Earlier this week, a simulated cyber terrorist strike took place at London’s BT Tower. The event – part of the UK government-backed Cyber Security Challenge – was designed to mimic a sophisticated cyber-attack and tested the ability of amateur contestants to defend the building’s power-supply from hackers. Those competing were selected following nine months of intensive assessments and the ten best from the day have been invited to compete in the grand final in March.
Real-life cyber attacks are becoming far more prevalent and we often find ourselves in a game of cat and mouse, trying to keep up with the perpetrators. These schemes are excellent for weeding out talented people who can help defend critical infrastructure from hackers – and may one day be part of thwarting potentially dangerous threats. Programs like these are great to see as they demonstrate that defending our boarders from cyber attacks is moving higher and higher up the political agenda.
However, we do need to be careful not to place too much credence on people alone. While a workman can never blame his tools, it is also imperative to have the right systems in place to help identify and remediate potential threats. There is now so much data passing through the networks of both private organizations and national infrastructure, that people alone cannot be the relied upon to identify when something is wrong.
Instead, security intelligence is paramount. These systems are designed to monitor networks constantly in order to spot anomalies – and can process far more information in real-time than any human being. There’s no doubt that we need the best people on the case, and events like this are an excellent way of finding them – let’s just also make sure they’re given the best possible tools to work with.
A recent study by Lancaster University, The Future of Maritime Cyber Security, has found that Britain’s aircraft carriers and warships are at risk due to their reliance on ageing software. The research team has warned that the Royal Navy and it’s international allies need to “fundamentally rethink” how they use technology on warships, as the software being used has a far shorter lifespan than the ships and aircraft carriers themselves. As such, new cyber defense strategies need to be implemented and Navy personnel trained in how to be secure online.
All cyber attacks have their consequences and how far reaching the effects are clearly varies from case to case. One thing I think we can all agree on though, is the havoc that would be wrought should the Navy come under attack. While our armed forces are well acquainted with defending against the enemy, in the cyber world it can be far more challenging to determine exactly who that enemy is, and what they are doing.
We live in an age where the use of Advanced Persistent Threats (APTs) is on the rise, which, by nature, are often left unidentified for years. The researchers from Lancaster are quite right to point out that the armed forces’ aircraft and warships are built to last, while the software is not. However, all software is effectively under threat as soon as it is deployed, and understanding that is key for every organization – armed forces or otherwise.
The solution is not necessarily to constantly deploy new software to combat the risk – that just leads to a tedious game of cat and mouse. Instead, it is imperative to constantly monitor the network for unusual activity in order to identify suspicious behaviour as quickly as possible. The Navy is no stranger to intelligence – the more information you have, the better position you are in to defend yourself – and it is no different when it comes to cyber security. For all of us, it is a case of when, not if, an attack takes place, but with the right security intelligence measures in place, the risk can be minimized.
Last week Barack Obama and David Cameron announced that the US and UK would implement a rolling program of ‘war game’ cyber attacks on each other, which will be conducted by the FBI, GCHQ and MI5. Targeting critical national infrastructure, a key element of the program will be the sharing of information, with the first test seeing a staged attack on the financial sector later on in the year. During this exercise, the Bank of England and commercial banks in the City of London and Wall Street will be targeted in a bid to ensure adequate security measures are in place.
Following hot on the heels of one of the worst years for data breaches, the US and UK are clearly upping the ante when it comes to enforcing stricter security measures – and rightly so. With the majority of their critical national infrastructure running on connected networks, these industries cannot afford to take any liberties. The last couple of years have shown it really is a case of when, not if, they will be targeted, and by using the most sophisticated techniques, the US and UK crime agencies will, without doubt, be able to expose any existing weaknesses. Businesses will no longer be able to cross their fingers and hope that their ill thought-out or inadequate security strategies will be sufficient.
The sharing of intelligence between MI5, GCHQ and the FBI will be key in this program’s success. While, in the UK, we have seen the Waking Shark exercise and the Bank of England employee ethical hackers to test its infrastructure in recent years, it is only worthwhile if the lessons learned are acted upon and shared with a wider audience. It doesn’t matter which industry you are in, or which country you live, it’s still us against the bad guys.
The problem that we are still seeing in many industries is that far too many are still failing to take a proactive approach to cyber security. This is simply not good enough at a time when major breaches are hitting our headlines on a daily basis. Businesses need to be constantly prepared for an attack and any of those in this program who aren’t doing this should expect to be exposed. The only way to ensure they have the best possible chance of keeping today’s sophisticated threats out is through 24/7 monitoring of all network activity, which needs to begin now, not as a mere afterthought. Any industry that underestimates the importance of continuous monitoring will ultimately regret that decision – and by then, it may be too late.
Earlier this week, online greetings card company Moonpig took its API offline as a flaw was enabling orders to be placed on customer accounts by hackers. The flaw, identified by researcher Paul Price, allowed hackers to bypass authentication security and place orders, as well as see and add payment information, view addresses and so on. While Moonpig has said that all password and payment information is safe, it has been claimed that the flaw was left unfixed for 17 months, despite the company being made aware of it.
We’re used to hearing about security breaches and flaws on a very frequent basis these days, so the fact that another organization has fallen foul doesn’t come as too much of a surprise. We have, after all, reached a stage when it’s a case of when, not if, a security incident occurs for most businesses today. What is unbelievable is the fact that Moonpig was made aware of the fact there was an issue almost two years ago and, as far as can be seen, did nothing about it.
For any organization, and particularly for retail businesses, customers are really the only thing that keeps them going. Showing such flagrant disregard for the safety of their data is unforgiveable, and you can be sure many members of the public will see it in the same way. In fact, a recent survey conducted by LogRhythm found that 56 percent of people said they either don’t do business with an organization that has suffered a breach, or at least limit the amount of information they share with them – which indicates Moonpig could face a quick decline in customers following this news.
The financial repercussions of any breach can be severe, thanks to lost customers, income and fines that may be levied, and the longer flaws are left open, the worse that loss is likely to be. With the security landscape as it is today, there really is no excuse for organizations not to have the tools in place to identify risks and fix problems as soon as they are identified. Understanding normal network activity is crucial to ensuring its security, and can severely reduce the time, it takes to detect threats. No flaw should take 17 months to rectify, particularly when it’s already been identified, and leaving it for so long is asking for trouble – from multiple angles.
UK retailers are currently preparing themselves for the two busiest days of the online shopping year. Black Friday (28th November 2014) and Cyber Monday (1st December 2014) will see shoppers spend millions of pounds online as the US craze continues to gain popularity in the UK. Indeed, Amazon is predicting it will beat the four million orders it received during the same weekend last year, with total UK expenditure expected to reach £281 million.
Black Friday and Cyber Monday have become two of the biggest phenomenons in the shopping industry, and the dates that retailers – and consumers – from both sides of the pond now look forward to ahead of the holidays. However after a tough year, which has seen the likes of eBay, Target and OFFICE suffer data breaches at the hands of today’s cybercriminals, all eyes will be on retailers to ensure that consumers’ online shopping experiences are as straightforward and, most importantly, secure as they can be.
With so many credit cards being registered and used online, it’s no surprise that cybercriminals will be preying on as many shoppers as possible. As such, it’s now more imperative than ever for retailers to have the right procedures and defenses in place to fend off the hackers’ sophisticated threats. Indeed, it really is a case of when, not if, they will be targeted and retailers need to take more responsibility when it comes to protecting their customers’ confidential information – not just for their customers, but also for their own reputation. Recent breaches have already affected consumer spending patterns; with the public now much more wary of whom they trust with their details.
What retailers must not do is take shortcuts when it comes to protecting their customers’ data. If they aren’t continuously tracking and monitoring their networks for anomalous activity, then they aren’t doing a good enough job at proactively defending against cybercrime. Indeed, failing to do this and instead taking a reactive approach could seriously impact retailers’ holiday trading figures going forward – something none of them can afford to risk.