Yorkshire is waging a war on criminals who could wreak havoc on the UK s economy. Sometimes it pays to be slightly paranoid . In an age when crippling cyber-attacks can be launched from a teenager s bedroom, there is much to be said for creating a chain of distrust to protect yourself and your colleagues. A Yorkshire seminar about the rise of ransomware a type of malicious software designed to block access to a computer system until a ransom is paid heard that many firms still needed to take tougher action to vet files and data that could have been sent by criminals. Earlier this year, more than 300,000 computers in 150 countries were infected with the WannaCry ransomware virus after a cyber-attack crippled organisations, government agencies and global companies. The NHS was also badly affected . Some 47 trusts in England including a number in Yorkshire and 13 Scottish health boards were compromised when the virus targeted computers with outdated security.
This crisis provided food for thought when experts in the field of cybersecurity gathered at the Leeds head office of smart telecommunications business aql, whose CEO, Dr Adam Beaumont, is the regional business champion for CiSP, the Cyber Information Sharing Partnership. CisP is a national initiative operated by CERT, the Computer Emergency Response Team, which is part of the Cabinet office. One of the speakers, Thomas Chappelow, the director of Leeds-based Nimbox, a provider of cloud-based secure file collaboration and storage tools, said companies could make ransomware attacks pointless by securing data in a chain of distrust . He said companies should never take for granted where a file has been. Stuart Hyde, the regional leader for CiSP, who was appointed by aql, said there was every likelihood of further attacks, although not necessarily of the same type as the attack which hit the NHS. He said: It s a call out to say these types of attacks can occur and there are lots of things you can do to protect yourself.
Attacks do take place in Yorkshire and the Humber, but luckily we ve got quite a good level of skills to be able to tackle some of those. A number of Yorkshire firms are doing their bit to thwart cybercriminals of all sizes. The Leeds-based technical marketing agency SALT.agency has expanded its services into cybersecurity by releasing a CyberScanner service. CyberScanner is a tool designed by SALT.agency s in-house team which has the ability to scan and analyse websites to test thousands of security vulnerabilities. John Ward, director of operations at SALT.agency, said: Yorkshire is a diverse and forward-thinking region that s attracting some of the most talented people in the industry . It stands the chance of becoming a leader in cybersecurity.
However, he warned that many sizeable businesses were still being complacent about the issue. He said: There s always going to be some sort of hole in the net that will let in the sharks and of course, the bigger the net, the more damage there is going to be. He believes that many leading professionals are unaware of the risks of using unsecure wifi in public places. He recalled: A member of our team set out to simply capture all the wifi signals in a well-known coffee shop in Leeds, to see what we could discover . We found about 85 per cent of all the traffic that came from laptops was unprotected, so we could see exactly which websites they were visiting, and over 72 per cent of the mobile traffic was the same. Although the majority of people were looking at websites like the BBC and LadBible, two per cent contained sensitive information including websites, passwords and other personal information.
Although a number of people use VPN apps (virtual private networks) to communicate, there are still a surprising amount of people who don t. There might only be a handful of companies dedicated to cybersecurity throughout the region, but it s the damage prevention that will really help the economy grow . Cybercrime cost UK businesses 29bn last year and that s not acceptable . Businesses close and people lose their jobs because of preventable security flaws and mild negligence . Take those issues away and we re set for a bright future. David Wall, professor of criminology at Leeds University, believes that smaller SMEs sometimes lack computer security awareness.
He said: Nation-state attacks tend to be on infrastructure, like utilities and other services . Britain seems to be well equipped to counter such attacks, although you do not hear about many of these. Businesses and organisations can be attacked, but they do seem to have, or they are developing, business continuity plans . The recent WannaCry ransomware attack was a major wake-up call with regard to cyber-attacks in the region. Prof Wall believes Yorkshire has built up a critical mass of talented people who can send cybercriminals packing. He added: We have a history of developing experience in this area . Don t forget that we have had a number of major online banking and finance businesses in the region for many years, and the security experience from these has helped motivate others to think about cybersecurity. We have also had the two main universities in Leeds working on different aspects of cyber-security. It is now 20 years since Leeds University first started researching and teaching cyberlaw and cybercrimes, subjects that have remained popular ever since.
Leeds Beckett has recently developed a cybersecurity unit in its computing department and there is also expertise in Sheffield Hallam University. David Porter, the cybercrime investigator at Yorkshire & Humber Regional Cybercrime Team, added: The businesses I have interacted with across the region take cybersecurity seriously, and invest heavily in their systems, processes and people to safeguard personal data, business infrastructure and their clients. Recent events in the UK have tested organisations and businesses, but it s a testament to their approach to cybersecurity that there has been minimal impact in Yorkshire.
Yorkshire s businesses are increasingly exposed to cyber-attacks, accidental breaches, and an ever-changing regulatory environment, according to Thomas Chappelow of Nimbox, which specialises in protecting confidential data. Mr Chappelow said: According to the Government s 2017 Cyber Security Breaches Survey, just under half of all UK businesses admitted at least one cybersecurity breach or attack in the last 12 months . This number rises to two-thirds among medium-sized and large firms . In short, cyber-breaches affect most businesses. We are living in an age of big data , whether we re prepared for it or not . We re all collecting more and more data, without necessarily adapting our business systems and processes to protect.
We started our company in Yorkshire, because we saw an opportunity to tap into the huge pool of both qualified and aspiring and I dare say, underused cyber-professionals in the region . In Leeds, we have access to three university cybersecurity centres, filled with academics who produce valuable research into the issues we re all facing; a vibrant technology hub; and a specialist police unit that helps businesses to fight back against the tide of attacks.
Technology is making it easier to trust strangers
Or, at least, they used to . As memes go, that image macro of a pup propped up with its paws on a keyboard, masquerading nominally as human, sits somewhere on the Venn diagram between twee , nostalgic and things from the internet your kids don t remember and will judge you for . The 1993 New Yorker cartoonist originally responsible for the gag, Peter Steiner, couldn t possibly have guessed more how hot-button an issue anonymity and trust online would become: as bored script-kiddies, organised crime gangs and multi-billion-dollar government agencies sprouted, flowered and burst like cyber-spores onto an unsuspecting internet targeting everyone and their nan (especially the nans) with schemes designed to exploit trust . The more we rely on devices for the day-to-day running of our lives, the lower we dangle like fruit for criminals. Folks who have been tasked with cybersecurity have been, for the past few decades, building defences using a model of isolation, says Allison Miller, product manager in security and privacy at Google . But what s happening with technology today particularly consumer technology is that we are becoming interconnected.. . People have become the new target . As opposed to, for example, all attackers focusing on getting into sensitive enterprises to get their corporate data, there s a lot of bad behaviour that ends up getting focused on users.
Miller and the Google security team are building the tools that gently (or in some cases, urgently) steer users safely away from sites that might have been designed or compromised to install malware or phish for personal data . Perhaps the most readily familiar example of the team s work is the joltingly all-red Chrome warning screen: the page a user is diverted to should they stray, unwittingly, into dangerous territory. It s an example of why internet users need unseen security teams working on their behalf: as online attack vectors become more and more numerous and sophisticated, the average user can t keep up.
And that s a problem that doesn t just apply to individuals: while the enormous, household-name internet companies can afford to throw diamond after gold brick at protecting their data (even then not always successfully), smaller companies rely just as heavily on consumer trust, and have to decide how much budget to allocate to it from comparatively thimble-sized pots.
“Institutional trust was not designed for the digital age”
That s the question of the ages: how do you determine how much to invest in security ? says Miller, of the line between protection and paranoia for smaller companies . And that is not something I can answer simply.. . It s worth it to sit down and figure out what is most valuable to you, what you have that might be most valuable to folks who would do ill or might potentially take advantage of you.
The complexity rises as you go from being an individual to being an organisation, but unfortunately.. . I think large enterprises are in the best position to find experts who will help them identify what s at risk and how to protect it. Whatever their size, companies that misjudge the allocation of resources for security (or are just unlucky) stand to lose more than just client information and money . Data dumps of user info as any former Ashley Madison3 member might tell you also cost companies a second digital currency: trust .
Human nature doesn t scale up well to the company that, through bad luck or negligence, is ultimately responsible for your credit card details ending up on a mile-long list of account numbers and sort codes swapping back and forth on the dark web . We trust companies like we trust friends: you get screwed over once, and it s an uphill battle to win you back. Institutional trust was not designed for the digital age, says Rachel Botsman, author of What s Mine is Yours and the upcoming Who Can You Trust?, on how trust translates into the digital world . If you think of risk mechanisms, whether that be the way we think about government, or regulation, or insurance contracts, they were all designed during the industrial revolution and haven t really evolved that much . So when we talk about institutions rebuilding trust, there is this belief that we can go back to this institutional era of trust that was very opaque, very top-down and very decentralised. The interim solution is already here, albeit in nascent form: trust scores . Ebay, Amazon, Airbnb and TripAdvisor already rely on them . In lieu of knowing a stranger in person, we trust a combination of star ratings, reviews and numbers . The mass decentralisation of the internet forces us not to trust a single stranger, but an aggregate of them: a web of dozens, hundreds or thousands of strangers .
As it is now with the auctioning of celebrity autographs or the buying of an impregnable sub- 20 pop-up tent, so it will be with banks, public institutions maybe even governments. I think these rate and review systems are inevitable, and I think these will be the tools that we use to assess trustworthiness, Botsman says . I m not saying that should be the goal . Trust is highly contextual.
If the goal is to increase trustworthiness, whether that s a corporation or an individual, you ve basically got two ways of doing that . The old way was through legislation and regulation, which led to more standards and more compliance . I m not saying that s going to go away . But the other option is: how do you provide information that empowers individuals to assess trustworthiness themselves ? And that s what I think we re in the very, very early stages of figuring out. All of which neatly covers two extremes on a spectrum .
If you re a one-person business a consultant or freelance-anything your trust score will be on your CV right below your name . At the other end: if you re a million-or-billion pound enterprise and slip up, there s no cushion like cash . The question is: what about the people in the middle ? Where is the room for experimentation, failure, progress, if the internet s web of strangers turns against your company in its first week? I think that small businesses are in an interesting spot, because they don t necessarily have the investment or the technical expertise of an enterprise, but they have to think like an organisation, says Miller . They have to think in a different way to individuals, and to me: that s where the biggest gap or question mark in cybersecurity is today.
Want to know more about the cyber threats of the future ? WIRED Security 2017 returns to London on September 28 to discuss the latest innovations, trends and threats in enterprise cyber defence, security intelligence and cybersecurity .
AUGUST is a good month for break-ins, because many of us leave our homes unoccupied while we hightail it to Tuscany or Torremolinos . But a remotely controlled security camera back home can be as good as – or better than – a house sitter. The current fad for home automation products has spawned a raft of cameras that record what is going on and allow you to access the footage from wherever you are . They don t actively deter intruders but they do arm you with the evidence if you need it . More importantly, perhaps, they provide some peace of mind when home is far away. All of them work in more or less the same way, connecting to the internet and uploading footage to a cloud, from where it can be accessed by PC or phone . Most have sensors that can start recording when movement is detected, and some can be panned and swivelled remotely.
But while the technology is similar, the business models of the manufacturers vary greatly . In particular, some require you to pay a monthly fee to record and play video; others include everything in the purchase price. Recording and playing back your footage is a must for practical use . Any camera will let you watch live, and many will alert you when they detect something, but unless you can search and see events retrospectively, your evidence will vanish into the breeze. Less essential but still useful features on some models include the ability to store footage on an SD card in the camera itself, and two-way audio to communicate with someone back home. All security cameras have companion apps that let you watch footage on your phone, but the design and functionality of these varies enormously . The market has matured greatly in recent years, and the interface of my BT Smart HomeCam from 2014 seems rudimentary now. The Evo range from Y-Cam is among the newer entrants to the market, offering seven days rolling cloud storage of video clips for the first three years, as part of the upfront 129 . The range includes indoor and outdoor models, and can he had as bundles at a slight cost saving.
It is by selling you more than one camera that manufacturers try to lock you into whatever subscription model they are offering . The outlay is too great for you to replace them all and go elsewhere, they figure . But there are also advantages to you, since you can view and control all your cameras from a single app, like a security officer in a shopping mall. Security cameras typically record video in high definition, though not necessarily the highest available, and HD recording tends to be used as a sales incentive . In fact, for security use the definition hardly matters – the ability to compensate for bright sunlight and to shoot clearly at night is far more useful . A lens with a wide field of vision is also worth having, so you can position it without blind spots. Where to place these cameras is an art in itself . Nearly all need mains power, and it s a challenge to run cables discreetly along walls without compromising the view . It s also worth bearing in mind that if the power to your home is cut, so is the video feed.
Your intended use for a security camera – child minder, pet monitor, web cam – will dictate the functions you need, but even from those few examples, it s plain to see how easily they could become part of your life.