What are Cyber Security Incidents?
Criminals are increasingly aware that in the modern world, theft, damage or disruption of data is amongst the most lucrative activity they can become involved in. Information can be sold on to other criminals or corporations, it can be held to ransom to extort money, and even used to directly steal money from bank accounts. Most cyber security incidents relate to this in some way, and in this article, we are going to look at some of the main types of cyber security incident, how they should be reported when they do occur, along with some examples of major events in recent years.
For a more detailed introduction to cyber security, consider taking our course on the subject. Click here to find out more.
Cyber crime can be incredibly broad in its definition, but it’s helpful to break incidents down into different categories when understanding how they happen, what their impacts will be, and ultimately how they can be prevented. The National Cyber Security Centre, which is a UK government department and branch of GCHQ, has four general definitions for incidents, and they are as follows:
“attempts to gain unauthorised access to a system and/or to data”
This is when criminals look to use the tools at their disposal to try and break their way into computer systems and networks. This can range from employees attempting to figure out passwords for restricted information, to more advanced techniques used by hackers. Note that even attempting to gain unauthorised access is a form of cyber crime - a criminal does not necessarily have to gain access.
“the unauthorised use of systems and/or data”
Following on from the previous incident, a more serious event is when security policies are breached, and systems or information can actually be accessed and used maliciously. This type of incident covers the most serious cyber crime, such as when sensitive data like bank details are stolen from servers. There are many different reasons that a cybercriminal might want to use systems or data, making this a particularly broad category, but data is often sold on or held to ransom.
“modification of a system's firmware, software or hardware without the system-owner's consent”
Many everyday internet users will be familiar with this type of incident. Malware (malicious software) such as viruses, trojans, ransomware and more are very common indeed, and come under this type of incident. These pieces of software can make many different changes to hardware or software, ranging from ransomware that restricts computer access unless money is paid, to viruses that delete data.
“malicious disruption and/or denial of service”
Criminals don’t necessarily need to gain access to data and systems that they shouldn’t to have committed a crime or reach their aims. Denial of service attacks are fairly common, and involve flooding servers and systems with lots of requests in order to overload them, which means they cannot work as they should. This might mean for instance that a criminal attempts to completely overload a website’s bandwidth, shutting it down and costing money in lost sales. Sometimes this is purely malicious, and others it can be part of a ransom demand.
Reporting Cyber Security Incidents
In the UK, there are now thousands of individuals dedicated to dealing with cyber security incidents, as part of the government, civil service and police. As a result, there are now proper channels for both individuals and corporations to go through in order to ensure their issue is recorded and dealt with if necessary.
Action Fraud is the UK’s authority that should be contacted in the event of any kind of cyber crime. You can find out more about how to report incidents here.
High Profile Security Incidents
Even major corporations suffer from cyber security incidents, and when they do, it often makes headline news, as data for many thousands of individuals can become compromised. Some of the most high profile incidents in recent years include the following:
It was revealed in mid 2017 that Equifax, one of the world’s largest credit referencing agencies, had suffered a huge breach that meant that details for almost half of the United States’ population were leaked. This included things like names and addresses, along with social security numbers and more. Several hundred thousand people also had credit card details leaked too. In October, it was also revealed that thousands of people in the UK were also affected. The incident is ongoing.
In what is likely to be the largest data breach in history, Yahoo revealed in 2016 that upwards of 3 billion of their email accounts had been compromised to some degree. The company responded with mandatory password changes, and changes to their security question system, though the full impact of the breach is still not yet known.
In 2011, hackers managed to breach Sony’s PlayStation Network and steal information pertaining to more than 70 million accounts, some of which also included credit card information. Until Yahoo’s 2013 breach, it was the largest ever cyber security incident, and Sony were forced to pay significant fines.
Even government departments can suffer from cyber security incidents, and this one was slightly different to the usual malicious attack. In 2007, it was announced that two CDs were lost, which contained details for millions of child benefits claimants, and indeed all of the children in the UK at the time. Thankfully there is no evidence that this sensitive information was ever recovered with malicious intent. It serves as an example for how cyber security can have physical as well as digital considerations. Click here to find out how our Data Protection at Work course can help you or your employees understand how to keep data safe in all instances.