The cybercrime heist

In the movies, our protagonists spend 30 minutes preparing for a heist, operating within a slim margin of seconds. To keep the tension high, they always seem to complete the mission with milliseconds left to spare. But in the world of cybercrime, things operate on a vastly different timeline and scale, making it a relentless and unyielding force. Ultimately, no system can ever be deemed entirely impervious to determined attackers. Recent breaches against the UK government underscore the reality of this persistent threat.

10,000 customers’ data exposed in UK government breaches

Recent data breaches within UK government departments have potentially exposed the information of over 10,000 customers, according to Apricorn, based on annual Freedom of Information (FOI) responses. Disclosed in early May 2024, the figures reveal alarming statistics regarding breaches reported to the Information Commissioner’s Office (ICO) by HM Revenue and Customs (HMRC) during 2023. HMRC reported 18 breaches, involving sensitive data from personally identifiable information to financial details.

The Driver and Vehicle Licensing Authority (DVLA) saw breaches rise from 19 in 2021 to 278 in 2023, indicating significant vulnerabilities in security protocols. The House of Commons reported 41 incidents, and the House of Lords reported eight. Jon Fielding of Apricorn highlighted the inevitability of breaches due to the valuable data handled by government departments and stressed the need for robust security measures.

Device losses were also significant. HMRC reported 1015 lost and stolen devices, including 583 mobiles and 428 tablets. The Ministry of Justice misplaced 653 devices, while other departments reported substantial losses. Fielding emphasized the importance of robust backup plans, especially against ransomware attacks, given the sensitive data involved.

The government can't even get it right.

A never-ending heist

Now, what if our movie heist from before never ended? Instead of one grand break-in, the criminals are constantly outside your door, probing for weaknesses, day and night. This is the reality of cybercrime.

Consider these statistics:

• 50% of UK organisations have experienced a cyber attack in the past year.
• The global cost of cybercrime is expected to reach $10.5 trillion annually by 2025, up from $3 trillion in 2015.
• Ransomware attacks increased by 70% in the UK in the past year, with the average cost of a ransomware attack being $1.08 million.

Attackers use automated tools to scan for vulnerabilities continuously, testing thousands of systems simultaneously. Eventually, they will find a weak spot. Unlike traditional criminals who are limited by geography, cyber attackers can strike from anywhere in the world. This global reach means attacks can be launched around the clock, exploiting time zone differences and work patterns. Cyber attackers are highly resourceful and innovative, constantly evolving their tactics.

When one method is blocked, they adapt and find another way in.

The inevitability of vulnerabilities

No system is perfect. Despite the best efforts of cybersecurity professionals, vulnerabilities will always exist. Modern IT systems are incredibly complex, comprising numerous software components, hardware devices, and network configurations. The sheer complexity makes it virtually impossible to ensure that every single element is secure.

People are often the weakest link in cybersecurity. Whether through social engineering, phishing attacks, or simple mistakes, attackers frequently exploit human error to gain access to systems. Zero-day exploits, which are vulnerabilities unknown to the software vendor and not yet patched, can also be used by attackers to breach systems before anyone even knows the vulnerability exists.

Targeted attacks and persistence

When an attacker targets a specific organisation, they bring a level of persistence and dedication that can be particularly hard to defend against. The recent breaches against the UK government highlight how attackers can be tenacious. They often spend a significant amount of time gathering intelligence on their targets, understanding the organisation’s structure, identifying key personnel, and mapping out the network.

Advanced Persistent Threats (APTs) are a type of attack where the intruder establishes a long-term presence on a network. These attackers can remain undetected for months or even years, slowly exfiltrating data and weakening defences. Determined attackers will use multiple vectors to gain access. If one method fails, they will try another, employing a combination of phishing, exploiting software vulnerabilities, and using stolen credentials.

The cybersecurity playbook

Given the relentless and inevitable nature of cyber threats, organisations must focus on mitigation rather than prevention. Here are some key strategies:

• Layered Defence: Implement multiple layers of security controls to protect against different types of threats, including firewalls, intrusion detection systems, and endpoint protection.
• Regular Updates and Patching: Ensure that all software and systems are regularly updated and patched to fix known vulnerabilities.
• Incident Response Planning: Develop and regularly test incident response plans. Being prepared to respond quickly and effectively to a breach can minimise damage.
• User Education: Educate employees about the dangers of phishing and other social engineering attacks. Regular training can help reduce the risk of human error.
• Continuous Monitoring: Implement continuous monitoring to detect and respond to suspicious activity in real-time, using Security Information and Event Management (SIEM) systems and threat intelligence.

Embrace the challenge

While it may seem disheartening, acknowledging that no system is entirely secure is a crucial step in bolstering defences. Cyber attackers are relentless, resourceful, and persistent. By understanding the nature of the threat, organisations can adopt a more resilient approach to cybersecurity, focusing on mitigation and rapid response. The recent breaches against the UK government serve as a stark reminder that vigilance and preparedness are paramount in the ongoing battle against cybercrime.

In the end, think of cybersecurity like a game of chess against a grandmaster. The moves are endless, the strategies complex, and the stakes incredibly high. But with the right defences in place, you can stay one step ahead, turning your organisation into a fortress that, while not impenetrable, is formidable enough to deter even the most determined attackers.

“You don’t have to run faster than the bear to get away. You just have to run faster than the guy next to you.” ― Jim Butcher