Father Christmas vs. the cybercriminals

You can bring logic into every situation. How does Father Christmas manage to deliver presents to every child in the world over one night? Tom Chivers is a man with too much time on his hands, and calculated that if we assume that Santa has to travel 342,510,000 km on Christmas Eve, and that he has 32 hours to do it (the rotation of the earth plays in his favour), then Santa will be travelling at 10,703,437 kph, or about 1,800 miles per second, all night. This assumes that he never stops and that a sleigh-mounted present-launcher shoots gifts down chimneys while moving; Clement Moore got it completely wrong in The Night Before Christmas.


If these numbers feel incredible, they are as nothing set in the context of some real world numbers which move at even faster speeds. The scale of cyber attacks is simply phenomenal. One estimate is that cyber attacks cost UK businesses £34billion each year; another of data breaches estimates that in 2015 there were 480 million ‘leaked’ records. The ONS estimated that in 2015, 2.11 million people in the U.K. were victims of cybercrime with 2.46 million cyber incidents. The scale of cyber attacks across the world’s networks is remarkable; this map, tracking live attacks, gives an incredible insight.

The very technology which allows us to be more connected than ever before, to order groceries and goods whenever we want, to talk to our families and friends around the globe, to work with students and other universities on important collaborations, also makes it possible for those who want to attack us. I wrote this blog on an early morning train and emailed it through to the University – it was easy and convenient, but it was over a public network from the train; while I was writing it, the BBC website reported that 26,500 National Lottery accounts had been hacked.

Cybercrime is already a massive threat to the reputation and financial security of organisations across the world – and that threat is growing in terms of aggression and sophistication. Furthermore, the increasing technical competence of criminals and fast-developing technological advancements mean cyber attack is now considered one of the biggest challenges to national security.

The University – a large, globally-networked organisation – is far from being immune to these attacks, and our Digital Technology Services teams have been putting huge – and mostly unseen – efforts into strengthening our defences. The problem is often compounded by a reluctance to admit to, or report, the scale of the problem: no-one likes to admit to having been caught out. Almost half of all attacks on organisations result in interruption of business operations but many prefer to keep quiet rather than reveal their vulnerabilities to prospective customers or hackers. In practice, it’s more important to report suspected incidents as they are almost always part of a pattern, and one which needs to be understood.

The University has been reviewing and reinforcing its protection – though, for obvious reasons we won’t spell out how. But there will still be successful incursions, and there are individual responsibilities both to protect ourselves online and to report things which look suspicious. Some attempts are easy to spot. Emails with misspellings, bad grammar or odd questions are tell-tale signs. The old adage that if something is too-good-to-be-true, then it is not true holds good: discovered inheritances, hugely discounted desirable goods, commission for banking money for a deposed foreign dignitary and requests to transfer money are reasonably obvious, although can be cloaked with a veneer of just-about-believability.

Attacks are becoming more professional. There has, for instance, been a dramatic rise in what are called ‘whaling attacks’ where an employee is tricked into making a payment via an email or phone call purporting to be from a senior manager. Advances in technology and a digitally-networked community mean it is relatively easy for hackers to harvest people’s contacts. Email addresses closely resembling those of the individual being impersonated are simple to set up and company identities can be mimicked convincingly. We must all be on our guard; if in any doubt at all about the provenance of an email or request, check it out directly with the sender, and then report it. The government-backed Stay Safe Online website offers some useful advice about cyber security.

You can help protect yourself – and the University – by being alert to the dangers and thinking carefully before you respond to anything if you’re not absolutely sure of the provenance. Hallam’s IT help pages offer advice dealing with suspicious emails and our IT security blog will post regular updates about the various approaches criminals might use to trick you or people you know into parting with confidential information, sensitive data or money. Students can be simultaneously extremely sophisticated ‘digital natives’ and yet naïve about the scale of the dangers; if you need to advise students about staying safe online, you can point them to the information on shuspace or tell them to check out the government-backed Get Safe Online website.

The digital world has opened up great opportunities, alongside challenging dangers. It’s critical that, as an organisation, we stay educated about online safety as cyber crime continues to develop apace. December, when online retail activity peaks, is a particularly rewarding time of year for cyber criminals: back to my opening line – which of us would really leave out mince pies and sherry for an all-too-plausible intruder?

Leave a Reply

Your email address will not be published. Required fields are marked *