Share this
by Clare Brown on November 28, 2023
2023 continues to be a busy year for cyber-security professionals. Recent news reports feature high-profile victims of cyber-attacks; from law firms, national libraries, public bodies, and private companies. Despite improvements in attack responses over the past few years, cyber-criminals have refined their methods to maximise financial rewards.
It’s not going to get any easier. The sheer quantity of guidance recently published by various government and crime prevention agencies shows the extent of the challenges everyone is facing. Examples include guidelines on AI security, guidance on migration to post-quantum cryptography (PQC), electoral manipulation, and the cyber-risks related to ongoing geopolitical unrest.
Why we should be worried about ransomware?
As we’ve seen - especially the ongoing fall-out from the ransomware attack on Allen & Overy - these attacks constitute a major threat to business. The costs go beyond the ransom demands, for instance, there is downtime, remediation, and extreme reputational damage, not to mention it being a major invasion of peoples‘ privacy.
What is ransomware?
According to the UK National Cyber Security Centre (NCSC) and the UK Information Commissioners Office (ICO), ransomware is a type of malware that attempts to unlawfully encrypt files on a host computer system.
A ransomware attack occurs when an attacker gains access to an organisation’s computer systems and delivers malicious software into the network. This software, or ‘payload,’ then makes the data unavailable through encryption or deletion. Ransomware is often designed to spread from device to device to maximise the number of files it can encrypt. The ‘ransom’ element comes from the ransom note left by the attacker requesting payment in return for restoring the data. This is usually done by a decryption key that only the attacker can access.
A recent white paper from the NCSC and the UK’s National Crime Agency (NCA) explains exactly what is going on and how we need to respond. They point out that most ransomware incidents are not due to sophisticated attack techniques, but are usually the result of poor cyber hygiene. For example, unpatched devices, poor password protection, or lack of multi-factor authentication (MFA).
Part of the issue is that IT systems are exceptionally complex and implementing effective cyber security measures and controls can be difficult. To assist, the NCSC (and other national cyber-crime prevention bodies) has published comprehensive guidance so that organisations know what to do to protect themselves - and their data.
Can ISO 27001 certification help prevent ransomware attacks?
ISO/IEC 27001 is a globally recognised standard to manage information security, which details requirements for establishing, implementing, maintaining and continually improving information security management systems (ISMS). In order to secure this certification, organisations undergo a comprehensive evaluation and audit of information systems, policies, procedures, and processes.
Having accreditation doesn’t guarantee that there won’t be attacks on your systems. Ultimately, it is your people who are your best line of defence. I feel that the most valuable part of the accreditation process is that it raises cyber-security awareness within the organisation. After all, if we are alert to the dangers, we can be more mindful of the risks. A useful article reminds us,
Individual behavior flaws play a major role in all of these hacks. Attackers take advantage of people’s willingness to trust certain requests and to mindlessly click on links or open virus-laden attachments. The human factor is assumed to be the ultimate attack target in 99% of breaches.
The combination of establishing organisational processes, ensuring ongoing training, and remaining constantly vigilant gives your organisation the security edge.
How can the library and information service help protect organisations from cyber threats?
Library and information professionals can play a significant role in enhancing an organisation's cyber-security. Have you set up a current awareness alert on the latest cyber-security trends and best practices yet? Here are other ways you can contribute:
- Information security training: You can educate people about cyber-security, emphasising the importance of recognising phishing scams, helping them understand the risks of malware, AI, misinformation and deep fakes. Librarians can also promote the importance of strong password policies, regular updates of software, and maintaining digital hygiene within the organisation.
- Develop information policies: You can assist in developing clear information policies that include guidelines on data privacy, proper usage of organisational resources, and best practices for data handling and sharing. You can contribute to strategies for protecting sensitive data, including the implementation of encryption and secure data storage solutions.
- Collaboration with the IT department: You can work closely with the IT department to align library services with overall cybersecurity strategies, ensuring that library systems are secure and that there is a synergy between information services and IT security protocols. You can also check which vendors are ISO-accredited.
- Promoting a culture of security: Are you regularly monitoring your library systems for any unusual activities? If you notice anything strange, you need to report any security incidents promptly to the relevant authorities within the organisation. Integrating cyber-security into your services and interactions with staff, library and information people can help foster a culture of security awareness throughout the organisation.
Library and information professionals bring a unique set of skills in information and resource management, education, and policy development, all of which are valuable in strengthening an organisation's cybersecurity. We encourage you to share your strategies with other information people to maintain information security in this increasingly challenging digital era.
