The ever increasing cyber security challenge
One of the greatest changes in the last 10 years is that as a society we have become very reliant on being connected. This offers many benefits but also leads to a major security threat, and a recent IDC survey of over 1,300 businesses found that IT security has become their top priority for the year.
Ten years ago a cyber attack would have most likely been an annoyance. A computer worm
would infect our PCs, and perhaps delete a few files. Nobody made much money
out of that, with the exception being the security vendors who sold anti-virus
Today, targeted attacks are initiated and
conducted by malicious insiders, professional criminals and even foreign
government agencies. They have a very direct and real impact on a business's
bottom line, and on businesses' brands.
Targeted attacks can also cause real
disruption to a country's infrastructure and utilities.
Furthermore, the borderless nature of the
internet also makes it very difficult for law enforcement to pursue and charge
cyber criminals, and our reliance on being connected is only going to increase
- raising the security risk.
Governments and businesses must have several
key elements in place to defend against targeted attacks. Firstly, they need a
robust data classification process that shows the importance of different
elements of data and how they must be protected. Then they need the data
protection itself, for the different classification levels.
Identity and access management are also
crucial in making sure only the right people have access to the right data at
the right time. Transparency is equally vital: including active participation
in bodies that encourage greater information sharing on cyber threats.
and inside threats
The main threats most businesses face in
today's connected economy are targeted attacks. These are deliberate attacks
conducted by professional cyber criminals aimed at either making money from the
attack or retaliation against businesses' recent activities. Today's cyber
criminals have the means to engage in protracted campaigns against a single or
Cyber criminals also have a vast array of
reconnaissance tools at their disposal to prepare for an attack, and one of the
primary tools is social media sites such as Facebook and LinkedIn. Information
gained from these sites, such as employees working at a particular business,
their job titles, and even when they are on holiday, can all be used as a
platform to launch an attack.
Another facet of a targeted attack can stem
from a legitimate business employee: the malicious insider, and it can be
argued that the malicious insider is perhaps more dangerous than a cyber criminal
- a business's employee already has access to the infrastructure and data.
Should that employee choose to become malicious, it would be very easy to steal
and expose or sell data. Former US National Security Agency contractor Edward
Snowden's famous revelation, that the agency was harvesting citizen phone call
data and snooping on foreign leaders, is a prime example of how much damage one person can do to an organisation.
A country's national infrastructure and
utilities face similar threats to that of businesses.
In addition to the cyber criminal and the
potential of a malicious insider, targeted attacks on national infrastructure
and utilities can also originate from government agencies seeking to disrupt a
foreign nation it views as hostile.
An example of this type of attack is the
Stuxnet virus, allegedly created by the US and Israeli agencies to attack
Iran's nuclear facilities.
Given a country's economic reliance on
being connected, particularly with regards to developed nations, cyberwar is a
very real threat.
In the future, cyber attacks will be used
as a fourth method of attack - the others being Air, Land and Sea. A very
recent example of this was during the recent Crimea tension: at its most
heightened period, there was a signifiant increase in the number and severity
of cyber attacks between Russia and Ukraine.
As the global environment changes, the
defence against national cyber attacks, criminal attacks and insider threats
will be key to security. Organisations recognise the threat, but must effect
very extensive work if they are to meet the challenge.