Does this lack of visbility also apply to governments and nation states?
“One of the things that governments need to do is to protect the Internet. It has been estimated that many billions of pounds are tied up in e-commerce activities. When a military installation or MI5 is attacked, the cyber criminal will go down the line looking for vulnerabilities. This is why threat-sharing is so important. Nations will see attacks not only looming on the horizon, but also attacks that are used as a part of modern warfare. In the US, the vulnerabilities of the American power grid was revealed recently, and if a hacker were able to gain access to these systems, the downstream effect of power disruption could be catastrophic.
“It is estimated that there are now 200 nation states that can launch a cyber war offensive – and these nations are recruiting cyber warfare people and are carrying out simulations. Think about the number of aeroplane missles a nation can deploy, but just 30 people could take down a nation’s defences. This has major ramifications.
“There are currently thought to be 250 hacking groups in China and that government is not stopping them, as these groups have become a political asset for China. It is a real threat, and groups like the Cyber Security Operations Centre (CSOC) are a real asset, which will allow governments to see what is a threat and what is not. It is a wake up call for governments around the world to make sure that their security is secure.
“The power grid vulnerabilities in the United States was exactly like the plot from the film, ‘Die Hard 4’. Remember, electricity plans often show where all the assets and infrastructure is located, as these details are all stored electronically nowadays, and are kept in files on a system somewhere. It was reported last year for example that the plans for the US Joint Strike Fighter were stolen, allegedly by the Chinese.”
So what threats are we likely to see going forward?
“Years ago it was random strikes, but now it is much more targeted. There are in effect ‘sniper attacks’ happening now on a company’s critical infrastructure. We will continue to hear about that going forward, especially as there it is that 12 to 15 percent of all the computers in the world are thought to be infected with bots.
“This is a huge number, and these infected PCs are mostly lying dormant at the moment, but this is a ticking time bomb, and we see will those going active in the future.
“The major trend that is occurring at the moment is with small to medium sized companies, such as family businesses like plumbers etc. These small businesses are typically getting attacked at the moment, and key loggers for example are capturing the details of their online bank accounts. Before the guy knows it, all the money has been emptied from his account. Now consumers are protected and will usually get their money back, but companies are not protected in the same way.
“SMBs are not investing enough in security, and even when they do, things like firewalls are not being configured properly. SMBs are also notoriously behind on their patch levels, so there are vulnerabilities with millions of these small businesses.
“One of the biggest things going forward however is that we will also hear a lot more about cyber warfare. The Pentagon for example gets over a million attacks a day. We have known about China for some time, and the Google attack just puts this in the headlines. It got noticed and reported because Google is well known and sophisticated company. But these attacks also happen to other less well known companies.
“For example, a number of oil companies found that their systems had been breached in 2008, and their drilling plans were stolen. Now this information contained very valuable details on where oil is located. Companies can spend hundreds of millions of dollars finding this information out, and suddenly all that data is stolen. These attacks also allow rival companies for example to know how much their competitors are pricing for drilling bids. A rival drilling company can therefore offer a lower bid and undercut their competition, because they know the bidding price of their rivals. Companies go out of business when this happens.”
So what advice do you have?
“The concept of a ‘hard shell, soft interior’ will not work any more. With the advent of Wi-Fi networks, the cloud etc, we recommend that companies keep their vulnerabilities to a minimum, and put in place monitoring software around their critical assets at the very least. Things like customer data also needs to be heavily protected. Therefore monitoring the data and the transactions that happen with that data is very important.
“Another thing is training. A lot of non-malicious back doors are inadvertently opened. Users should be told not to go to certain websites. They need to be made aware of spear-fishing emails that say ‘hey, look at my new picture’, and when they click on it, malware is installed. They also need to be aware of social engineering from social networking websites, as well as the dangers of installing peer to peer networking applications as you don’t know who is looking at your system.”
Page: 1 2
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…
US prosecutors confirm earlier reports, demand Google sells off Chrome web browser and end default…
Following Australia? Technology secretary Peter Kyle says possible ban on social media for under-16s in…
Restructuring expert appointed to oversea Northvolt's main facility in northern Sweden, amid financial worries
View Comments
DOC (digital/optical) computers, now capable of "changing information on the fly" while en route, have introduced a new problem in that the information which arrives at any destination may not be the information from the source. Nor will it necessarily be from one source to one location, but rather split at that point to multiple destinations, even translated into other computer and human languages.
The current trend to force exposure to source code opens up the entire world to the theft of their information, most of them without the knowledge of the incidents. Now that we know Intel was also a victim of the recent attacks by China, the designs of chips themselves may be known, opening up new backdoors of access via alternatives, such as access to computers via electrical wiring and/or parts of the video signal.
Likewise, with botnets of computers to servers and from there to other servers, the potential for multiple participants in one event or target on the front end are also possible.
We are now in a multi-point to multi-point disinformation oriented crime ring network architecture and computers are not the only targets. As brain interfaces become more known of, the ability to track IP addresses of a victims' computer may be critical to automated systems of defense. Let's hope that the UK has not fallen for the fake "privacy" issue and the decoy of "oneness".
Boundaries to protect the individual and their rights are now necessary to safeguard not only their freedom, but their lives.
As with all others, they will be only as good as the equipment they use, most likely designed and manufactured in Asia. Don't be ignorant of the microchip back doors built into the hardware, especially the electrical wiring.
Good luck to the UK and their new center!