Cyber crime and popcorn anyone?

Opinion by Bill Walker

You can't watch a Hollywood blockbuster these days without some character, good or villainous, hacking into someone else's network.

You can't watch a Hollywood blockbuster these days without some character, good or villainous, hacking into someone else's network.

It also seems that, most weeks, we read about yet another hacking episode affecting governments, businesses or individuals.
The British government recently announced the nation's first cyber crime unit to address a threat it says is becoming “ever more complex”. Up to a third of the British public fell victim to, or were affected by, online crime in 2012. Clearly, cyber crime is no longer the stuff of science fiction.    
In fact, cyber crime is becoming big business – and not just in Hollywood. According to Symantec, cyber crime now costs consumers over $100 billion a year, and affects 1.5 million people every day. If cyber crime was a country's GDP, its national economy would rank in the top 60 out of 195 other countries.
Yet many of those affected don't report it.  Businesses in particular have been reluctant to do so for fear of publicly exposing their vulnerability.
One recent and high-profile exception is Telenor, the Norwegian telco. The company went straight to the police and made a public announcement after it was hit by a cyber attack earlier this year in a scenario not miles apart from M's laptop being hacked in the Bond movie Skyfall.

In an interview with a local newspaper Aftenposten, Telenor's security director said: “It's completely clear that those behind (the attack) were able to download information. There's no doubt we have lost data.” 

Governments across the world have been taking the growing threat of cyber crime more seriously, especially threats against critical national infrastructure such as power, utilities and communications. So too have most UK firms ever since, claims a Ponemon report, 90 per cent of large businesses have fallen victim to a cyber security breach.

So it's no surprise that cyber security training has become one of the fastest growing areas in IT training, with the number of courses booked doubling over the past 12 months.

Keeping quiet about data breaches is no longer an option since many companies are now obligated by law to disclose when it happens. LinkedIn, PayPal and Sony are just some of the large brands that have been attacked in the last year or so and have had to go public.

This list is growing and is costing businesses billions in lost productivity, lost data recovery and lost business – as well as having a detrimental impact on the brand. However, solving the issue isn't as simple as simply investing in the latest anti-hacking technologies.  
Despite the billions of pounds spent on the latest security IT, from next-generation firewalls to intrusion detection systems, one of the biggest risks facing businesses comes from businesses' own staff – just like Wayne Knight, the loathsome hacker who stole the DNA secrets of the Jurassic Park project. 

Knight is not alone. A recent YouGov survey found that five per cent of staff confess to taking company data with them when they move to a new job (how many more don't admit it?). Meanwhile, around a fifth (23 per cent) admit to writing their passwords down or sharing them with colleagues.

It's this kind of behaviour that causes data leakage or, inadvertently, helps the bad guys get inside. As Telenor found, once they're in they can wreak havoc often before anyone even notices.

The stakes are high. Theft of high-value intellectual property, perhaps a patented formula or other innovation, could lead to a company losing its competitive advantage and, ultimately, result in commercial failure. 
To help protect against this, every member of staff must learn to take all aspects of security seriously, particularly when it comes to password confidentiality.
This is an issue we wouldn't have had to deal with 20 years ago, because we didn't have so many passwords – at home and at work – to remember. Although password overload is a very real issue for everyone, if they're not careful individuals risk leaving the proverbial back door to the business open, and potential access to the company crown jewels.
UK businesses need to adopt a holistic approach to security that merges technology with a security-aware workforce. Once everyone understands the role they can play within the bigger picture of keeping a business secure, the risks can be minimised and the bad guys can be kept firmly out.

During the summer of 2012, in a single attack, a group targeted more than 200 email accounts across 30 government departments. The Foreign Office said that without security in place, the hackers could have "gained unfettered access to sensitive government information".

This was not a one-off incident, according to Iain Lobban, director of GCHQ, as there are over 20,000 malicious emails on government networks each month. Hollywood could not have made this up. Popcorn anyone?

Bill Walker is a security analyst at QA


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events