This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Cyber crime and popcorn anyone?

Share this article:
Cyber crime and popcorn anyone?
Cyber crime and popcorn anyone?

You can't watch a Hollywood blockbuster these days without some character, good or villainous, hacking into someone else's network.

It also seems that, most weeks, we read about yet another hacking episode affecting governments, businesses or individuals.
 
The British government recently announced the nation's first cyber crime unit to address a threat it says is becoming “ever more complex”. Up to a third of the British public fell victim to, or were affected by, online crime in 2012. Clearly, cyber crime is no longer the stuff of science fiction.    
 
In fact, cyber crime is becoming big business – and not just in Hollywood. According to Symantec, cyber crime now costs consumers over $100 billion a year, and affects 1.5 million people every day. If cyber crime was a country's GDP, its national economy would rank in the top 60 out of 195 other countries.
 
Yet many of those affected don't report it.  Businesses in particular have been reluctant to do so for fear of publicly exposing their vulnerability.
 
One recent and high-profile exception is Telenor, the Norwegian telco. The company went straight to the police and made a public announcement after it was hit by a cyber attack earlier this year in a scenario not miles apart from M's laptop being hacked in the Bond movie Skyfall.

In an interview with a local newspaper Aftenposten, Telenor's security director said: “It's completely clear that those behind (the attack) were able to download information. There's no doubt we have lost data.” 

Governments across the world have been taking the growing threat of cyber crime more seriously, especially threats against critical national infrastructure such as power, utilities and communications. So too have most UK firms ever since, claims a Ponemon report, 90 per cent of large businesses have fallen victim to a cyber security breach.

So it's no surprise that cyber security training has become one of the fastest growing areas in IT training, with the number of courses booked doubling over the past 12 months.

Keeping quiet about data breaches is no longer an option since many companies are now obligated by law to disclose when it happens. LinkedIn, PayPal and Sony are just some of the large brands that have been attacked in the last year or so and have had to go public.

This list is growing and is costing businesses billions in lost productivity, lost data recovery and lost business – as well as having a detrimental impact on the brand. However, solving the issue isn't as simple as simply investing in the latest anti-hacking technologies.  
 
Despite the billions of pounds spent on the latest security IT, from next-generation firewalls to intrusion detection systems, one of the biggest risks facing businesses comes from businesses' own staff – just like Wayne Knight, the loathsome hacker who stole the DNA secrets of the Jurassic Park project. 

Knight is not alone. A recent YouGov survey found that five per cent of staff confess to taking company data with them when they move to a new job (how many more don't admit it?). Meanwhile, around a fifth (23 per cent) admit to writing their passwords down or sharing them with colleagues.

It's this kind of behaviour that causes data leakage or, inadvertently, helps the bad guys get inside. As Telenor found, once they're in they can wreak havoc often before anyone even notices.

The stakes are high. Theft of high-value intellectual property, perhaps a patented formula or other innovation, could lead to a company losing its competitive advantage and, ultimately, result in commercial failure. 
 
To help protect against this, every member of staff must learn to take all aspects of security seriously, particularly when it comes to password confidentiality.
 
This is an issue we wouldn't have had to deal with 20 years ago, because we didn't have so many passwords – at home and at work – to remember. Although password overload is a very real issue for everyone, if they're not careful individuals risk leaving the proverbial back door to the business open, and potential access to the company crown jewels.
 
UK businesses need to adopt a holistic approach to security that merges technology with a security-aware workforce. Once everyone understands the role they can play within the bigger picture of keeping a business secure, the risks can be minimised and the bad guys can be kept firmly out.

During the summer of 2012, in a single attack, a group targeted more than 200 email accounts across 30 government departments. The Foreign Office said that without security in place, the hackers could have "gained unfettered access to sensitive government information".

This was not a one-off incident, according to Iain Lobban, director of GCHQ, as there are over 20,000 malicious emails on government networks each month. Hollywood could not have made this up. Popcorn anyone?

Bill Walker is a security analyst at QA

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in Opinion

Throwaway tablets threaten our children

Throwaway tablets threaten our children

Used and broken Android tablets often retain access to passwords even when wiped - so be careful how you dispose of them says Ken Munro.

Wearable technology: A secure approach to business

Wearable technology: A secure approach to business

Wearable technology raises many of the same concerns as smart phones and USBs - recording, storing and transmission of data by individuals - and your security policies should include that ...

How choosing your own device (CYOD) can help empower your workforce

How choosing your own device (CYOD) can help ...

If implemented well, choosing your own device (CYOD) brings benefits beyond BOYD or company-imposed mobile devices says David Brady.