Latest Posts

Latest Comments


Why ‘Year Zero’ isn’t going anywhere


Posted by |

This month, WikiLeaks published what it says is the first instalment in a series of leaks on the US Central Intelligence Agency (CIA). This release, called ‘Year Zero’, includes over 8,000 documents and files exposing the scope and scale of the CIA’s hacking tools, including malware, viruses and trojans.

The announcement from WikiLeaks raises some key concerns; if the CIA has lost its hacking arsenal, how has it lost it? Who has it lost it to? And, will there be more ‘zero day’ attacks as a consequence?

Although the public files do not include the weapons themselves, it’s truly worrying how this highly sensitive information was able to be compromised in the first place. What would happen if these cyber weapons get into the wrong hands? Cyber security is vital to the relationship between a government and its citizens as it helps build and maintain trust. Simply put, if a government is not able to keep its data safe, it is failing the people of its country.

The news comes in the wake of Chancellor Philip Hammond’s announcement of his strategy to spend £1.9 billion over five years to tackle cyber security. When revealed in last year’s autumn budget, it was welcomed by many. However following these latest developments there must be more transparency on how these funds will be spent. Although certain elements must remain confidential, the government must provide clarity and demonstrate it is acting to protect against any type of similar infringement happening again, while also investing in protecting against attacks.

WikiLeaks has stated it will refrain from making the cyber weapons public and will only share them with tech companies willing to ‘sanitise’ the viruses. However, there will always be a risk of further leaks and until then we must all expect further zero-day attacks in the future. A recent report by the National Crime Agency and National Cyber Security Centre reveals ransomware is already a significant and growing risk to businesses as more devices are targeted by hackers. As virtual currency Bitcoin is at an all-time high compared to last year and will likely continue to grow, this type of attack will become an increasingly attractive proposition for cyber criminals. So, with a predicted 21 billion devices used by business around the world to be connected by 2020, it is more important than ever for companies to prepare themselves for any type of cyber-attack.

The first step for businesses is to ensure they have the basics right in terms of managing infrastructure – make sure you have an accurate asset list, ensure everyone has least privileged access so that any potential ransomware attack can be controlled, and also make sure your security strategy includes patch management. Depending on the size of the business and if you offer remote working, it’s also crucial to consider who has access to sensitive files and what training they’ve had. This could minimise the risk of unintentional cyber threats which could be caused by an employee simply opening an email from an unknown sender. It’s vital to raise awareness internally of what threats look like and the dangers they possess.

The frequency and complexity of cyber-attacks are at an all-time high, and the publication of ‘Year Zero’ by WikiLeaks has been another stark reminder of just how vulnerable IT systems are and the potential damaging consequences. While we await the repercussions of the leak, we all must expect to see attacks in the immediate future and therefore must prepare for them now before it’s too late.



Post a comment

Comment submitted! Comments needs approval before being displayed.