It’s a question of when, not if, a major cyber-attack will happen according to Ciaran Martin, the head of the UK’s National Cyber Security Centre.
The number of attacks keeps increasing and they target different levels of equipment – from personal computers and the servers that keep the network operating to the internet-connected devices that keep power plants running.
If it’s likely that we will experience an attack, then we need to think about the impact it will have on the things we do to figure out how to respond.
For example, the first things to go down are often the major websites – the news channels, search engines and social media platforms.
We are instantly more isolated – we don’t realize how much we depend on communicating through the internet these days until it goes down.
With the networks down, the people most at risk are vulnerable ones on their own – do governments have contingency plans to ensure their safety?
Some attacks are untargeted – affecting people by infecting the systems they use, while others are targeted against specific companies or sectors.
The UK energy sector, for example, is classed as critical infrastructure and is regularly attacked as part of an ongoing campaign of espionage.
As we move to a decentralized system of energy generation and usage – with the devices that make energy like solar panels and the devices that use energy like fridges and washing machines all connected – we dramatically increase the number of devices that can be attacked or used in attacks.
That means the security processes we follow need to apply to more than just our computers but to the rest of the devices we have – and traditionally that level of security has been overlooked.
We also need to think about the information associated with these systems and where we should keep it.
For example, with the increasing use of cloud computing, we need to have access to the internet to use many services and access data.
Cloud computing specialists, in theory, should be better prepared and have the security systems and people in place to manage risks and stop attacks.
But can we trust them? Uber hid a breach and paid hackers who stole the information of 57 million of its users and drivers.
If the information was kept on a local server, however, what greater assurances do we have that it’s safe from a determined hacker?
It’s clear that there is a threat to us. And we need to be prepared for it.
As the old proverb goes – forewarned is forearmed.