Are we there yet?

In an age of increasing numbers of cyber threats businesses and individuals alike need to become more security savvy. But in today’s increasingly complex digital environment can information security really mitigate against larger scale attacks?

Really thought provoking article published by BCS BCS (212 x 239)

Daniel Gifkins, Alban Consultants, investigates and asks: are we there yet?

So ‘cyber’ has come of age. In fact the term has been so overused that most of us either turn off when a headline with the word appears, or tune in for another entertaining story of espionage that could never possibly happen to our company. In recent months the tables have turned with revelations that it is not only criminal gangs and hostile nation states that spy on electronic communications, but our very own government using the US based PRISM programme.

Whilst a subject that needs debating, this detracts dangerously from the real threat to UK business. According to Jonathan Evans (Head of MI5), UK firms are under ‘astonishing’ levels of attack from hostile nation states and criminals. This has not changed just because the terms ‘cyber’ and ‘advanced persistent threat’ have been overused. Complacency now means betting the future of the company on obscurity, which no longer offers the protection it used to.

We have known for over a decade that the internet is not the friendly place it once was; so we use firewalls, virus checkers and don’t reply to emails from ‘Nigerian Princes’ (‘419′ scams). Although individuals are still occasionally caught out, virus infections are not a board level issue. So if information security is no longer a strategic consideration, why are companies increasingly caught out by cyber attacks, losing large amounts of proprietary and personal data and often going out of business soon after?

Some history is important to understand the shift in focus of online attacks, and therefore the evolution of electronic threats to UK businesses. The first phase of malware consisted of simple viruses that were written to show off the capabilities of the author. They were often pranks or technical demonstrations, messing around with graphics or opening the CD drive to annoy the user, rather than commit crime.

These did not affect business as they appeared before computers and the internet were central to operations. The next important phase (still very much present) consists of more damaging malware. Viruses, worms and Trojans install software on computers to redirect users search queries, log key strokes and encrypt data and hold the user to ransom, for example.

The important common factor is that these types of malware (plus 419 style scams) are rarely targeted to a specific person. It is generally these types of electronic attack that UK businesses are geared up to protect against, using the aforementioned technical measures and user training.

Pete Woodward: I firmly believe that we haven’t yet seen what can be achieved by the Advanced Persistent Threat (APT) model operating unnoticed – It is crucial that businesses and home users alike keep themselves educated with the latest threats and act to protect themselves accordingly.

It is too easy to lose interest in the daily reports of ‘Cyber Attacks, or Data breach’ taking place – Keeping your fingers crossed is not a recommended option to stay cyber safe.

Read the full Article here: //www.bcs.org/content/conWebDoc/53629

Chick-fil-A investigates payment card data breach
FCC Plans $10M Fine for Carriers That Breached Consumer Privacy