Across the world, tens of thousands of organisations have been infected by a ransomware virus, causing chaos in our NHS. In London, Cobra has been convened; in Moscow, sources claim they have been worst hit; in the US, numerous companies, including FedEx, were thrown into chaos.
The virus, called WannaCry, infects vulnerable networks and, unlike other malware, can navigate to the most vulnerable machines in that network, explaining how it has spread so fast and far. WannaCry scrambles files and demands a ransom of £230 to restore them. In the UK, it has wrecked havoc in many hospitals and health organisations, some even closing to anything but the most essential care.
It is the largest public cyber attack for years and the shock of it in this country alone, targeting the NHS and risking lives, is profound. We should not be surprised though; cybercrime has been steadily growing in prominence and is becoming the new weapon of choice for criminals. It is cheaper, easier and significantly more effective than traditional methods. If you want to steal information, money or even just damage or embarrass targets, this is the most effective, modern way to do so.
Any organisation could be victim to a cyber attack; governments, banks, insurance companies and now even our hospitals. It is the reality of living in the digital age; our information and infrastructure are at risk from an attack anywhere in the world. It isn’t new; cyber crime has been the new threat for years.
And it isn’t just the new weapon of choice for ‘traditional’ criminals. Terrorist groups, foreign governments and activist groups utilise hacking. The cyber attack that released information from Hillary Clinton’s US presidential campaign last year helped to derail her (although her defeat was the cause of far more entrenched problems, starting with the candidate herself.) A similar but unsuccessful attempt was made against Emmanuel Macron’s French presidential campaign. In 2013, the Huffington Post, Twitter and the New York Times lost control of their websites after a Syrian group attacked media outlets they believed were hostile to President Assad. Then there are the activists who find it an effective protest tool, using hacking to attack corporate, religious and government websites.
Cybercrime, cyber terrorism and cyber warfare are the future. To prepare us, organisations must upgrade and improve the security of their networks. It will be expensive, but at the cost of embarrassment, lost profits or the risk to lives, like the attack on our NHS, it is necessary. All organisations have a duty to keep their consumers or users’ information secure. The UK government and others around the world must divert more resources to combat cyber attacks of all sorts. The ability to prevent and yes, carry out our own cyber attacks, is becoming an increasingly important part of the UK’s national and global security.
Improving the UK’s technological infrastructure isn’t the only part of the solution. This recent attack has struck 100 countries, demonstrating that this is a global problem and therefore will require international cooperation to solve it as well. Attacks can be carried out with deniability from anywhere in the world. We must work together with our partners to ensure that not only can we prevent these attacks but also so we can bring these hackers to justice wherever they may be.
This attack on our NHS is heartless, it has risked lives across the UK and shocked us all, but it is not the worst-case scenario. A successful cyber attack could cause a financial crisis, switch off our national defences, undermine our democracy and cause immeasurable damage to our societies. This future threat has been here for a while, action has been taken, but we have a long way to go to protect ourselves. It is time to act, with our allies, before the situation becomes more pressing and the consequences even more damaging.
Written by James Clark