Recent news has revealed that Russian hackers are targeting millions of devices for a potentially devastating cyber attack, and both the UK and US urging businesses and individuals to take precautions

Russian hackers are allegedly targeting millions of devices for personal information to build a network of information for future cyber-attacks, according to UK and US intelligence agencies.

Charles Arthur, former Technology Editor at the Guardian, says, “It’s not surprising that Russian state hackers – and probably other countries – would target routers. As I wrote in Cyber Wars, amateur hackers were able to hijack tens of thousands of domestic routers to create a huge botnet running the Mirai malware. The routers targeted here are more sophisticated but their role as intermediaries in internet traffic make them an obvious target - and no software like that is bug-free.

It’s a concern that we trust so much to systems which are repeatedly shown to be insecure. It’s why encryption and the https (secure web) standards are so important.”

To help combat vulnerabilities, the US and UK advise businesses to set up basic security measures. But who is responsible for cyber security in an organistion? 

According to a study by Centrify commissioned through Dow Jones Customer Intelligence, around one fifth (18%) of senior executives in the UK and US believe the risk of compromised user credentials (mainly stolen or misused passwords) – is an HR training problem. Meaning the issue is relegated to HR depending on the serverity of the breach. 

Worryingly, the study revealed that many do not see compromised credentials as a significant risk, with 43% perceiving default, stolen or weak passwords only as a minor threat or not a threat at all to an organisation’s success. Nearly half (45%) say that a major breach due to compromised credentials would be needed for senior management to change its view on the subject. This is despite Verizon’s 2017 Data Breach Investigation Report indicating that 81% of breaches now involve weak, default or stolen passwords.

Barry Scott, CTO EMEA, Centrify, comments on ways businesses can combat this: “As we become increasingly mobile, and systems and applications more cloud-based, we must rethink outdated traditional ‘castle and moat’ security models and adopt a Zero Trust Security approach. First, we must verify the user is who they say they are, then validate their device, and give them access only to what they need in order to do their job. Finally, we must learn and adapt to what’s ‘normal’ for the user, and ask for additional authentication (or block access) when risky or abnormal behaviour is detected.”

“This is not just an HR problem, nor indeed an IT problem; it’s a company-wide issue that needs to be supported from the top down. It’s only when senior management start to address cybersecurity as a priority, that it will become integral to the business and to the workforce as a whole.”