Just how serious is the threat of cyber-attack to the UK? Are our government and industrial secrets being targeted globally by cyber criminals? Most people have been lulled into something of a false sense of security. They are aware of the fact that governments and businesses take great care to protect their valuable assets and information, using intrusion protection and advanced penetration testing to filter out the threats, and that by and large such practices have managed to keep a lid on the problem.
Unfortunately the threats are becoming ever-more sophisticated and ever-more concentrated. The UK infrastructure is being now being attacked on a regular basis by cyber-criminals. How regularly you may wonder? Well, MI5 and the Government Communications Headquarters, GCHQ, have revealed that according to their information-gathering activities Britain faces around 70 sophisticated cyber-espionage operations per month against its government and industry networks.
According to the director of GCHQ, Sir Iain Lobban, our secrets are being stolen on an “industrial scale” in order to steal intellectual property for national gain. That, he believes, clearly points to the fact that foreign governments are the major threat, rather than individual hackers. He told the BBC that’s it’s not just governments and military secrets that are targeted either:
“We started a couple of years ago thinking this was going to be very much about the defence sector but really it’s any intellectual property that can be harvested.”
The BBC also spoke to Jarno Limnéll, a doctor in military science and director of cyber-security for Stonesoft. He told the corporation that al enterprise is potentially at risk, and that, in his opinion, GCHQ is seriously underestimating the scale of the threat involved:
Everyone is equally a target, and governments, NGOs and commercial organizations need to recognize that this trend is rapidly becoming the new norm.” Worryingly, however, this path will only lead to a lose-lose scenario. Nations need to pull together to pursue international norms and laws regulating the cyber security domain. In the near future, some Western country is likely to face a catastrophic and deliberate cyber-attack mounted against its critical infrastructure and this will result in include human casualties.”
Today’s revelation from MI5 and GCHQ strikes me as an extremely conservative figure,” Limnéll said. “With the cyber battlefield increasingly being established as the new norm, nation-states worldwide are pouring resources into developing a range of defensive, offense and intelligence capabilities.”
Ross Brewer, vice president and managing director for international markets at LogRhythm, told Infosecurity, the online magazine dedicated to information security strategy and techniques, that the onus is now on enterprise to be pro-active and to tackle any potential network vulnerabilities before any damage or loss can be caused:
The ferocious, persistent and relentless determination of hackers today has created a need for organizations to deploy robust, real time defences on their network, so that they can spot and combat threats as soon as they occur – rather than letting cyber-crime run rife on our networks unnoticed. This requires a level of visibility and protective monitoring that is simply not adopted widely enough yet.”
“With such controversy around cyber espionage as a national security issue, there must also be great efforts to ensure that governments in particular strike a suitable balance between offensive and defensive policies.”
If your company would like help with security reviews, penetration testing or web security solutions, please contact Krypsys on 01273 044072 or [email protected].