The recent report by the Organisation for Economic Co-operation and Development (OECD) claimed that the use of cyber weaponry will shortly become ‘ubiquitous' and that politicians can only do so much to protect citizens and the economy from cyber aggression.
With an eye on the impact on businesses in such an instance, Simon Neal, chief operating officer at The Bunker, outlines options on how to stop becoming a weak link in the online security chain.
One of the most alarming developments of recent years is the dual rise of the hacktivist and the online terrorist. Historically, an enemy looking to destabilise the economy would target government, infrastructure and manufacturing sites with bombs.
Now, the enemy might look to create similar chaos and operational paralysis by taking down a vital trading system, compromising personal records or disrupting a high profile organisation as a show of strength. In fact, Gartner predicts that by 2015 at least one G20 nation's critical infrastructure will be disrupted and damaged by online sabotage.
If significant targets such as banks and other financial institutions are attacked or dissuaded from operating within, the impact on the UK will be significant: lost revenue for the banking industry; lost tax income for the government; and lost confidence leading to lower future investment and the resulting impact on jobs and the population's general outlook.
As our reliance on web-based systems increases, so cyber sabotage becomes a more serious threat. Recent examples such as the Stuxnet virus, which targeted the control software of manufacturing equipment, and the distributed denial-of-service attacks on payment sites that did not support WikiLeaks have highlighted how it only requires a little organisation to deliver a credible cyber attack.
With companies increasingly targeted for disruption rather than information theft, business is already on the frontline of today's cyber war. Companies need to change their security culture to deal with this new threat, because it is no longer just about safeguarding their own data assets, it is also about protecting the national and economic interest.
With the stakes raised, companies must address online security in three specific areas: physical, the measures to prevent attackers from accessing the facility where data is stored; digital, the software safeguards in place to protect applications and data; and human, the people with access to the systems and hardware. Only with all three bases covered can a company claim to be truly secure and to be ‘doing its bit' for the cyber war effort.
Of course, most companies cannot be expected to build military-style security defences around their IT systems, which is why Gartner also predicts that, with 2011 set to be the year of the cloud, mass business migration to sophisticated and secure data centres will become inevitable.
Businesses should not have to go it alone in the face of the growing online threat. Third-party providers exist who can deliver the level of protection they need comprehensively and much more cost-effectively.
Technology has revolutionised the UK economy, opening up whole new industries that would not otherwise exist, irrevocably altering existing business processes, and creating a whole new set of security risks. Yet our reliance on round-the-clock access to information makes cyber attacks the perfect weapon for those who wish to do us harm. Companies need to ask themselves: what price peace of mind during wartime?