Last week, the Bank of England warned that the perceived risk of cyber attack on financial institutions had risen sharply, noting in its Financial Stability report that “while losses [to cyber attack] have been small relative to UK banks’ operational risk capital requirements, they have revealed vulnerabilities.” The report also warned that if these vulnerabilities were exploited, the cost would be significant.
These warnings follow a year in which fighters allied to Al-Qassam have carried out denial of service attacks against many US-based financial institutions and during which an attack on Spamhaus peaked at over 300 Gbps of traffic. Although most of these attacks were aimed at financial organisations, what is to stop them targeting others or even infrastructure next?
Organisations should be surprised that the internet works so well, rather than be surprised when it fails. This is only an issue because it has become normal to think of the internet as a utility such as power or telecommunications, where a service is paid for with contractually agreed service levels. Out of sight, the internet is cobbled together in a whole series of insecure, sometimes outdated technologies which are lashed together with the sweat and tears of dedicated network engineers.
The internet is also dependent on numerous other factors which cannot be controlled by end users. For example, reliable power and access to cooling is needed; and a global network of cables needs to be protected from being cut by construction machinery or damaged by fishing trawler nets. Then of course, there are risks caused by those acting maliciously, which has happened in the past – and with greater attention being paid by the military to cyber attack, may well happen in the future.
It represents a leap of faith for so many organisations to bet their business model on the internet, which is managed with so few formal controls. The complexity of the internet is growing exponentially while the skills and capability to manage the systems is growing (at best) in a linear fashion. I believe that we will see substantial disruption to organisations, and entire businesses failing through not appreciating that relying on the internet means relying on third party services for which there are no contracts and not even a clear owner.
Organisations should celebrate the miracle that is the internet proving to be so robust for so long and press ahead with business as usual, but having contingency plans in place to survive a sustained loss of internet access is probably wise – from maintaining access to business-critical information to interacting with customers and having appropriate insurance to cover losses. The internet is incredible, but this shouldn’t blind us to the fact that it isn’t a traditional utility and its prolonged failure is a business risk.
Stephen Bonner is head of information protection and business resilience at KPMG LLP
It’s true – technology can fail! And we have a quiz about that!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…