To listen to the PassWord radio programme on the cyber security crisis click here
Leading cyber security experts have called for urgent action to secure the technological infrastructure of the internet which one expert slammed as not fit for purpose.
Alongside a massive and sustained ransomware attack the experts also underlined that industry practices of routinely copying blocks of open source computer code used to carry out particular tasks has left the internet riddled with vulnerabilities because the hackers have identified frequently used code and now corrupt it.
Speaking in a ground-breaking PassW0rd radio programme on ResonanceFM, Richard Hollis, a former top US intelligence cyber security official and now the head of hacking test group Risk Crew, called for urgent changes to the cyber security industry to deal with the ongoing massive data losses now being seen.
“If the objective of the cybersecurity industry is to prevent a breach, clearly, we failed. the numbers are overwhelming. We lose a couple of billion from Yahoo. We lose a billion here a billion there and suddenly you think, wait a minute, there’s just eight billion people on the planet.
“We’ve lost 24 billion records already. What are we protecting? Mathematically speaking? Isn’t the cow out of the barn? Why are we still protecting networks when we’ve already lost over 24 billion identities?” said Hollis, pointing out the irony of buying anti-virus programmes that could not protect against the criminal programmes that steal and corrupt data.
“Ransomware is a malware problem, period. If we get ransomware, why aren’t we picking up the phone and calling our malware vendor and saying, you let me down. The anti-malware solution I bought from you doesn’t work. I have ransomware,” said Hollis.
The haemorrhaging of personal data is now exploding, according to the cyber security company Secureworks, one of the companies interviewed for PassW0rd’s ‘Is the internet built on sand’, programme the losses have increased by 150%.
In Secureworks annual ‘State of the Threat’ report published last week last June researchers working for Secureworks found 2.2 m stolen identity credentials for sale on the dark web on just one day.
The company said that when it performed that same search at the same time last year the figure was a mere 878,429 user names and passwords.
Hollis’ concerns have been echoed across the board.
According to one recent figure the cost of cyber-crime by 2025 will be £9 trillion while: The cost of data breaches is growing faster than ever before.
According to IBM the average total cost of a data breach for a company reached a staggering all-time high of £3.7m in 2022.
IBM went onto add: “The overwhelming amount of revenue lost and disruption from large-scale cybersecurity breaches in the last year shows just how important it is for organisations to modernise their security practices. In fact, 80% of consumers would be more likely to engage with an organisation online if they had robust identity verification measures.”
In a series of interviews with top cyber security figures carried out by Future Intelligence and the PassW0rd radio show since September all have described a situation of utter anarchy being blissfully ignored by governments which is leading to an evaporation of public trust.
A loss of trust, that like cyber attacks, is accelerating. The 2022 Thales Consumer Digital Trust Index: A Consumer Confidence in Data Security Report, conducted by Opinium, in partnership with the University of Warwick, found that Social Media companies (18%), Government (14%) and Media & Entertainment organisations (12%) all had the lowest level of consumer trust when it comes to keeping their personal data secure.
Those speaking in the PassW0rd programme all pointed to an increasingly dangerous world caused by the active participation of nation states in cyber crime with gangs in Russia and the Ukraine being specifically highlighted due to their role in ransomware attacks that hack into databases and then encrypt them until a ransom is paid.
“A significant bulk of online criminality comes out of Eastern Europe, principally Russia, and there’s obviously much debate, particularly this year with the conflict in Ukraine over, are these criminals being tasked by the Russian state, or are they just accepted and given a little habitat to live in by the Russian state? There are definitely links, you can imagine that in mafia states no criminal organisation can survive without having some relationship with the authorities,” said Don Smith the Vice President of Secureworks Counter Threat Intelligence Unit, who added that Ukrainian hackers were also provably engaged in ransomware attacks that many see as massively dangerous to the UK economy.
According to Dr Christopher Needham-Barrett, a Visiting Professor at University College London and a speaker at the New Statesman’s Cyber Security Autumn Summit last month, all UK university’s now expect to be the victims of a ransomware attack.
The cyber crime free for all is something that now demands instant Government action due to two developments. The insurance industry’s decision in the light of the current situation to withdraw all cover for cyber attacks carried out with the participation of state actors by March of next year and the deepening trend towards homeworking.
Last month new figures revealed that 39% of office workers would not work for a company if it did not offer homeworking.
