“There are now three certainties in life,” the head of cyber-intelligence for U.K. Security Service MI5 said on the BBC Monday. “There’s death, there’s taxes and there’s a foreign intelligence service on your system.”
These state-sponsored computer attacks seek out intellectual property, such as company data on strategies, joint ventures or mergers and acquisitions. The end goal is to provide an unfair advantage to the attacker’s state-owned firms.
“We’re sure we know who it is,” Sir Iain Lobban, director of the U.K.’s Global Communication Headquarters (GCHQ) told BBC Radio 4. “It’s very difficult to do attribution in real time, but over a period you can build up a pretty strong idea.”
Cyber War Games
The United Kingdom won’t name names, but the United States hasn’t been so coy, calling out Russia, North Korea, Iran and especially China over the course of January, February and March. U.S. Treasury Secretary Jack Lew vowed Sunday to continue pressuring China on cyber security issues, such as intellectual property and trade secret theft, according to Reuters.
With cyber threats outweighing any other danger to the U.S. — including terrorism — a financial services industry group is preparing to simulate a massive cyber strike against about 50 firms. On July 18, the Securities Industry and Financial Markets Association (SIFMA) will lead the U.S. Treasury and Homeland Security Departments, along with the exchanges, through Quantum Dawn 2, which follows a 2011 exercise.
“We’ve been under attack as a sector for the last nine months,” Karl Schimmeck, SIFMA vice president of financial services operations, said in the Los Angeles Times Monday. “We know this is real; we know things are possible.”
A Serious Threat Not Taken Seriously
Not everyone seems to. Despite U.K. efforts to help businesses guard against cyber-attacks, only one in eight respondents to a Financial Times/ICSA Boardroom Bellwether survey indicated they had taken any of the prescribed measures.
“According to our most recent Cyber Security Monitor research,” Martin Sutherland, managing director of information intelligence solutions provider BAE Systems Detica said in the Financial Times Monday, “61 per cent of respondents said it would take an attack on their company or a competitor for their board to take the risk of cyber-attacks more seriously.”
Even then, building walls around data is no longer sufficient to protect it, cyber security firm Digital Shadows co-founder Alastair Paterson said on Wired.co.uk Monday. So much of that data now resides online, and it can damage a firm’s reputation as well as its internal systems.
Tear Down This Wall — And Mind your Garden
“Attacks are becoming far more sophisticated,” Paterson said. “The reconnaissance phase of a cyber attack has become the most important phase.”
Companies could continue building walls around their data, according to Paterson, but that would cost them the spoils of social networks and mobile technology. Or they could:
-Accept the reality of doing business online
-Train their staff to mitigate the risks
-Monitor their digital footprint for signs of attack
Death, taxes and cyber infiltration are all part of life. People and firms who ignore that do so at their own peril — and they will compete against their own innovations, which will be wielded by foreign competitors.
Follow Derek on Twitter: @DKlobucher