Cyber Security

Cyber security has become one of the world’s major potential threats, both to individuals and leading companies and businesses. Last year the ransomware attacks hit banks, hospitals, and companies in 150 countries. Huge organisations were compromised, including FedEx in the US, Renault factories in France and the NHS in the UK. In Germany, train arrival and departure boards were hacked and had to be replaced by chalk and blackboards.

More recently, computer processor vulnerabilities known as Spectre and Meltdown, have emerged to possible dangers for users, and caused problems for huge providers such as Apple.

Spectre and Meltdown are the collective names for three different vulnerabilities found in the processors powering a vast number of the computing devices we rely on, including laptops and smartphones. These particular software vulnerabilities, like all others, are reported and catalogued in a database where they have a unique identifier so everyone can know when they're talking about the same problem. In this case, CVE 2017-5753 and CVE 2017-5715 are two flaws that have been collectively branded as Spectre, while another is called Meltdown.

Basically, these particular vulnerabilities come from a method called speculative execution, where a processor tries to predict what the user will do next so that it will be ready and therefore run faster. This is a feature of modern processors, rather than a bug, and it has existed for around twenty years, rather than being some new fault.

Many of the explanations of speculative execution online compare it to a drive through restaurant, in that a computer chip will essentially guess what information the computer needs to perform its next function in order to make it work faster, just like a drive through restaurant will prepare food in advance in order to speed up their service. The problem with this emerges because while the computer chips guess what is going to be needed next, that sensitive information is momentarily easier to access and therefore vulnerable to hacks. The video below explains this in a bit more detail.

Processors are of course vital to running our computerised devices, so vulnerabilities like these are obviously a worry to the individuals who use them, and in particular to the huge companies who provide them.

In terms of how this affects us all directly, however, it merely brings up the major issues of cyber security in general. Recently, managing director of Which?, Alex Neill, wrote in The Guardian: ‘your name, your email address, your home address, your bank details, your credit or debit card details…as more and more of us report sharing an ever increasing volume of our personal information online, is enough being done to keep it safe?’

Neil explains that the more information we share, the greater the risk of falling victim to data breach. This can lead to everything from needing to update all your passwords, to the more extreme cases of losing important, personal data that could have serious consequences, including leaving you at greater risk of fraud. He suggests that the data protection bill, which is currently being debated in the House of Lords, be amended to give greater protection to consumers by allowing independent companies to have more power and responsibility to protect their companies.

For now, many people feel the need to act individually to protect themselves and, in many cases, their business, because when it comes to cyber security, getting ahead of the game and understanding advancing technology is an urgent priority.

As cyber-crime rises, and with the forthcoming General Data Protection Regulations (GDPR) on 25th May 2018, South West College is offering the opportunity to learn more about this new challenge with three free sessions that will look at the common features of cyber-crime. These workshop will highlight the techniques, tools and legal requirements necessary to reduce these crimes within your organisation, and encourage participants to ask important questions: Are your systems secure, or are changes required to meet GDPR? Is your anti-virus protection as effective as it could be? What is the procedure in the event of an incident? Are your staff able to prevent information leaks? Are they responsible for them?

If your organisation is unsure on any of these questions, feel free to come along to one of these free workshops, where the crucial world of cyber security will hopefully become a little more clear.