From a cybersecurity expert: how to protect yourself from attacks
The recent ransomware attack against the Finnish IT provider Tietoevry shows how vulnerable and dependent society is on well-functioning IT systems. MDU and a large number of government authorities and companies have been affected. Hans Hansson, Professor of Real-Time Systems at MDU, answers questions about the attack and how private individuals and authorities can protect themselves against these types of cyber attacks.
What is a ransomware attack?
“Using a ransomware attack, hackers encrypt data during a breach and then try to force the affected individual or organisation to pay a ransom to get the key required to decrypt the data so that it can be used again. Given the costs and inconvenience caused, there are many indications that the affected individual/organisation pays the ransom, although there are no reliable figures on this."
Why do hackers conduct these types of attacks?
” The rationale behind ransomware attacks can vary. The obvious motive is for the criminals to extort money from the victim. But there may also be deeper motives such as gaining access to sensitive information that can be exploited in various ways, for criminal and espionage-related purposes. Ransomware attacks can also be part of hybrid warfare, as they disrupt basic societal functions."
How can hackers succeed with these types of attacks?
Hans Hansson points to several obstacles that hackers need to overcome to succeed in a cyber attack.
- Those carrying out the attacks need knowledge about the system they are attacking.
- The hackers also require knowledge about the deficiencies and vulnerabilities in the software to bypass the protective mechanisms. Unfortunately, modern software is often so complex that it is almost impossible to eliminate all the deficiencies, but as soon as a flaw becomes known, it is plugged. Then the hackers cannot use this flaw to access the system.
- Another challenge for the hacker is to get the computer to run the program that will cause the damage. In ransomware attacks, the most important thing is to encrypt data. To run a program on a computer the hacker needs to get access to the rights by deceiving the user. This allows the hacker to then run a program to encrypt data for instance.
How can a private individual protect themself?
- Make sure you update the software on your computer (mobile, iPad and equivalent) as soon as you are requested to do so (through dependable channels). By doing this you can reduce the number of vulnerabilities that hackers can gain advantage of.
- Try to avoid clicking on links or opening attachments that you are not sure of/are suspicious of. Thereby you will prevent the hacker from accessing your rights to run a program on your computer.
How can organisations and companies protect themselves?
Hans Hansson highlights three things that are essential in this regard:
- Ensure that employees understand the risks and what one can do to minimise the risks of a data breach.
- Ensure that systems are kept updated and that mechanisms that reinforce cybersecurity are installed.
- Ensure that preparations are in place to deal with data breaches when they do occur. The incident response plan should also include an analysis of how the organisation can continue even if one of the systems that is critical to the organisation does not work.
"Unfortunately, it is not possible to completely eliminate the risk of a breach, but it is possible to reduce the damage by, for example, quickly implementing countermeasures and having backups that allow the systems to quickly be restarted," says Hans Hansson.
What type of cybersecurity research is conducted at MDU?
“A large part of the research focuses on security in industrial systems and products. Some examples are security in communications networks and methods to ensure security in industrial systems. We conduct research on mechanisms to increase security, partly on methods for detecting attacks and activating countermeasures. For example, we can use AI to discover deviations from the norm that can point to an ongoing attack. In our research, we cooperate at national and European level with other universities and companies," says Hans Hanson and continues:
”Cybersecurity is a prioritised area at MDU. We have around 30 researchers and doctoral students who are researching various aspects of cybersecurity. The research area is growing and within the next year, we will have additional recruitments to further reinforce the area. In addition to research, we also provide courses and programmes in cybersecurity, at Bachelor’s level and through courses for practitioners. Our major initiative at the moment is a new Master’s programme in cybersecurity that will start in the autumn of 2024,” says Hans Hansson.