Welcome to day two of our first Expert Week. We like to be in a constant state of learning here at UKFast, and there’s no better way to educate ourselves than spending time in the company of experts. With cybersecurity at the top of the agenda for every online business, it seems the perfect time to get up to speed with all the ways that an attack can strike.
Our second of five of experts over five days is Scott Helme. Scott is a security researcher, international speaker and author of his cybersecurity blog scotthelme.co.uk. Scott is also the founder of securityheaders.io and report-uri.io, two free tools to help organisations better deploy your security.
Here’s our chat with Scott:
Cyberattacks do happen, they’re not just a thing that happens to other organisations that you see on the news. As for hackers, their motivations for what they do can vary drastically from financial motivation to revenge to doing it just for fun.
Hackers can be anyone. They could be a single person working along or a group or organised criminals. Most of the time hackers are looking for a financial reward from their work but there are also a few politically motivated groups too.
No. Large corporations are lucrative targets but it can be difficult to attack them successfully. An attacker will always choose the path of least resistance to achieve their goal, that could mean attack large companies, small companies or individuals.
Ransomware is a particularly nasty type of malware, malicious software that somehow gets installed on your computer. Once on your compute it will encrypt all of your files and force you to pay a ransom to decrypt them or you lose them.
One of the most important things people can do is to keep their systems up to date. If you use Windows, Mac, Android, iOS or anything else, always install updates as they become available.
Ransomware is a type of malware. The term malware comes from (mal)icious soft(ware) and is any software that does bad things when it gets onto your device. Ransomware will hold your files to ransom and force you to pay to get them back.
There are various ways someone can be hacked and a lot of the risk can be reduced with good hygiene. Use a password manager to avoid having the same password on multiple services, install updates regularly, don’t ignore security warnings on devices and browse websites using https where possible.
The specifics here depend on what happened but there are a few steps that users and organisations can take. First of all, don’t panic. Establish what has happened before you take any action. Next is to prevent further damage, so perhaps reset passwords or isolate an infected machine depending on the circumstances. Once the problem is isolated and resolved, understand what happened and implement changes to prevent it happening again.
Be vigilant and question things. If an email doesn’t quite look right, verify it. If you see something that you think is a risk, raise it. One of the most valuable things an organisation can do is staff training and awareness. Empower employees to be able to take responsibility for security and encourage them to improve it.