Cybercriminals 'will not stop attacking businesses'

Companies should prepare for the inevitability of a cyberattack as criminals develop increasingly efficient ways to infiltrate networks, according to experts.

Speaking on a panel discussion at London’s IP Expo 2018, Claire Albois-Galcoix, marketing director at Yubico, a password security provider, warned the audience that ransomware attacks such as the Wannacry outage in 2017 should now be considered part of the everyday threat landscape as criminals widen the scope and scale of their operations.

“These attacks are never going to away, it’s numbers game, a quantity game”, she said, explaining that large scale hacks which compromise internal data are easily replicated by criminals in different networks making use of the same lines of code.

“They don’t need to be more sophisticated, they don’t need to be clever, they just need to find the weakest link,” she added.

Potential methods for combatting the threat include more authenticity controls and password changing as part of a company’s “cyber hygiene” regime, the panel agreed.

Doug Howard, vice president of global services at RSA, suggested that treating all compromises as an inevitability was a “fallacy”, but said that the more companies prioritise fixing patches and updating systems, the safer they will be if an attack hits.

“The bad guys are going to go after the obvious thing first”, he said, adding: “Focus on the most basic thing in your network first."

Howard commented that the issues enterprises experience around security tend to be less a question of technology and more of people, with staff needing to be constantly taking steps to reduce the risk of a compromise- a process he called “incrementalism.”

Adam Brady, systems engineer at cloud computing security company Illumio, agreed, pointing out the importance of reducing applications and software only to those which are essential for the running of a business.

“Zero trust is good hygiene," he said, noting: “I only have the things I need for my application to work.”

Given the rising probability of hackers attempting to gain access to systems, David Atkinson, chief executive of cyber defence artificial intelligence company Senseon, said it was important for businesses to leverage information advantage and continuously improve knowledge in order to stay one step ahead of the hackers.

The panel suggested that the rise of automation may also have a role to play in bolstering network security.

“Anything manually done is high risk,” said Howard. “Automating it is not risk free, but…a machine is going to do what you ask it to do."

Their warnings came on the day that British and Dutch authorities claimed to have traced the source of cyberattacks on the UK foreign office computers at the Porton Down military research facility and the Organisation for the Prohibition of Chemical Weapons (OPCW) to Russia’s GRU intelligence services.

Announcing the findings, prime minister Theresa May and Dutch prime minister Mark Rutte said it was the first time authorities had “exposed” the hostile acts of the Russian military intelligence services in cyberspace.

Responding to the claims, the Russian embassy in London said the announcement was “irresponsible” and accused the UK of spreading “crude disinformation".

At a press conference in the Hague yesterday, Peter Wilson, British ambassador to the Netherlands, also detailed attempts by GRU agents to disrupt the investigation into the shooting down of Malaysia Airlines Flight 17 (MH17) in 2014.

Mr Wilson described the GRU as a “well-funded” unit of the Russian state and said it had been acting “aggressively” across the world “with apparent impunity”.

    Share Story:

Recent Stories


Banking's GenAI evolution: Beyond the hype, building the future
In the first episode of a three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech explores how financial institutions can navigate the transformative potential of Generative AI while building lasting foundations for innovation.

Beyond compliance: Transforming document management into a strategic advantage for financial institutions
In this exclusive fireside chat, John Rockliffe, Pre-Sales Manager at d.velop, discusses the findings of Adapting to a Digital-Native World: Financial Services Document Management Beyond 2025 and explores how FSIs can turn document workflows into a competitive advantage.

Sanctions evasion in an era of conflict: Optimising KYC and monitoring to tackle crime
The ongoing war in Ukraine and resulting sanctions on Russia, and the continuing geopolitical tensions have resulted in an unprecedented increase in parties added to sanctions lists.

Achieving operational resilience in the financial sector: Navigating DORA with confidence
Operational resilience has become crucial for financial institutions navigating today's digital landscape riddled with cyber risks and challenges. The EU's Digital Operational Resilience Act (DORA) provides a harmonised framework to address these complexities, but there are key factors that financial institutions must ensure they consider.