It’s no surprise that in the past couple of decades hacking has been on the rise, crime in the virtual world is harder to trace and it most certainly pays, but too many of us had taken and continue to take a relaxed approach to our security which is rather alarming, most of us assume due to news reports that it was predominantly big companies that came under fire by hackers which inevitably paints a false picture. Putting things into perspective, big companies make up just 5% of all businesses worldwide. That’s not a lot of money to go around cybercriminals, and as big businesses generally have their finger on the security pulse they are usually better equipped in the prevention, blocking and recovery from ‘known’ attacks, whereas SMEs which account for roughly 400,000,000 or 95% of global businesses and account for upto 70% of all employment are not as well protected, if at all, therefore they have been up until more recently an easier target.
However, though these attacks are certainly on the rise, large groups of hackers have decided to once again pay more attention to the source of connectivity, so instead of just going after a companies in-house network they are going after a service provider such as Microsoft finding ways to infiltrate such things as Office 365 or Teams, providing the hacker with a multitude of companies, client and other data all in one hit, which understandably is a more favourable approach as it’s can take the same amount of time to access, infiltrate and the rewards are far greater and on-going, and though these tech companies are doing everything they can to protect their customers it’s usually too late and the damage is done. It now takes a hacker on average 72 hours to completely compromise a network and upto 3 months on average for the tech company to become aware of the attack and to release a patch for that doorway in. For example on 19th April 2022 Lenovo announced an additional critical patch had been released for their software following an investigation by ESET which found a compromise dating back to October 2021, ‘YES’, October last year! A whole 5 months after the event, ESET discovered serious vulnerabilities affecting more than 100 different laptop models, this was following several patches made on 12th March 2022, well if you think that in the first quarter of 2020 alone Lenovo sold over 17.4 million laptops and in the second quarter of 2021 they sold over 20 million, then there was quite possibly hundreds of millions of vulnerable laptops worldwide that could have been affected, but we just don’t know for sure and will likely never find out as just like all big tech companies seem to do nowadays, they provide little more information other than the fact the vulnerability was discovered and later patched, never truly being held accountable, and as the software is integral to the business without a like for like software available on the market, it does not bode well for the end user, in fact it leaves grave concerns when vulnerable software is being used to control electric vehicles as it will surely lead to life and death situations.
Last month (March 2022) a 19 year old tech security specialist used a third party software app to hack into 25 Tesla’s in 12 different countries, he was able to collect every bit of each vehicles data which included private information stored through the owners smartphone via the infotainment system, he was able to take full control of each car, and it’s not just the vehicles that are vulnerable to attacks, the whole EV charging infrastructure is at risk too, only a few weeks ago on 5th April 2022 all three of Isle of Wight’s charging points were hacked putting the chargers out of use and displaying pornography, which shows the drastic need for a much higher form of cybersecurity is needed for EVs and in order for consumers to feel confident enough to give up their combustion engine vehicles for an electric one, but the issue is far from straightforward to resolve as intelligence firm Mandiant along with Google’s bug hunting team Project Zero discovered from their investigations ending last year, unless a vulnerability is known about then it’s pretty near on impossible to know about it until it is brought to the software developers attention, which means that either a hacker makes you aware, or your in-house team discovers the vulnerability first, but that of course still leaves the door wide open to unknow vulnerabilities which is a real problem, like we learnt this month after Downing Street announced it was the victim of a powerful spyware security breach which took place back in Jul 2020, the British National Cyber Security Centre was unable to locate the devices in question or what data had been taken.
And as we can see nothing that is connected to the internet is safe, we have become extremely reliant upon it and therefore should take our security and backup plan more seriously. Fortunately more companies and governments are taking action but the reality is a solution is a long way off and once a solution is implemented there are usually other new threats to look to protect.
So, the answer in our view is to ensure you have an offline plan in place, a type of disaster recovery protection if you will. As much as we like to rely on the protection provided by the software manufacturer, we can’t 100% rest our laurels upon it. Fortunately there are many tools that can be easily implemented into your business that will allow us to continue to operate offline if such an event were to occur, and though this in itself may not protect the software, hardware and the data held within it, it still provides access to the all important information, and a means to move our data across to a different provider if so required. From a legal and business stance, customers will at least feel some confidence in you and your business, though certainly not an ideal situation, you are doing all that you can humanly possibly do, one of the biggest reasons why established and not so established businesses fail is due to data breaches, it’s a costly affair and even if it’s not necessarily that businesses fault that a data breach occurred, from a customer’s perspective the onus stops at your door, by adding an additional layer of offline security you can at least prove and provide evidence that no matter what the problem affecting the business is, was not your businesses fault and that their data stored with you at least is safe.
If you don’t have an offline strategy in place and would like to discuss how one could be integrated into your business, then please do not hesitate in contacting us today on: 01737 824 003 or email us support@tlptech.co.uk.
Alternatively if you enjoyed this article and would like to read more content like this then please do take a look through our blog which can be found HERE, or why not take a look through the other services that we have on offer here: