British business under attack by cyber-espionage operations
The UK is only just beginning to realise how vulnerable our critical IT systems are to cyber attack, with an increase in organisations seeking insurance and security.
The United Kingdom confronts an attack from up to 70 sophisticated cyber-espionage operations every month against its government and industry networks. Often backed by foreign intelligence services, these attacks are reported by Sir Iain Lobban, director of the UK Government Communications Headquarters (GCHQ), as happening on an ‘industrial scale’. They are primarily focused on the theft of intellectual property from organisations for the financial benefit and competitive advantage of state owned organisations. Foreign services are interested in a wide-range of business activity, including a company's mergers and acquisitions activity, their joint venture intentions and strategic direction.
However, this revelation isn’t necessarily a surprise. With the cyber battlefield increasingly being established as the new norm, nation-states across the globe are pouring huge resources into the research and development of a huge range of online defensive, offense and intelligence capabilities. All targets are seen as fair games and everyone is treated equally; governments, NGOs and commercial organisations all need to recognise and react to this trend.
In fact, the main shock from the news should be that the figure of 70 attacks a month is actually a rather low estimate. Cyber threats are increasing dramatically in both number and severity, and are now viewed as the number one threat to security and economics in a host of countries. We are only just beginning to realise how vulnerable we are in this hyper-digitalised world.
What the news brings to light is that with regard to cyber security, there’s rising pressure and demand for increased cooperation between private businesses and government agencies and the need for resources to be allocated to address the issue. Cyber security is important because many other forms of security - national, economic, and environmental - and activity - commerce, energy supply, and transport - are starting to inherently depend on the internet. The chief candidates for cyber catastrophe are shifting away from military targets to global financial markets and critical infrastructure systems, which are often operated privately. With a huge portion of wealth generated through intellectual property, rival nation states need only attack products from a company's computer system located in another area of the world to cripple a nation.
In respect to this, the British government announced last week it will be working with a number of private defense and telecom companies, including HP, BAE and Rolls Royce, to tackle cyber threats in the UK. Britain is one country leading the way, and globally, government and private sector partnerships to tackle cyber threats will soon become the norm. The expertise and market insight of many enterprises combined with governmental resources and responsibility to protect citizens means this will in fact become a booming sector. At the same time businesses need to also begin to realise the opportunities the digital world is presenting them and how these can be taken advantage of whilst balancing the threats.
The pressure on private businesses to deal with cyber-attacks is also rising. In March, US insurance company Marsh Inc claimed the demand for insurance against cyber-attacks rose by 33 per cent in 2012. This highlights the seriousness with which organisations are now taking the credibility of cyber-attacks. The digitalisation of business is imperative for success and the amount of investment made in the protection of IP and against collateral damage is a significant indicator of the huge importance organisations are now attaching to these processes.
The cyber race has well and truly started, and its speed is accelerating. As such, so will the number of espionage operations. Nations and other entities are using online weapons and reconnaissance, because they are thousands of times cheaper than conventional armaments, with near-anonymity almost guaranteed if needed.
It is important to note that the cyber race is not primarily focused on weapons development, but rather on a fierce competition to recruit talented individuals, accelerate various cyber training programs, and build the institutional capacity and operational planning required for war and espionage. The U.S. is actively recruiting promising hackers, but so too are China, Russia, the UK and many other countries, and most probably non-state actors as well, for example, Al-Qaeda.
In light of all this, there is most likely a whole world of cyber espionage the public is yet to be shown. We are likely to hear ever-more revelations over the next few months from intelligence agencies globally. Governments across the world should look to work collaboratively with businesses to ensure mitigation against cyber-attacks directed towards company assets are in place, and at the same time businesses need to also begin to realise the opportunities the digital world is presenting them and how these can be taken advantage of whilst tackling the threats.
Jarno has extensive experience in the cyber security field having advised the Finnish Defense Forces on cyber deterrence. He also regularly steers committees and working groups in Finland, the EU and NATO on cyber security defence and risk management.
The views and opinions expressed in this article are those of the author(s) and do not necessarily reflect the official policy or position of The Information Daily, its parent company or any associated businesses.