Justin Skelton Managing Director of Apex Training and Development gives his view on why we need a radical approach to cyber crime.
My reading of the NHS hack is that it originated with a phishing email which was sent to an NHS member of staff who clicked on a link and somehow gave permission, enabling the email to encrypt the computer and then the system.
The lack of a patch enabled all the machines in the system to become zombies.
Let’s think about this like HIV. The person had unprotected sex and the lack of effective inoculation (the patch) allowed the virus to develop.
So putting it simply it happened because a person consented to something risky allowing the email into the system and the lack of the patch meant that the system was not equipped to defend itself.
- Human consent
- Lack of patch.
In the case of a pandemic a coordinated approach is used to blend education with inoculation and cures in order to contain and finally eradicate the disease.
We need to start looking at cyber attacks in exactly the same way.
The cure doesn’t lie simply in patches and software. This is a training issue.
I would like to ask everyone reading this article to consider how well they have been trained to identify cyber threats and also to consider when that training was last updated.
And I would urge any employee who has not been trained in information or data security to ask their boss, first thing on Monday morning, when they will be receiving that training.
We have got to start treating this like a pandemic. We need better cures but first we need better education.
Here are 5 common danger signs of phishing email:
- Urgent requests – The email request demands immediate action e.g to pay an invoice, win a prize or prevent a risk.
- Poor spelling and grammar – The email contains spelling mistakes or bad grammar.
- Anonymous recipient – The email begins with Dear/Sir/Madam
- Unknown attachments – Any attachment no matter if it comes from a trusted sender can be trusted. Upload it to: www.virustotal.com to be sure.
- Misdirection – When you hover your cursor over a link the tooltip shows a different url to the link.
Our company Apex Training & Development is accredited in ISO27001 and is a provider of City & Guilds accredited Information Security elearning. We can have employees trained at one day’s notice, so there is no reason why this training can’t be provided now.