To be worried about cyberattacks?

[Plateofcrumbs]

After the M&S cyberattack and now JLR, both of which have/are taking months to resolve, AIBU to worry about the possibility of an attack on more critical infrastructure?

What would happen if say our main banking systems were attacked? Or the systems that pay people’s benefits? Are they vulnerable to attack in the same way? There must be many other systems we rely on which I’m not even aware of!

The banks will never admit to being got at .
NHS trusts,Air travel, supermarkets, councils,the tube system have all been attacked.More damage can be now done without firing a bullet.
On a personal level protect your online presence as much as possible as for the sophisticated attacks on the above there's no point worrying yourself about those.
I'd like to think Britain repels more attacks than the successful ones.

I’m not worried about it in the sense of losing sleep,more musing about the risk of an attack that has a massive impact on our lives.

Ah see where you're at now.
Yes everything that we need to run out lives/the country being got at in one-way or another is concerning.
National cyber security has been a concern for some time.

Our not out.

It is a worry, We’re so reliant on technology nowadays that a small closure of systems would be a disaster.

My DS’s best friend works in banking cyber-security. He is completely paranoid, and never uses anything but cash. He won’t give his personal data out to anyone. I think it speaks volumes about how vulnerable we all are.

Or the computer systems that run our power stations, national grid, gas supply, water supply and treatment plants.......yes, I am scared.

I promise I don't wear a tinfoil hat,do others suspect when there outages with all manner of services that they maybe being prodded to find vulnerabilities?

Of course you are not being unreasonable - but where have you been for the last however many years? None of this is new.

There have been a lot of major ones recently. M&S, the Co-Op, JLR, Transport for London, and now Heathrow and other major airports... One of the saddest ones I read about was a smallish firm that had been around for 100 years or so, but couldn't survive a cyberattack and went bankrupt. In one sense the effect of these ones is just money, but it can affect people's livelihoods, costs for consumers, inconvenience in travel (could be a day lost from your holiday, or it might mean missing the start of a cruise, or a wedding or funeral). But yes, I think national security is at risk too.

Don't forget too, that cyberattacks are only one part of IT issues - there are also simple failures and incompetence, like the PO scandal.

I think what has surprised me with the attacks on M&S and JLR is quite how long it’s knocked their service out for - obviously it’s costing them millions so they must be throwing everything at trying to fix it, and yet they can’t.

I guess for obvious reasons it’s all quite opaque about exactly what has happened and how it has had such a catastrophic impact, but as a non-techy person it’s hard to understand how a cyber attack can do catastrophically shut a system down.

Do you think it’s just luck that attacks that have had potential for more widespread disruption (like Heathrow) have been short lived, or do they just have more robust systems?

The TfL one took ages to resolve but at least it didnt actually stop anyone travelling.

I work for a cyber security software company. If it's any consolation, the banks spend millions/billions on protecting themselves from attack and, crucially, putting measures in to receovwr quickly when they are attacked, and have done for many years. So your money/the economy is reasonably protected.

Public sector is the worry. NHS has been pummelled in the past so they are getting better, but local government (and even central government!), schools, universities and smaller firms are incredibly vulnerable as they just havent spent on cyber defence (or can't).

Big old institutions like M&S, JLR got conplacent. That will change now I think. A bigger chunk of profits will go into employing third party experts to run security, rather than trying to do in house.

Personally I just spread things across multiple accounts amd institutions and hope for the best. There is very little individuals can do unless you are willing to live almost off grid, onlybuse cash etc.

Theoretically more crucial services like air travel will have had more spent on them over past years in terms of cyber resilience (prevention and recoverability) than the place you buy your underwear... this will change now of course as shareholder profits massively hit.

Thanks I was hoping to smoke out some experts!

Interesting you mention the public sector - I was idly wondering what kind of civil unrest you could end up with if the Universal Credit system packed up. I would like to think that it is fairly resilient. I did some work for the DWP a few years ago (on completely non-tech related stuff) and they had the most restrictive rules around cybersecurity and data protection I have ever encountered - I guess that’s probably justified!

Good security is expensive. Even worse, it's annoying and gets in the way. The only time most companies take security anywhere near seriously enough is in the 12-18 months immediately after they've been hit. And then budgets get whittled away, audits get taken less seriously, and more and more weaknesses are introduced because some senior member of staff thinks that they're special and the rules don't apply to them.

What really got me was that one of the attacks (if I’m not mistaken) was carried out by teenagers. I believe the JLR one? Either they are highly advanced hackers or JLR are poorly protected

The teenager thing is interesting. To cut a very complex thing short, they no longer need to be computer geniuses. Ransomware and malware software is big business now and is basically sold on the dark web amd commoditised for ransomware groups to buy and use as individual tools. So all these groups like Scattered Spider etc who are disaffected teens, pissed off Russians/Ukraniams or just in it for the extortion money or whatever are, largely (it is widely thought) using software and tools actually coded in places like N Korea (China?) where they've been siphoning off clever kids for decades into coding farms to constantly come up with new ways to get in, disguise activity, compromise backups etc. (Apologies to any clever Russian/Ukranian coding hackers, I'm sure you're out there too).

I think stopping them getting in is pretty much a lost cause now, they only have to be right once etc etc. Protecting sensitive assets from exfilitration better once they get in and having things in place to shutdown and reconstitute everything in a timely manner when they've trashed stuff is where much of the effort is now. It's much more about nicking sensitive data now as well for blackmail as well as stopping operations - so as well as stopping people being able to return stuff to M&S or order a new car at JLR they will have furtled around before detonating the attack and got spreadsheets with the CEOs salary details on, payroll data, customer credit cards etc as that is doubly valuable - extortion and then sold on. They often come back months later with more demands once the company is back up and running again as they drop snippets of sensitive documents on their drop sites and threaten to release more.

The worse thing I saw was a local council that had all kinds of spreadsheets and documents just dunped on relatively unprotected file shares and they published autopsy results and pictures and a vulnerable children spreadsheet which meant that scheduled visits to those children by social workers were missed. Thats the really damaging stuff imo.

DWP are among the better govt depts in terms of spending on cyber resilience I believe ....

Local councils, disrupting local elections etc, bin collections, I think that has big potential for civil unrest.

What is the motivation for doing it? Is it extortion, sponsored by foreign governments or just mindless vandalism because they can?

My crude understanding was that a lot of attacks were ransomware type situations and organisations largely pay up as the cheaper option than getting trashed.

So in situation where systems have been totally trashed like M&S and JLR, do you think that was the objective of the hackers (rather than extortion?)

The motivation for most of these attacks is money. The hackers aim is to gain control of IT systems and lock the owners out unless they pay a ransom.

For every attack you hear about in the news there will be 10 more where the company involved paid the ransom and the problem quickly went away. This is why so many affected appear to be in the public sector. Those organisations cannot pay a ransom. The government simply cannot be seen to do so.

At this point it’s like locking up your bike….just make yours a bit harder to crack than most of the others. There are never any 100% safe systems without more than the business that relies on them are willing to spend.

Even more worrying is an attack on water and electricity provision…

Yeah, money is the obvious one. Commercial organisations dont have to report an attack publicly so its difficult to know true scale. I'm not convinved that most pay up nowadays though, most organisations have cyber insurance now and many of those policies forbid paying too and only payout if they dont pay up. Paying seems pretty pountless to me also as even if you get a decryption key that works, that's slow and not guaranteed to work and probaby too late and you likely have no idea what they stole while they were in. I dont think they ever give spreadsheets back, or even if they did, you wouldn't know if they had kept stuff to expose later. There are tools now for protecting and tracking document movements and protection being used increasingly to try and protect against infiltration.

So given that some of it has to be for disruption and sabre-rattling purposes I think. I think certain states like to make other states know, look what we could do on a much bigger scale if we wanted to. Stopping local elections or disrupting patient care has little finacial value I think as those institutions can't pay ransoms, and yet they are the ones being hammered at the moment (that we hear about).

exfilitration I mean! i.e stealing documents and IP.