Cyber crime is a major danger to national and international security (the government has ranked it one of the four top risks to national security), yet there is growing confusion and lack of understanding about how industry can protect themselves, their business and their employees in this highly dangerous and invisible warfare.
A third of the world’s population now uses the internet and it is key to global commerce, communications and entertainment. But as the world’s dependence on cyber space increases, so have the opportunities for criminals to take advantage of lapses in cyber security.
Although the exact financial cost of cyber crime is difficult to estimate, what is known is that the problem is getting progressively worse:
• Criminal groups have already registered over 9,500 Olympic Games-related web addresses
• There was a 14 per cent increase in online banking losses between 2008 and 2009
• 51 per cent of malicious software threats that have ever been identified were so in 2009
• Evidence suggests that hundreds of malicious e-mails are being aimed at government computer networks each month and there are concerns that terrorist groups can now hack into critical infrastructure such as air traffic control networks.
National Security programme
Attacks on computer networks are among the biggest emerging threats to UK safety and economic prosperity, causing the government to invest an extra £500m to bolster cyber security through its National Cyber Security programme. The aim of the four-year programme is to close the gap between the needs of a modern digital age and the rapidly growing risks associated with cyber space, including the internet, wider telecommunications networks and computer systems.
The National Cyber Security Programme will work to one national programme of activity, with supporting strategies in other government departments. Through the programme, the government plans to:
• Overhaul the UK’s approach to tackling cyber crime. This will include the creation of a single point of contact that will enable the public and businesses to report cyber crime, as well as a new programme of skill development to increase knowledge and understanding.
• Address deficiencies in the UK’s ability to detect and defend itself against cyber attacks – whether from terrorists, states or other hostile individuals. This will include improving the nation’s ability to deliver cyber products and services and enhancing investment on national intelligence capabilities.
• Create a new organisation – the UK Defence Cyber Operations Group – to mainstream cyber security throughout the Ministry of Defence and ensure coherent integration of cyber activities across defence operations.
• Tackle shortcomings in the critical cyber infrastructure, upon which the UK depends. This will focus on ensuring online public services are secure and that extra support is given to UK industries and those critical networks operated by private companies (such as the energy sector).
• Sponsor long-term cyber security research, working closely with research councils, the private sector and other organisations.
• Introduce a new programme of cyber security education and skills to encourage a more preventative approach to cyber security. One of the main focuses of this will be awareness raising amongst the public, to encourage safe and secure online behaviour.
• Continue to build cyber security alliances on a global level, including strong relationships with the US and other like-minded nations.
But with planned government spending cuts set to hit both the public and private sector, will this commitment to cyber security still stand?
Deputy Prime Minister Nick Clegg is resolute in confirming the government’s on-going financial support in the battle against cyber warfare. Responding recently to a question on cyber security investment, the deputy PM said: “We’re taking this very seriously indeed. It’s something we, as a government, have identified very early on and we will take extra action and put in new resources. It’s the new frontier in terms of safeguarding the commercial safety and security of this country.”
Public and private partnerships
Although the government is fully committed to tackling cyber crime and has allocated substantial resources to this problem, within both the public and private sector there is a lack of credible advice on how to safeguard against identity theft, hacking and cyber warfare.
The government itself has said that a crucial element of its National Cyber Security programme will be the role of the private sector working in partnership with government to deliver an effective and economically viable response to cyber crime. But what exactly is being done to help business and commerce protect themselves against the threat of a cyber attack?
One initiative helping to address this is the CyberCrime Security Forum 2011, which will offer practical advice from the world’s leading digital security experts on how businesses can protect themselves from cyber attacks. The international CyberCrime Security Forum 2011 is a two-day London event that will offer practical advice for government, civil service and private industry, covering issues ranging from forensics, social networking security (SNS), password protection and infrastructure security.
Originally launched in the US, the CyberCrime Security Forum has already helped safeguard governments and international companies, including Microsoft and the US military, safeguard against the threat of cyber hackers.
Said Cybercrime founder and leading IT security expert Andy Malone: “Cyber crime is a very real and frightening threat – it affects everyone from high-level government right through to individuals. The fact that you can’t see cyber criminals, coupled with the rapid pace of technology makes it even harder for companies to keep ahead.
“The London forum will enable British organisations to have access to world experts, who will give in-depth insight into how the cyber underworld operates. It will offer practical and realistic guidance on how to be prepared and protected.”
Tackling cyber crime should be part of every organisation’s business strategy. Investing in the right expertise and implementing robust IT security procedures will not only secure your business, but enable you to operate efficiently.
Whilst it is always recommended to seek the right external IT support, there are many simple steps that can be taken by employers and their employees.
Being prepared and aware is key to reducing the risk of cyber crime. Make sure you always keep your infrastructure defence systems, such as firewalls, up to date – it’s easy to overlook these things but neglecting IT security could be a costly mistake in the long-term.
Whilst changes in working practices, including the growth of home and remote working, and the reliance of global trading on technology have created opportunities, they have also increased threats.
Keep up to speed on what’s happening in the IT world and know what’s going on in your organisation and with your employees. Regularly brief staff on the importance of steps for protecting PCs, and identify key systems as part of a strategy of awareness.
Whilst your staff are your best asset, they can also unintentionally create risks. The growth of mobile communications means your employees could be carrying confidential company data (such as emails, contact details) in their pocket with a Blackberry or other similar device. If one of these gets into the wrong hands, it could be hugely detrimental to your business.
About the author
Daniel Mitchell is a founder and director of Lifeline IT, a network support company which is presenting this year’s CyberCrime Security Forum 2011 – the first of its kind in the UK.
Daniel has specialist interest in advising public and private sector clients on
global cyber security issues, IT and data security and management of
corporate networks. He is an advisor to the London Metropolitan
University, where he is working in partnership with the organisation on a new
security defence product.
Daniel also specialises in advising small businesses and he has been a guest speaker on cyber security and data protection at global finance conferences. He is a media commentator on issues ranging from IT security and business development, through to technology in education and financial outsourcing.
Lifeline IT develops and manages IT infrastructure for companies across
sectors including retail, finance and property.
For more information:
For further information about the CyberCrime Security Forum 2011 and to book tickets, go to www.cybercrimeuk.com