Director general of UK Security Service organisation warns that business will be a target for cyber threats, with one London company's losses estimated at £800m.Article | June 26, 2012 - 1:27pm
Yesterday, the director general of the UK Security Service, MI5, warned that rapidly escalating cyber crime is as important to the country as terrorism and that businesses and government must work together for mutual protection.
Jonathan Evans was speaking at the Lord Mayor's inaugural Defence and Security Lecture in Mansion House, London.
Having covered the upcoming Olympics and global terrorism, Evans turned his attention to cyber security, something he said is as pivotal to business as it is to government and is indeed seen on a par with terrorism as a key security challenge.
The rise in big data as a state security and industrial competitive asset and the development of the ‘Internet of things’ with a vast array of everyday devices interconnected and accessible via the web has vastly increased both the opportunity and impetus for information-phishing and viral cyber crime.
With cyber attacks on businesses coming from both states and criminal organisations around the world, Evans said: “What is at stake is not just our government secrets but also the safety and security of our infrastructure, the intellectual property that underpins our future prosperity and the commercially sensitive information that is the life-blood of our companies and corporations. And the threat to businesses relates not only to major industrial companies but also to their foreign subsidiaries, and to suppliers of professional services who may not be so well protected.”
While the threats currently emanate from groups distinct from traditional known terrorist groups, it is thought the latter will be developing capabilities in the cyber arena.
MI5 says it is currently investigating cyber compromises in ‘over a dozen companies’ – but says this is just a ‘tiny proportion of those affected’. Evans said one London-based company has suffered losses of £800m as a result of a cyber attack from a nation state which caused it to incur deficits through intellectual property loss and commercial disadvantage in contractual negotiations.
To remain one step ahead, it is imperative for the private and public sector to pool resources, insights and talent, Evans said.
“Through our involvement with the CPNI [Centre for the Protection of National Infrastructure] we have for several years encouraged the development of information exchanges where companies in the same sector can share information on security vulnerabilities in a confidential environment,” he explained. “These are chaired from the private sector and enable safe sharing in a non-competitive environment. A number of companies represented here tonight belong to these information exchanges. They are the object of some interest in other countries which have not developed the collaborative models to support them.
“The boards of all companies should consider the vulnerability of their own company to these risks as part of their normal corporate governance – and they should require their key advisors and suppliers to do the same.”
The most famous cyber threat is the Stuxnet malware, first discovered in 2010, which targets control systems in industrial plants. It is rumoured to have been created by a Western state, given the complexity of the coding and the fact that it has mainly affected Iranian nuclear programmes.