What the Foreign Secretary’s Covid-19 Briefing Said About Cyber Security
If you are as obsessed as I am about the daily Covid-19 briefings from Number 10, you’d have heard the Foreign Secretary, Dominic Raab, make specific reference to cyber security on Tuesday 5th May. As this is something in the briefings that I actually understand (for once!) I thought I would take the opportunity to discuss it.
If you would like to read the transcript of what he said in its entirety, you can find it on the government website by searching for “Foreign Secretary’s statement on coronavirus (COVID-19): 5 May 2020”.
Mr Raab confirmed that the government is aware that cyber criminals are targeting individuals, businesses, and other organisations by deploying Covid-19 related scams and phishing emails. He referred to ‘advanced persistent threats’. These are networks of hackers using sophisticated techniques who are not specifically looking for short term gain, but instead infiltrating computer networks slowly over a long period of time. Social engineering is used in most APT attacks, a term given to when people are conned into giving out important and private information such as passwords and bank details.
Though it is unlikely that a small business will be an initial target of a world-renowned APT, the same methods are often used by all hackers to steal passwords, data or money from individuals, businesses and organisations of all sizes and it is important to know their methods and be aware that you could be at risk. As Mr Raab went on to say, making sure people are aware of cyber threats, the steps necessary to protect themselves or mitigate the harm that could be brought against them are the most important measures that can be taken against any cyber threat.
He announced that the UK National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency have published a joint warning about APTs to potential targets, specifically a warning to healthcare organisations to ensure that everyone is using a secure password, and this makes reference to ‘password spraying’ attacks where access to a large number of accounts is tried using commonly used passwords.
It is acknowledged that cyber criminals are seeking to exploit the Covid-19 pandemic through malicious cyber activity, targeting healthcare bodies, pharmaceutical companies, research organisations, and local government and whatever the objective this activity will continue and evolve over the next few months. Although Mr Raab said that the current attacks are ‘designed to steal bulk personal data’ and ‘are often linked with other state actors’ this does not mean that only the NHS or the government are at risk or that individuals or smaller organisations are immune.
Mr Raab recommended that everyone takes a look at the National Cyber Security Centre (NCSC) website for practical advice to safeguard against cyber-attacks – for example the use of passwords and guidance on trusted sources of online information relating to Covid-19. There is a very good section specifically for small businesses that he didn’t mention that I would highly recommend.
He concluded that the UK will ‘counter those who conduct cyber-attacks’, work with international partners on response to cyber threats and ‘deter the gangs and the arms of state who lie behind them’. Hopefully he and GCHQ will continue to do that very much behind the scenes, and we’ll never know what really goes on in that regard.
In conclusion, the Foreign Secretary’s briefing was probably aimed at reassuring the public that major healthcare organisations and government agencies were being given special attention during the current upturn in Covid-19 related cyber attacks, but individuals and smaller business should also take note as much of the advice is relevant to them as well.
iTeam Solutions Ltd.