Jennifer Arcuri is a certified ethical hacker, and founder and CEO of Manchester’s soon-to-launch Hacker House, which aims to educate the industry on the cyber security threat
In the past year, the police and media reports have gone wild, and word has spread across the industry — cyber attacks are at an all-time high and scaling.
Through our vulnerability penetration testing and consultancy work, the team at Hacker House has seen a rise of ransomware exponentially, now peaking within small businesses across the UK.
The ugly thing about ransomware is that it spreads, mutates and can learn how to outsmart your system. Malware enters through an insecure network, just one web application left open and running — with one compromised trust boundary. That means just one computer in a colony of secure computers can be the broken link that undermines the entire network.
Failing to set up security properly within your company can stagnate and ultimately paralyse your business. And all it takes is one computer.
And then you get the ugly note.
“Please pay HERE [with bitcoin] within 24 hours to decrypt your files.”
What a waste of energy and resource for professionals who have no time to worry about the integrity of their data. The only feasible option to decrypt your files is to pay the cyber criminals and plan a better strategy moving forward.
After all, it’s only a ransom of £1000 — it’s ‘do-able’ for most companies.
But what next?
The problem with paying cyber criminals is that you never know what you don’t know.
Who’s to say they won’t leave a back door on your server so that in a few months’ time, they claim the right to re-ransom your files again? And because you’ve paid the first time, chances are, you will pay again.
Then there’s the problem of accountability. Who’s responsible? Is it the job of law enforcement to trace route packets for every case? Is it the facilities management company that is paid a monthly fee to set up and manage emails and Wi-Fi? Or is it simply the company’s fault? And if so, how do they ensure their network is secure from now on?
Isn’t there an app for that? Instead of the same circular conversation around what automaton tool you can use to defend your perimeter or access encrypted files, there is an inevitable need for human skills. When setting up security infrastructure you can’t rely on one automated tool. There are too many attack surfaces and way too many vulnerabilities.
You need hackers
Automation saves a lot of time and is very beneficial. However, at the end of the day, you need people who know how to break in — your business needs hackers. Hackers are fundamental to the internet’s immune system and a key ingredient to your security. Hackers are the only ones who will accurately test where your vulnerabilities are and point out where weak links exist or form inside your business.
Securing a network is not just about an intrusion detection program, another firewall, or a VPN redirecting traffic. Because of the burgeoning threat exposure through the IoT and shared economies, both nurturing vulnerabilities at scale for both business and government, there is no other way to drive solutions more effectively than to empower skills.
Despite all incredulous naysayers, the market will force a focus on new ways of thinking. ‘Hackers’ will actually be seen as alchemists versus mischievous basement dwellers.
Hacker House, the cyber campus for product, innovation and skills has started security consulting on such topics. Our team of ethical hackers service large corporates to small startups and witness the same trends across the board.
In order to effectively address the root of the issue, we have to start mandating awareness for how a digital economy transforms our personal and professional security and online data.
One of the core values of Hacker House is the notion of ‘buon pastore’ — being a good shepherd — not just to our friends, families and team, but to our devices.
Guard your devices online and don’t wait for that note to arrive in your inbox.