- Security TWENTY
- Women in Security Awards
What can CIOs learn from Channel 4 drama, The Undeclared War? asks Ian Wood, Senior Director and Head of Technology, UK and Ireland at Veritas Technologies.
Channel 4’s popular drama, The Undeclared War, has brought the issue of cyber security to the forefront of the nation’s consciousness. But how realistic is the portrayal of a malware attack and what lessons can businesses learn from the show? There are four areas where the show really helps to expose the risks of ransomware that CIOs might benefit from taking notice of:
1. The biggest impact of ransomware might not come right away
In the show, GCHQ believes that it’s dealt with the risks that came from the malware that attacked its systems and moves on, only for more, and bigger attacks to follow. This is absolutely the model that hackers try to follow. Once ransomware has breached a company, it will move laterally through the IT network as the hackers look for valuable assets to attack. Often it will lie dormant in previously unexploited parts of the network while the hackers wait for the optimum time for a second or third hit. An early ransom payment will often earn a company the reputation of being a good ‘mark’ for future payments.
2. People are the biggest risk for introducing malware
In early episodes of the show, we’re introduced to disaffected members of the GCHQ team who are shadowed as potential weak links to be compromised by the hackers. We also meet Vadim Trusov, a Russian citizen and unwilling member of the FSB team who offers counter-intelligence to the British. It’s nearly always easier to use social engineering tricks – or plain old bribery – to get malware into an organisation than to try to penetrate the network by force. It’s also a reminder that even the most-educated people can sometimes fall down on security best practice, as characters uploaded data to high-security devices from USB drives and click unverified shortlinks.
3. Hackers can have serious impact even when attacking peripheral platforms
When the hackers in the show want to cause issues with the election, they don’t go straight for the vote-recording systems themselves. Knowing that these will have the highest levels of security, they focus instead on the less-well protected environments that can often have just as big an impact. In the plot, the hackers target the exit polls, creating the impression that the election has been stolen. However, they could have just as easily targeted party-supporter databases or tactical-voting websites to sow discord. Businesses too should be thinking about where the weak links are in their networks and supply chains – whether that’s the apocryphal network-connected air conditioning system or a vulnerable API.
4. The main reason for a ransomware attack is to earn money
It’s really easy to think of hackers like pickpockets: criminals who simply want to make some easy money through nefarious means. However, not all ransomware attacks are about money at all. In the Undeclared War, of course, the motives are clearly political. In fact, they mainly use the term ‘malware’ instead of ‘ransomware’ though it’s clear that they are first the subject of an encryption, then an exfiltration attack. Understanding that there can be more to these attacks than money is an important lesson to learn for all businesses if they want to keep themselves protected. Hackers may be in it for the glory if they take down a big security company, for revenge on an entertainment company for cancelling something they love, or simply out of spite for a disgruntled employee. If you’re only protecting against one kind of attacker, then your data is at risk.
Of course, there are themes in the show that we should all take with a pinch of salt too.
1. An organisation like GCHQ would have significant backup plans
The team on the show seem to go all out to decrypt the data that gets attacked in the first incident to hit them. A more likely approach would be for the GCHQ team to go an immutable copy of their data that they could restore, rather than trying to decrypt the information. For most businesses in the real world, decryption can only follow the payment of the ransom and, in most cases, will take a very long time to recover only part of the missing data.
2. There’s far too much reliance on individuals
Of course, in a crisis situation like the one depicted on the show, there would be a response team working on the issue. However, there’s also a significant role played today by Artificial Intelligence and Machine Learning to identify and rectify issues through Autonomous Data Management. There was little or no mention of this in the show, perhaps since it’s not the most visually engaging activity to show on screen – and since it doesn’t fit the narrative of the plucky individual out to save the day.
The Undeclared War should be applauded for raising serious cyber security issues in front of a nation of viewers. And, there are certainly some important lessons to be learnt. But, as ever, don’t believe everything that you see on TV!