One Thursday in early December 2018, some 32 million mobile users in the United Kingdom were faced with a 21st century existential nightmare: for hours they were unable to make calls, send texts or use the 4G network.
The outage affected people signed up to O2, Giffgaff and other operators using the Telefonica network. The effects were so widespread that, as far afield as Japan, mobile users lost smartphone coverage for a full five hours.
The culprit was not some sophisticated cyber ware or malicious hack, however. As the day unfolded, the issue turned out to have been perhaps the most obvious plot-twist to the story: human oversight. The root of the mega-outage was an expired digital certificate in a management software by Ericsson, the Swedish telecommunications firm. This was not the first time the company was blamed for a smartphone blackout. In 2012, O2 said an outage that also affected millions of customers was down to a fault in central user database provided by Ericsson.
Not only do such incidents cause a major headache for mobile users, but a mistake like letting a certificate expire can leave firms vulnerable to hackers, cyberattacks and further breaches. No organisation operating today can afford to be complacent about cyber security. According to the Cyber Security Breaches Survey 2019, released in April, some 27 per cent of UK business and charities had experienced a cyberattack in the past 12 months, down from 43 per cent the previous year.
Human fallibility is at the heart of many such incidents, with hackers exploiting over-worked employees on the receiving end of a daily barrage of emails. That same poll found that of UK cyberattacks, 80 per cent were phishing-related, and almost a third involved hackers impersonating senior management via email. Research by Kroll, a risk solutions provider, found that 88 per cent of UK data breaches last year were the result of human error. Meanwhile, a poll by US software company Centrify found that 77 per cent of UK workers have no basic training in cyber security.
But, as the 2018 outage shows, the most sophisticated technology is vulnerable to the shortcomings of those who use it. Tech can’t innovate human error out of existence. Alongside technological security solutions, employers need to support staff in recognising when they might be vulnerable to malicious intent. And to make sure they renew that digital certificate.
To access the full Spotlight supplement, click here.