By John Thornton | 11 September 2012
Online crime is soaring and it is increasingly targeting the public sector. This is a major concern as more public bodies share vital services and IT
There are very few growth industries at the moment but one of the most successful is a major threat to public and private sector alike.
The ICT security company Symantec recently reported that it blocked more than 5.5 billion malicious cyber attacks in 2011; an increase of 81% over the previous year. Cybercrime affects us all. It can undermine our trust in individual organisations, prevent us from doing business online and create barriers to sharing information.
It threatens the intellectual property that underpins future prosperity as well as the integrity and confidentiality of the sensitive information that is the lifeblood of modern government and commerce.
Symantec estimates that worldwide more than 232.4 million identities were ‘exposed’ in 2011 through data breaches, either via deliberate attacks or negligence. The deliberate attacks primarily targeted customer-related information for fraudulent purposes. The firm estimates that 42% of these data breaches were in health care, 14% in government and 13% in education. Cybercrime is big business, it is growing and it is increasingly targeting public services. As individuals and organisations, we need to be aware of the risks and take responsibility for protecting ourselves. But combating it requires a co-ordinated focus of resources and legislation that only governments can muster.
There was a time when lone individuals hacked into systems or launched attacks on networks for fun, for the challenge or to prove their expertise. Now, as Britain’s National Security Strategy makes clear, cybercrime ranks alongside terrorism as one of the four main security challenges facing the UK.
The director general of the MI5 security service, Jonathan Evans, stressed in a recent Mansion House speech that vulnerabilities in the internet were being exploited aggressively not just by criminals but also by states. Industrial-scale processes involving many thousands of people lay behind both state-sponsored cyber espionage and organised cybercrime, he said.
The government has signalled its commitment to combating cybercrime by allocating £650m in the Strategic Defence and Security Review to enable threats to be better identified, understood and mitigated.
However, ministers also need to think about how cyber security relates to broader policies. The internet has developed from a communication network to what has been termed the ‘internet of things’ – where it connects our traffic management systems, the buildings we work in, bank cash machines, and much more.
This creates the potential to attack a country’s critical infrastructure as well as its information resources, as we have seen with the Stuxnet Worm. This infected industrial facilities in Iran and is widely believed to have been designed to slow down the country’s nuclear development by targeting the software in key devices.
In theory, it is just as possible to disable energy supplies, hospitals and airports, even nuclear submarines and aircraft carriers.
With many public sector bodies sharing services and ICT infrastructure and applications – in line with the government’s ICT strategy – are they making themselves high-profile targets? The backbones of large shared networks and data centres could easily become the focal points for cyber security attacks with the aim of disrupting services or stealing valuable data.
In 2010, Google became the victim of a highly sophisticated attack on its corporate infrastructure that also targeted the systems of at least 20 other major organisations. As US secretary of state Hillary Clinton stated at the time: ‘The ability to operate with confidence in cyberspace is critical in a modern society and economy.’
Should we be thinking more about these issues as we plan and update our communications, systems and physical infrastructure?
John Thornton is the director of e-ssential Resources and an independent adviser on business transformation, financial management and innovation
