Is weak cyber security making the internet more vulnerable?

As National Cyber Security Awareness Month shines the spotlight on the issue, Dr Tariq Abdullah, Academic Lead for Computing & IT at University of Derby Online Learning discusses whether the internet is becoming more vulnerable.

A year of cyber attacks

This year has seen some of the most notorious cyber attacks to date. They have become more critical and sophisticated, and have predominantly targeted corporate and government bodies.

A damaging attack of Mirai malware in 2016 transformed embedded devices running Linux software into remotely controlled ‘bots’ with exclusive access to devices. This was an indication of threats attached to evolving IoT (Internet of Things) based solutions. Low cost smart gadgets like IP cameras and home routers were remotely accessed to execute malicious attacks on target organizations.

On 27 May 2017, an IT disaster struck British Airways when an ‘uncontrolled return of power’ caused its booking system, baggage handling, mobile phone apps and check-in desks to stop operation. As a result, BA had to cancel all flights from Gatwick and Heathrow.

Again in early 2017, ransomware WannaCry unleashed its malicious attack on a global scale. In the cases discovered by The Guardian newspaper, Russian Interior Ministry, FedEx, NHS and universities in China were affected. The threat of a similar attack by a new version of the ransomware, WannaCry2.0, has also been reported, demonstrating the urgency to invest in research of cyber security analytics.

Another massive cyber-attack on Equifax, the credit monitoring agency, reported that 143 million US customers’ personal data was leaked in May 2017.

How do we stay protected from cyber-attacks?

We are entering an era of global connectivity, where even a small-scale enterprise will generate, store and process a vast amount of data thanks to access to inexpensive hardware devices and virtual technologies. But progress brings challenges, and our existing security solutions are insufficiently designed to handle the evolving threat of cyber-attacks.

We undoubtedly need a solution that can handle big data, from collection and storage to meaningful classification in the cyber space.

A calculated cyber-attack by an adversary or accidental hardware fault should be prevented with adequate measures with the least disruption to the quality of service. Security solutions should be part of the design for new projects, and existing solutions need to keep systems updated and heavily invest in artificial intelligence and machine learning to protect from cyber threats.

Artificial intelligence techniques and machine learning algorithms can detect anomalies from a vast set of data patterns or spot unusual activity based on different factors.

The unprecedented Distributed Denial of Service (DDoS) attack on the Internet Service Providers infrastructure via Mirai botnet, the hack on UK’s TESCO Bank that resulted in a loss of £2.5 million from 9,000 people, claims of Russian influence by current USA administration during the presidential election, and renewed efforts of Republic of China to guard sensitive installations from intrusion are bringing together academics, policy makers, IT experts and commercial interests in this critically important cyber security domain.

In the last quarter of 2016, International Data Corporation forecasted that cyber security related expenditures will exceed $100 billion USD by 2020 with 38% increase from 2016. The UK Exchequer alone has setup £2 billion budget that will be dedicated to a new cyber security department.

For further press information please contact the Corporate Communications Team on 01332 591891, pressoffice@derby.ac.uk or @derbyunipress

Join the conversation

  • Flavio Pastore

    A large part of major companies victims of last IT disasters are not enough protected in their own basic network system and security architecture against cyber attacks. Their hardware and software systems are old and vulnerable, so requiring right patches and updates. This does not means that these companies have to completely set up a new infrastructure, but just make “simple” updates of their old (Windows) OS , their LAN/WAN network systems and other security basic encryption rules. It is not so much expensive compared to other investments, they only need a smart use of available resources (for example Linux and other free OS might be a possible cost saving measure).

  • Muizudeen Kusimo

    Given the knowledge gap between attackers (who know of several more exploitable flaws) and defenders, it becomes imperative that the Security community needs to do more in sharing information related to fixing vulnerabilities in software and IT systems as breaches are often a question of “when a target” not “if a target” will be breached. In addition, more self-service SaaS or stand-alone products finding and fixing different types of vulnerabilities can serve as a pro-active measure for individuals and corporations to stay secure.

You might also like