Bedroom hackers ‘bigger threat than Russia’
GOVERNMENT departments should be more worried about teenagers hacking from their bedrooms than state-sponsored cyber-terrorists, the Information Commissioner has warned.
In a speech to the heads of the Civil Service and other public bodies, Elizabeth Denham said that most breaches were preventable and bosses should consider the reputational damage as well as financial losses. But rather than panicking about rogue states hacking into their systems, departments and public bodies should plan to protect themselves against teenage boys who attack simply to show that they are able to, the regulator warned.
“We make a mistake if we throw up our hands and worry about state-sponsored attacks – we know those are rare,” Ms Denham said.
“You should be worrying about the malicious kid in his bedroom who hacks in to your system because he can. Or the opportunistic thief who understands the value of the data you hold and knows how to get his hands on it. Because you left the door wide open.”
There is rising concern about the impact of a state-sponsored attack on Britain’s public services, particularly from Russia. Boris Johnson, the Foreign Secretary, recently warned the Kremlin that Britain would react in kind to any cyber attack.
In reality many of the most high-profile attacks have proven to come from much less powerful sources. Kane Gamble, who is awaiting sentence, was just 15 when he gained access to the computers of America’s top spy chiefs, including the head of the CIA, from his Leicestershire bedroom.
Ms Denham told the Association of Chief Executives and the Public Chairs’ Forum that despite complaints about resources in the public sector, cyber breaches such as the Wannacry attack on the NHS cost more in the long run.
The international ransomware attack disrupted more than a third of trusts in England and saw 6,900 NHS appointments cancelled. Ms Denham said: “I ask you to consider the risks. Think of the true cost of a cyber breach, for example. It will cost you money but it will also cost you your reputation, trust and social licence. This is collateral damage. Yet most cyber breaches and attacks are preventable.
The high-profile attacks on Talktalk and Carphone Warehouse would not have happened if they had put rudimentary protections in place. And if NHS systems had been patched and up to date, they would have been protected from Wannacry.”
The EU’S General Data Protection Regulation, a framework with greater scope and much tougher punishments for those who fail to comply with new rules around the storage and handling of personal data, will replace the Data Protection Act in May.
Ms Denham said that the new regulations brings the legislation “in line with our 21st century world”.
“It gives greater control to people about how their data is used and it compels organisations to be transparent and account for their actions,” she said during the speech on Friday.