Browse
related articles
A report from the Ponemon Institute published last week shows that major companies believe that they are already experiencing nation-sponsored cyber attacks, and that a cyber attack on the critical national infrastructure (CNI) is likely in the next two years. Coincidentally, on the day that the report was published, news broke about a sophisticated worm attack on the Iranian nuclear research establishments. The attacks on Google's operations in China at the beginning of 2010 have raised concerns in this area, and the new research indicates that it is not just a localised problem.
General cyber security scene remains challenging
While cyber crime generally grows as a threat to companies and countries, the numbers do not show a linear progression. The criminal community is both highly organised and dominated by some big players. Numerically, credit card details and online banking credentials account for the overwhelming proportion of stolen data.
Successes by law enforcement can therefore have a substantial, but short-term, effect on the picture. When the Rock Phish gang was taken down in November 2008, it cut worldwide spam and associated phishing and botnets by around 50%, but after a few months a new gang was using an improved tool called Avalanche and had captured 65% of the market.
The 2009 imprisonment of Albert Gonzalez, who had been active in many major data breach incidents including TJ Maxx and Heartland Payment Systems, may have contributed to the reduced volume of data theft reported in 2010. Another equally credible explanation is that the data thieves stole so many credit card records in 2009 that the market price of the data fell by 95% and the laws of supply and demand affected their strategy. It seems likely that the criminals have turned their attention to more lucrative and more targeted attacks on high-value data. Any change in targeting creates new challenges for cyber security professionals.
When do you discover that you have been hacked?
Data theft is about copying valuable information, rather than about stealing the only copy of the data. The owner of the data will not be aware that this has happened until either their cyber defence infrastructure raises an alarm or, much more frequently, someone notices the hacked data is in the wrong hands when, for example, a competitor develops a similar product in record time or a customer detects that their credit card has been misused. These factors mean that nation-sponsored data theft is not likely to be discovered quickly as nations play the long game, and the figures relating to all forms of data theft may be significantly in error.
Real concern raised over risk of an attack on the CNI
The Ponemon Institute interviewed 131 senior security leaders in the US and in Europe. They represent organisations that consider themselves part of the CNI of their country. A total of 78% of respondents in the US and 60% in Europe expect a cyber attack that will significantly disrupt the country's mission-critical operations within two years. Few believe they have a sufficiently collaborative response plan involving other players in the industry. More than 70% supported the notion of setting up a global computer emergency readiness team (CERT) to collaborate on information gathering.
The research also revealed that 56% of US and 38% of European respondents believe they have been victims of a nation-sponsored cyber attack. Perceptions appear to reflect geographical separation from the source of the threat. In Europe the concern was focused on disruption of the critical infrastructure, probably influenced by recent history in Georgia, Estonia, and the Middle East, while in the US twice as many respondents thought the motive was information theft. In both continents, around 90% of them pointed the finger of suspicion at China, well ahead of the 50% that suspected involvement of the Russian Federation, showing that cyber intelligence is more influential than these recent high-profile disputes.
More than 80% of respondents believe that cyber attacks are more serious than criminal attacks in frequency or magnitude, while 81% of US participants and 96% in Europe believe that cyber attacks are difficult to detect, confirming our previous research.
