High-profile data hacks

Earlier this month, NHS hospitals in London declared a critical incident when Synnovis, a private firm outsourced by the NHS to provide pathology services, was targeted by a ransomware attack launched by a Russian cyber-criminal gang known as Qilin. In ransomware attacks, cyber gangs such as Qilin usually steal or encrypt data and demand a ransom for its return. 

Recent reports have stated that Qilin has published around 400GB of sensitive extorted data, which includes patient names, dates of birth and NHS numbers. The attack has also resulted in widespread disruption across six NHS Trusts. Disrupted IT systems have hindered the processing of thousands of blood test results and had a knock-on effect on operations. These disruptions are predicted to continue for several weeks.

Ticketmaster attacked

Other high-profile attacks this month include the ransomware attack on Ticketmaster by a hacking group known as ShinyHunters. The group has stolen personal information, including names, addresses and credit card details, of more than half a billion customers, making it one of the largest data breaches in history. 

The hacking group has demanded a ransom payment of around £400,000 to prevent the data from being sold on the dark web. This hack has been linked to Snowflake, a third-party cloud-service provider for many organisations including Ticketmaster and Santander, which also reported a hack that has led to the data of 30 million customers being stolen. 

These high-profile attacks highlight the importance of understanding how outsourcing and third parties in the supply chain can affect your organisation’s internal cyber security. Organisations should consider the increased level of risk when third parties have access to important systems and sensitive data. Having visibility of this and managing the risks, including maintaining an effective incident response plan, is fundamental to recovery. 

Organisations should prioritise the protection of their data and systems, at risk due to evolving ransomware attacks. The National Cyber Security Centre (NCSC) has noted that cyber gangs are now evolving to conduct ‘data theft and extortion only’ attacks, without deploying any ransomware to victim systems. These types of attacks are more commonly used against organisations where data privacy is vital, such as in healthcare services. 

Paying a ransom does not guarantee that stolen data will remain safe or that malicious software will be deleted from systems. Industry experts believe that paying a ransom acts as an incentive for criminals to continue to pursue such attacks. The US company UnitedHealth Group, for example, made a substantial ransom payment earlier this year. Instead, the focus of organisations should be on prevention and growing cyber resilience, and as we highlighted last month, NCSC has issued joint guidance with the cyber insurance industry urging discipline in the refusal to pay ransoms. 

AI-enabled cyber security

Research conducted earlier this year by Microsoft in Collaboration with Goldsmiths, University of London, found that in the face of more sophisticated and frequent cyber attacks, 39% of organisations in the UK are still at ‘high risk’ of cybercrime and likely to be unprepared to mitigate or respond to attacks adequately. 

The report noted that only 13% of organisations in the UK can be classified as ‘resilient’ in cyber security performance. What differs between these organisations is that ‘resilient’ organisations are more likely to be secure by design and are increasingly investing in tools using AI that can detect and respond to cyber-security threats, while ‘high-risk’ organisations are still largely tech-averse.

Indeed, AI is playing a vital role in enhancing cyber security. Earlier this month, Google announced plans to launch a new cyber-security product that uses the underlying Gemini 1.5 Pro large language model to analyse code, suggest methods to disable attacks and create threat reports for businesses and boards to assess the risk and impact of attacks. 

Furthermore, AI-focused cyber-security start-ups that are enhancing threat detection and response are gaining increased interest among investors. Seven AI, which is developing an AI-powered cyber-security system for organisations, announced that it has raised $36 million in funding for this solution. More widely, cyber insurance companies are also investing in AI-based systems for real-time risk assessments. 

It’s important that businesses don’t fall behind and that senior stakeholders can assess how AI investment may create opportunities to improve their cyber resilience. NCSC’s Board Toolkit is a useful resource that covers how organisations can view cyber security strategically to ensure this area is given appropriate investment against other competing business demands.

It’s also important for staff, including finance professionals who are often targeted by cyber criminals, to upskill their skills and knowledge of AI. ICAEW members can learn more about the basics of generative AI in ICAEW’s Finance in a Digital World e-learning course.

Heightened risk ahead of election 

The National Security Strategy Committee has warned the UK government that there is an increased risk that hostile foreign actors could interfere in the upcoming general election by targeting public institutions with ransomware attacks and spreading misinformation using deepfake technology. 

Along with campaigns to cause disruption, cyber-security experts are predicting a rise in scams, including the use of phishing emails to steal sensitive information and fraudulent requests for donations in the guise of fundraising for political campaigns. 

The NCSC and the US’s Cyber security and Infrastructure Security Agency have issued guidance for high-risk individuals, including elected officials and non-profit and civil bodies, with recommendations on how to mitigate cyber interference with limited resources.

It is also recommended that organisations and staff continue to remain vigilant. Take Five is running a national campaign to provide individuals and businesses with a toolkit to identify fraud where criminals may impersonate trusted organisations through emails or phone-calls.

The NCSC has also published new guidance on how to prevent business email compromise from phishing attacks, which recommends reducing your digital footprint and implementing two-factor verification. The NCSC’s 10 steps to cyber security also helps organisations adopt important security measures to prevent and minimise the impact of cyber-attacks.

Want to learn more about cyber security?

Visit the ICAEW cyber security webpages.

Got an interesting cyber story for us? Email techfac@icaew.com