Malware:

Short for malicious software, this is an umbrella term used to refer to hostile or intrusive programs designed to infect harm on a computer.  It can include viruses, worms, Trojan horses, ransomware, spyware, adware, scareware and other intentionally harmful programs.

What you need to know about the malware threat

In Quarter 3 in 2017, the biggest number of the quarter was the count of new malware, which reached an all-time high of 57.6 million new samples, an increase of 10% from quarter 2. Source: McAfee.

In May 2017 the NHS was attacked by the WannaCry virus which encrypts data on infected computers and demands a ransom payment to allow users access.  35% of NHS Trusts were believed to be disrupted.  The investigation into the incident led to this blunt summary:

“The WannaCry cyber attack had potentially serious implications for the NHS and its ability to provide care to patients. It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice. There are more sophisticated cyber threats out there than WannaCry so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks.”  Amyas Morse, head of the National Audit Office, 27 October 2017

What are the chances of my business being attacked?

Higher than you might think.  The obvious target for cybercriminals is banking information – credit card details and passwords but you may be surprised to know that basic account customer information alone can fetch a good price on the black market. Cyber security cannot remain on a business ‘to do’ list.  It is vital that you take action to defend your business from cyber attacks.

Specialist IT firms, like Heliocentrix, have moved swiftly to arm themselves against this ever-growing risk to business – particularly in the light of the new General Data Protection Regulations (GDPR), coming into force in May 2018.  These regulations update the current Data Protection Act. Within these updated rules, a business that handles ANY personal data about individuals, can be prosecuted for not storing this data securely against attack.  It doesn’t matter how the data is stored – paper, local servers or in the cloud.  If your business does experience a data breach, it must be found and reported to the ICO within 72 hours.  The penalties for non-compliance are fierce.

What does the future hold?

We can expect to see a volatile stage in cyber security with new threats appearing every day. The tit-for-tat battle between defenders and attackers means that you need to protect your business from any potential for disruption. With the high growth in connected devices that we are putting in our homes and businesses, we are under constant surveillance. We may be sharing far more about ourselves than we would ever wish to. We predict that some corporations may weigh up the risk of being caught against the profits they can make with intrusive data capture, and that discoveries of corporate snooping will be making the headlines in 2018.

March 2018 FIRST UPDATE

London based firm Cambridge Analytica stands accused of violating its privacy policies by using harvested private information from the Facebook profiles of more than 50 million users in the US without permission.

What did they do wrong? The company worked on Trump’s presidential campaign developing a powerful software programme to predict and influence choices at the ballot box during the last US election. They are accused of using the data from these profiles that they should not have had access to. They then used online social media and advertising to target users to ‘move them to action’ during the election. Facebook has suspended the account for investigation and has issued a blogpost stating that Cambridge Analytica had certified this information had been destroyed back in 2015. Cambridge Analytica has defended its actions as legal.