Kenny MacAskill: WannaCry attack must be a wake-up call or next time tears will be the least of it

Thankfully, lives in this incident have been spared and payments avoided. However, such good fortune may not apply in future. The threat level is such that action has been taken at the highest level and will continue. The Scottish Justice Secretary participated in a Cobra meeting chaired by the Home Secretary. Cobra an acronym for the Cabinet Office Briefing Room “A” which is underwhelming when spelt out, but highly significant in its calling and participants. Not just Police and Government but Security Services and no doubt the Military would have been present.

It’s now viewed as the number one threat by both governments and organisations and with good reason. In 2007, the Baltic State of Estonia came under cyber-attack. It’s Parliament, Banks, Ministries and broadcasters came under cyber-attack that caused a significant threat to the nation. Russia was suspected of being responsible though no specific evidence could be found.

However, as a consequence, the following year Nato established a centre for dealing with cyber warfare and based it in Tallinn, the Estonian capital. Doubtless, triggering a message to their Russian neighbours. The days of tanks trundling across borders whether Hungary in 1956 or Czechoslovakia in 1968 are gone, but there are other ways countries can invade. Likewise, the threat of terrorism is not simply to aviation or on the streets of our towns and cities but through our IT systems.

Business likewise has had to change and adapt. I recall a reception for the International Security Management Association who were holding their conference in Edinburgh. Their website describes themselves as the worldwide organisation for Chief Security Officers. They claim that half the Fortune 500 rely on them on a daily basis. It was fascinating to meet them. I assumed that they’d mostly be former Police Officers. In fact, most were former security services staff whether CIA, FBI or MI5. However, that switch in recruitment showed the change in who and what the threats were. Robbery and fraud supplanted by terrorism and cyber-crime.

It isn’t new. Computer and internet crime has been around for quite a while. However, the extent of it and its potential risks are increasing incrementally. That’s partly due to the growth in IT, as well as our increasing dependence on it and partly by the growing sophistication of those involved in perpetrating it. IBM estimate that ransomware attacks increased by 6,000 per cent in 2016. That may very well be the tip of the iceberg. They come in a variety of forms, not just the massive cyber-attack of WannaCry.

As the Scottish Health Secretary detailed in her statement to Parliament, the NHS has been experiencing these attacks on almost a daily basis for many years. Banks are likewise, though tend to be more secretive about what has happened to them. Scams, especially those targeting the vulnerable, have been ongoing for years. They have varied from the spam email requesting funds to more complicated frauds that delude the unsuspecting and especially those seeking a fast buck. As the Law Society and other organisations will tell their members and others – if it’s too good to be true, it’s too good to be true. It’ll be a fraud. Still the desperate are duped.

Sophisticated frauds are also perpetrated as have been exposed recently with accounts hacked and even fictitious mail and bank details sent. By the time the truth is realised the money is long gone through numerous servers and doubtless countries. Tracking it well-nigh impossible and recovering it even less so.

As governments and security services have shifted their focus so have the police. Not just officers are dedicated to it but IT experts recruited to assist. Europol has a Cyber Centre and Police Scotland are represented. Gartcosh Crime Campus has our own officers and the National Crime Agency present.

But, still it comes in both serious and less severe attacks and from major incidents to minor frauds. Recorded crime has reduced significantly in Scotland over many years. Great progress has been made in many areas whether homicide or serious violence. However, it’s also equally clear that crime has changed and much cybercrime may be unreported. Bank robberies and wage heists have lessened to be replaced by more sophisticated IT crimes. The perpetrators are serious and organised crime gangs. However, the internet and globalisation has allowed some of their scams to be conducted from the Ukraine, Nigeria or the Philippines. Though some will also be our own ne’er do wells.

The police and prosecutors, as with government and security, will seek to protect, pursue and prosecute. However, with other pressures never mind limited resources there’s a limit to what they can do. Moreover, once some of these frauds are carried out there’s sometimes little that can be done but sympathise and learn. Priority will go into infrastructure and protecting the vulnerable. Beyond that it’s up to all of us with a computer or IT system to help ourselves. Malware and anti-virus software aren’t a luxury but a necessity. In more complicated business systems, so is specialist advice. Organisations like Scottish Business Resilience Centre can advise and experts abound.

We survived WannaCry but may still shed tears unless we do what’s required in business or home. So, I’ll finish now and back up my system.