Stolen corporate secrets could be used against Britain, an information security company has warned.
The warning following comments to the BBC from British intelligence indicating that business secrets were being stolen on an industrial scale. Alex Fidgen, director at MWR InfoSecurity, said: “Corporations must understand that their information can be used in sequence to piece together substantial advantage for a competitor who is sponsored by a foreign state. The UK Government has already made the link between cyber espionage activities and current and future loss of Corporation Tax but the background to all of these attacks indicates that the economic empowerment of the ‘attacker nation’ could have a significant impact in the UK´s economy.”
He added: “This is the landscape of the present and future, and we can expect all governments developing such capabilities to use cyber tactics both offensively and defensively.”
The Chancellor George Osborne has recently promoted the UK’s cyber budget, which will include £210m investment in the National Cyber Security Programme (NCSP).
Fidgen said: “The budget increase along with the release of this information and its timing appears to confirm the wish of the UK Government to show the ‘bigger picture’ and highlight some of the substantial challenges that are being faced.”
He finally added: “Businesses need to understand that the current nature of the attacks is far more sophisticated than the customary IT security standards. Corporations have to step up and respond to these attacks. They need to use their financial resources more effectively and start thinking differently if they want to protect their intellectual property.”
About MWR InfoSecurity
MWR InfoSecurity undertakes simulated attacks with companies to help them understand the issues they are facing. For further information: visit http://www.mwrinfosecurity.com/
And meanwhile Allen Scott, Managing Director for the UK and Ireland at F-Secure
Cyber espionage can prove not only crippling on a financial scale but also on a reputational basis. With reputation becoming increasingly valuable in this unstable economic climate, businesses cannot afford to be seen as weak, especially when dealing with sensitive customer information. For example, our latest research showed that the public are increasingly worried about the privacy of their content, with 59 per cent of consumers expressing concern that someone else may be able to access content they store with cloud providers. Sixty per cent were also concernedthat providers may be selling their personal content to third parties. Edward Snowden’s call for across-the-board encryption of private internet communications is just one step that will help restore consumer confidence and trust. However, businesses need to act now to ensure that their customers do not lose trust – once lost, reputation is very hard to win back.”
And Ross Brewer, vice president and managing director for international markets, LogRhythm
“As Sir Iain Lobban [GCHQ director] admits that foreign hackers have been penetrating some networks for years, we must now examine whether existing defences are indeed enough to stop this from happening in future. The ferocious, persistent and relentless determination of hackers today has created a need for organisations to deploy robust, real time defences on their network, so that they can spot and combat threats as soon as they occur – rather than letting cyber crime run rife on our networks unnoticed. This requires a level of visibility and Protective Monitoring that is simply not adopted widely enough yet. With such controversy around cyber espionage as a national security issue, there must also be great efforts to ensure that governments in particular strike a suitable balance between offensive and defensive policies.
“With already-fragile diplomatic relationships to consider, attribution will also be critical for governments and other organisations going forward. GCHQ has acknowledged that identifying the source of cyber attacks can be ‘very hard’, but a holistic IT security strategy that focuses on the continuous monitoring of IT networks will provide the level of intelligent insight needed for such deep forensic analysis. Only with this deep network visibility can organisations successfully follow the trail back to the correct perpetrators and avoid sparking increased international tension or unwanted military involvement.”
Jarno Limnéll, director of cyber-security for Stonesoft, suggested that the number from MI5 and GCHQ was ‘extremely conservative’. “With the cyber battlefield increasingly being established as the new norm, nation-states world-wide are pouring resources into developing a range of defensive, offense and intelligence capabilities.
“With regards to cyber-espionage and theft of intellectual property, it would be convenient to point the finger squarely at China as the main offender. But we should aim to be analytical and examine the situation from different points-of-view. In reality all nations, including the US, Europe and non-state actors, are actively building a cyber-presence and investing heavily in this space to achieve both strategic and financial advantages.
“Likewise, everyone is equally a target, and governments, NGOs and commercial organisations need to recognise that this trend is rapidly becoming the new norm. Worryingly, however, this path will only lead to a lose-lose scenario. Nations need to pull together to pursue international norms and laws regulating the cyber security domain. In the near future, some Western country is likely to face a catastrophic and deliberate cyber-attack mounted against its critical infrastructure and this will result in include human casualties.”
