After a wave of cyber attacks that struck the world this week, Oxford experts have called on governments and computer users to take cybersecurity seriously.
The attack, which started on Friday and affected businesses and public bodies across the globe, including NHS hospitals and GP surgeries in Oxfordshire, has left victims and experts wondering who was responsible for the failure to stop the breach.
Responding to the cyber threats, Peter Knight, chief information and digital officer at the Oxford University Hospitals NHS Foundation Trust, said that security measures were in place to protect systems: “Our strong security measures are holding solid.
“We continue to closely monitor the situation and have asked staff to be vigilant. Protecting patient information is our top priority. “We understand that NHS Digital has set up a dedicated incident line, and suppliers are working to find solutions to this ransomware outbreak,” he said.
Dr Ravishankar Borgaonkar, Research Fellow at the Department of Computer Science, told Cherwell: “The whole incident shed light on the speed with which we are making our society digital and spending less on making them secure”, blaming the attacks on the “poor management of networks”.
Andrew Martin, Professor of Systems Security at Kellogg College urged onlookers not to “blame the people who click”, arguing that rather than blaming the unscrupulous individual who clicks on a malicious email attachment, society should respond to such attacks by improving its security programming.
As well as this, he discussed how modern systems must not be vulnerable to attacks that exploit one individual’s momentary inattention.
Speaking to Cherwell this week, Professor Martin said: “Security experts have been anticipating things like this for years”. He called on the rest of society finally to take expert warnings seriously.
However, striking a tone of mutual responsibility, Professor Martin also conceded that it was up to experts like him to “redouble their efforts”. He argued that the excessive expectations of many experts had contributed to warnings being ignored.
Professor Martin warned of increasingly dire consequences, if the issues continue to be neglected. Appliances from ovens to medical equipment are increasingly being connected to the internet, forming what is known as ‘the internet of things’.
This trend means that cyberattacks will increasingly be able to cause damage that is physical rather than just informational, Professor Martin warned.
“Internet of things devices are potentially dangerous in a way that our old-fashioned information systems and file servers are not. What if all the dashboards on the M25 suddenly demanded a $300 payment?”
Not only are such devices capable of more harm if hacked, they are also more vulnerable to attack than conventional devices: “We’re rapidly deploying millions of new devices whose typical security characteristics are rather worse than those of a PC 15 years ago.”
No breaches of the Oxford University network have been reported.
Professor Martin praised the cybersecurity of the University, listing up-to-date systems and an enviable number of excellent staff among the system’s strengths: “Many organisations would be jealous of our numbers”.
The professor of Systems Security went on to counsel against complacency, however, and recommended that students should not be afraid to ask difficult questions about how their data is handled.
Colleges have reminded students to remain vigilant and to make sure that their devices are equipped with the latest anti-virus software and that their operating systems are also kept up to date with the latest protection software.
The weekend’s attack on the NHS was not exclusive to the UK. FedEx were also targeted, as were Deutsche Bahn, Germany’s rail network.
Security software manufacturers Avast say they have seen 57,000 infections in 99 countries.
