Jane Gyford, Deputy Chief Constable, Cambridgeshire Constabulary on cyber security in 2022
We asked Jane Gyford, Deputy Chief Constable, Cambridgeshire Constabulary: Cyber security in 2022 – how is the threat evolving? What are the areas at greatest risk? What can we do individually and in organisations?
Social Engineering to manipulate people into carrying out specific actions, or divulging information, that is of use to an attacker is increasing for many individuals within business and personal accounts. In some cases, targeting of people who are in executive positions has been a favoured method and is on the increase. COVID-19 also became a key factor in the rise of cyber crime, which may have created a new norm in virtual criminal approaches being a much-preferred option to more traditional crime-committing tactics.
Prevention & Recovery is evolving as a fundamental component in tackling cyber security threats into the future. It is important that we take basic preventative measures such as making regular backups of important files that are not connected to your computer network and using strong passwords or a password manager.
Ransomware has led to ransoms being demanded, and in some cases paid. This is a tempting solution for large corporates; however, I would advise against it. The material that is being held to ransom may well be released back to you; however, it still remains held by criminals and therefore can be exploited further. It also allows criminals to maintain a pen-picture of those companies that are willing to pay ransoms, and therefore become softer targets in future cyber attacks. There is never any guarantee you will get your data back and your computer system may well still be infected. Two-factor authentication is a solid method in prevention of hackers being able to access accounts, and this can be a deterrent if widely used.
Finally, I would strongly advise that organised table-top events to exercise through cyber attack scenarios are undertaken yearly. This will increase learning, enhance understanding of responsibilities within each department, including individual workforce responsibilities, and most importantly, ensure that business continuity plans are fit for purpose and up to date with the current criminal methods. We are in the Fourth Industrial Revolution where velocity, scope and systems impact and speed of current breakthroughs is unprecedented. Transformation of entire systems, the global impact and keeping up with it in policing and private industry has never been so crucial to fighting crime; remember, cyber is a tool that can assist in committing most crimes.