18 May 2017
Two years ago, in our Vision 2015 document, we asked the question: “How well prepared is the world to counter the growing threat of cybercriminals?” The answer then was insufficiently, and latest developments appear to suggest that the answer hasn’t changed.
Since we wrote that piece, hacking has emerged in various forms. We have seen many thefts of client data, including, for example, passwords and bank account details, which have dealt enormous reputational damage to the companies involved, although it is rarely made clear how that data has been exploited. Worryingly we have seen hackers intervening in politics, with the hack into the Democratic Party’s e-mails possibly changing the course of American history. Another high-profile problem has been distributed denial of service attacks, which effectively flood a web-site or e-mail account with traffic, making it unusable. Last Friday’s WannaCry virus has taken the problem to a new level.
Ransomware, where the hackers demand payment to allow users to re-access their systems, is not a new phenomenon, but the scale of this attack is unprecedented, not only in its size but also in its global reach. The fact that the UK’s National Health Service was a victim is also something of a game-changer. This is not some faceless, multi-billion dollar “fat cat” corporation which many might feel could easily afford to cough up and make the problem go away. This is a cherished (even if often maligned), cash-strapped institution which underwrites the nation’s health. Reports that cancer patients were denied their chemotherapy and that some operations were halted in mid flow are alarming. This incident will massively increase awareness of the threats and, in all probability, raise spending on defences.
It must be said that the NHS appears, in initial reports, to be somewhat complicit in its own fate by using antiquated computer systems and failing to update security despite numerous warnings. We can learn from this. It is very easy to become complacent about one’s own personal on-line security. Make passwords more resilient, back up important data and never open a dodgy looking e-mail, especially one that purports to come from your bank or HMRC, two favourites of the “phishing” community. Businesses and individuals alike need to prioritise spending in favour of defensive measures. My feeling is that it is this sort of spending that is weighing on productivity growth, but it seems to be unavoidable. Other similar examples are airport security and any number of health and safety measures