28 SECURITY FOCUS Cyber Threats
million. “Some kids do it for kudos. Or some kids from a neurodiverse spectrum might do it because they can, but they don’t understand that it’s a crime,” says Onuoha. But the hacker that is the most common is the one inside, an employee – or ex- employee – with a grudge to settle or a desire to steal or destroy a company’s assets or reputation. DEFENDING TRUST A hack can create damage to brands and real physical damage to infrastructure, but the real damage in an attack on broadcasters, Onuoha says, is to public trust and confidence. “We’ve read enough in the news to realize that there’s fake news, there are bot farms. We’re wary of that. The real danger is in breaking that highly trusted relationship with a reliable news source. Those are the attacks that undermine people’s confidence in the institutions. It’s a psychological attack,” he explains. “If there is a cyberattack on a major broadcaster in the UK or the US, it will rock people’s minds. They’ll feel like they’ve been burgled. It creates vulnerability. When we look at it from a risk perspective, it’s not that a public broadcasting service would lose advertising money – they have no ad revenue – it’s more the psychological attack, that we’re vulnerable. And no one likes to feel vulnerable.” He concludes: “Broadcasters have to take cybersecurity very seriously, because we are the stewards. Sure I have analysts and influencers I follow, but when I want to get the whole picture of the news, I go to that trusted source.”
BROADCASTERS HAVE TO TAKE CYBERSECURITY VERY SERIOUSLY, BECAUSEWE ARE THE STEWARDS
them open to being targeted. If someone is watching religious programmes, knowing that could be helpful, say, in an election. Or if everyone streamed a major world sports event and you could access their habits, you had their IP addresses – which is classed as personal data in Europe – that’s a problem.” WHO ARE THEY? The lone nut hacker seeking revenge from his basement is more often the exception than the rule among today’s cybercriminals. Attackers fall into several categories. First, there are the organisations employed or directly run by nation states. They may be surreptitiously seeking advanced information and intelligence or looking to cause disruption, or their activities may be part of ongoing warfare between two belligerents. Hacking is a clandestine activity, and rarely are its perpetrators immediately identifiable. It’s easy to hide your tracks, and false flag attacks, where an attacker claims to be someone else, seem almost mandatory. “If someone is hacking me, they may actually go through different geographical locations and it will look like someone from there has done it. It’s a borderless crime.
You can do it from anywhere,” points out Onuoha. Organised crime is another major perpetrator. These operations won’t be run by gangsters in a warehouse by the dock, but by computer science graduates from major universities. Insider trading is a big earner. At the end of last year, UK authorities began investigating reported security breaches at the Bank of England, which allowed hedge funds early access to an audio feed of market predictions. As Onuoha says: “Seconds do matter in this day and age, where you can make quick decisions and quick transactions.” Hacktivists – hacker activists – are a third potential threat. These could be anyone from activists trying to get out a message, to political operatives trying to take down a major election. Occasionally, hacks are carried out by young people or someone who doesn’t understand the impact of what they’re doing. Most of this time this is not much more than digital graffiti. But in the TalkTalk hack in 2015, a 17 year old posted details of a hole in the British telecom company’s security, which led to a major security breach and the ransoming of stolen data. TalkTalk estimated its total loss at £70
Powered by FlippingBook