in a short period of time). ???
2. Usual files, applications, or services cannot be accessed. ???
3. Accounts have been locked or the passwords have been changed without your knowledge. ???
4. Files or software have been deleted or installed, or the contents have been changed without your involvement. ???
5. Suspicious pop-ups load when you access the internet, or unknown files or programmes appear. ???
6. Slower than normal internet speeds due to a spike in network traffic (or computers “hang” or crash). ???
7. Abnormally high system, network, or disk activity (when most applications are idle). ???
8. Files have been unexpectedly encrypted and cannot be accessed. ???
9. Programmes running, turning off or reconfiguring themselves that cannot be traced back to a source of approval. ???
10. Emails sent automatically without the user’s knowledge. ???
11. No control over functions of the computer (e.g., in instances whereby devices can be controlled remotely, or computers get locked and display messages coaxing users into paying a ransom).

How should I respond to a cyber incident?

When a cyber incident unfolds, the initial response can considerably have an impact on the extent of damage and the speed of recovery.

Here’s an in-depth look at the immediate response steps:

1. Initiate emergency protocol: Initiate an emergency protocol to isolate the breach and prevent further infiltration. Examine the scope and method of the attack by conducting a preliminary investigation. This rapid reaction is pivotal in controlling the spread and impact of the breach.
2. Engage with Cyber Insurance: Review your cyber insurance policy to understand its scope, ensuring it covers the current incident. Immediate communication with your insurer can provide guidance on the necessary steps and help recoup certain losses.
3. Activate Business Continuity Plans: Implement your business continuity plan to ensure essential operations remain unaffected. This plan should outline the procedures to maintain critical business functions, even in the face of a cyber incident, thus minimising operational disruption.
4. Implement Disaster Recovery Plans: Activate your disaster recovery plan, aimed at restoring affected systems and data. This plan should detail the recovery process, prioritise system restoration, and outline data recovery methods, ensuring a systematic return to normal operations.
5. Learn from the incident: After the incident, it’s important to; review what has happened, learn from any mistakes and take action?to try and reduce the likelihood of it happening again. Not only is it important to review your technical controls after the incident, it is also a great opportunity to review and implement staff awareness or training measures to help develop your staff’s security culture.

Reporting the incident to wider stakeholders

Once a cyber security incident has been resolved, formal reporting will often be required to both internal and external stakeholders.?There are certain incidents that?you're legally obliged to report?to the Information Commissioner's Office (ICO), regardless of whether your IT is outsourced.?Check the ICO website to find out which incidents require this .? Other regulatory?bodies which you belong to may also require you to report a breach.?

Always remember that a cyber attack is a crime. Report to law enforcement via?Action Fraud ?or through Police Scotland’s 101 call centre.?The NCSC strongly encourage the reporting of a cyber incident;?many go unreported because of personal embarrassment. However, if a cyber incident has been committed against you, someone else may have suffered a similar crime. The more individuals report, the more likely it is that perpetrators will be arrested, charged and convicted.?

It’s important to keep your staff and customers informed of anything that might affect them (for example, if their personal data has been compromised by a breach).?Make staff aware of any incidents at a time that is proportionate to the effect of the incident. So, if you have experience a minor incident out of hours, is it proportionate to contact staff in the middle of the night? If relevant, contact your customers as soon as possible through the most appropriate channels.

You might want to consider seeking legal advice if the incident has had a significant impact on your business and/or customers. If you have a cyber insurance policy, they will be able to provide you with more advice.?

Further Resources:

A special shout out to the following organisations for this content:

Creative Networks : https://www.creative-n.com/

National Cyber Security Centre : https://www.ncsc.gov.uk/ - be sure to check out there resource page here

Ministry of Health (Singapore) : https://www.moh.gov.sg/ - whilst they may not be based in the UK, they have some great tips and awareness pieces on their website.

Remember, if you’ve been forwarded this, please join nearly 4,800 people and subscribe here so that you receive future newsletters straight to your email inbox ??