0
It is said,
that an innovation only gets the investment they need to be perfected once the
arms industry has seen a need for it. More worryingly, there is now good
evidence that much of the innovation is being driven by increasingly organised,
sophisticated and well-resourced cyber-criminals.
For example,
one of the worlds first encrypted wireless network was created by a Mexican
drug cartel. Submarines that cannot be detected by radar have been developed
by, and are being manufactured on behalf of, international smuggling
syndicates. And then, of course, there are the software developers that create
the software that allows hackers to access any system, from a power plant, oil
refinery or similarly vital site to a bank. The Bangladeshi central bank
recently lost more than $80million.
The real
issue here is that cyber-criminals have become leading innovators in their own
right, and they have the resources, both financial and human, to do whatever it
takes to penetrate the most carefully constructed defences, said Kovelin Naidoo,
CIO at Internet Solutions. We have to be aware that there is a vast hidden
network of organisations and individuals who are focused on accessing the data
and system for their own purposes.
These
shadowy players make use of the Deep and Dark Webs, which host an alternate
economy where pretty much anything can be ordered and paid for in untraceable
Bitcoins, including contract killings and replacement human organs. All of this
covert activity falls into three broad categories: governments working against
their enemies, activists motivated by a cause, or those simply motivated by
profit.
Jeremy
Capell, Head of Advisory said that the threat posed by cyber-criminals to
businesses and governments has now become so severe and so sophisticated that
nothing but a coordinated and integrated technical and business response across
all domains would be effective.
A technical
response to cyber-crime is one important component, but its only part of the
solution, he says. Companies need to understand what the risks of a breach
are, but they also need to have a detailed, enterprise-wide response that will
limit the damage. This damage is not restricted to direct financial loss, but
also includes reputational damage, which can be devastating.
Organisations
need to assess whether they are properly prepared. Do they have the right
skills? Do they have a document set of processes and procedures in place? Do
they have adequate threat intelligence? Very often sites are breached and
corporate information is posted on Deep Web yet the organisation remains
unaware of the breach. Is security conscious behaviour integrated into the
corporate culture? And are all the risks known and properly communicated, and
is the security and threat landscape constantly being monitored?
Cyber-crime
calls for a technical response, a business response and, increasingly, proper
cyber insurance as well.