Making the cyber security connection
IN the past week, more than a million people discovered â some for the first time â what it is like to be a victim, or at least potential victim, of a criminal conspiracy carried out online.
On Tuesday last, it emerged that over 500,000 credit card customer accounts may have been compromised, while the names, addresses and phone numbers of 1.12 million people may have fallen into the wrong hands.
The firm targeted by the suspected cyber criminals, or hackers, Loyalty Build, acknowledged a major security breach. It has shipped a very big hit.
Also badly affected are customers of Loyalty Build including Super Valu, Axa and Stena Line. The attackers had concentrated on holiday promotions run by these companies through Loyalty Build.
By coincidence, the Institute of International and European Affairs organised a conference on Friday at the Mansion House in Dublin.
The keynote speaker was Michael Daniel, President Obamaâs US cyber-security coordinator.
Mr Daniel warned that the threat posed to cyber security at all levels is becoming broader due to the spread in online technology. Malware is getting harder to detect. âPhishingâ by the cyber criminals is now much harder to detect than it was in the days when âPrinces of Nigeriaâ were offering generous payouts in exchange for bank account numbers.
âEveryone on the Net lives at the edge of the network. Security is a shared responsibility. It cannot be assigned to any group,â he warns.
The US cyber chief says we must accept that networks are penetrated and with this in mind, constantly test systems and have in place back-up plans. Organisations, public and private, must share information rapidly and frequently.
âCyber security is a team sport. No single entity has all the competencies needed.â
The real concern is that the attackers could take down major national infrastructure such as electricity networks.
Estonia, South Korea and Saudi Arabiaâs top oil company have all been targeted in recent years. The finger has been pointed at North Korea, Russia, China and Iran. Western intelligence agencies, too, are accused of using underhand techniques in this game of dirty underground IT tricks.
The Snowden revelations have been particularly damaging to the reputation of the US, serving as a reminder that as far as Washington is concerned, nations have no real friends, only interests.
Estonia is a particularly interesting example. Its Government has been particularly go- ahead in the technology sphere. Over 85% of its citizens have security encrypted ID cards. The use of digital signatures is common. One quarter of Estonians now vote online in national elections.
In 2007, it was the victim of what appear to have been state -sponsored attacks. Little damage appears to have been done, due to the vigorous response of the Estonians, who harnessed private sector expertise to fight off the attacks.
In 2010, Estonia formed the cyber defence league, a volunteer organisation of IT security specialists, run from the Ministry of Defence. The countryâs main technology institute now offers an MA programme in cyber security and the capital, Tallinn, hosts NATOâs cyber defence centre of excellence.
Heli Tiirmaa-Klaar is a top EU cyber security advisor. She warns that Europe is behind the curve on cyber security, lacking institutions, proper coordination, skilled people and awareness. The problem is that traditionally hierarchical Governments find it hard to deal with nimble criminal entities.
âWhen you put networks against hierarchies, the latter will lose.â
Currently, there are three different models for combating this type of crime: The Nordic, based on public-private partnership; the British, based on state agencies like MI6; and the Continental-French, which favours prescriptive regulation.
Slowly but surely, Western powers are moving to grasp the nettle. President Obama has issued an executive order aimed at promoting partnerships among owners of critical infrastructure. Cybersecurity is now a core concern in US foreign policy, says Mr Daniels. Law enforcement cooperation between the US and Europe, in particular, is a major focus.
Brian Honan is the founder of the Irish Reporting and& Information Security Service. He also lectures on IT security at the UCD Centre for Cyber Security.
âFour hundred and thirty two incidents were reported to us in 2012. The criminals are looking not only to steal data, but also intellectual property and personal information. Underground markets in the sale of credit card data have developed,â he says; spam attacks and âbotnetsâ where viruses are sent out, seizing control of networks. âComputers take part in attacks without the knowledge of their owners,â he says, adding that 74% of incidents last year involved âphishingâ emails sent to systems.
Honan dismisses the idea that teenage boys playing heavy metal in basements are behind many of the attacks. Rather, 95% of attacks are run through organised crime.
AND the problem is that we make it too easy for them. Many of us fail to update anti virus software. Our passwords are easily accessed, often because we use the same passwords, or easily guessed-at variants. Our computer servers are not âpatchedâ â that is, kept in good order, regularly.
All too often, firms end up paying ransoms to the criminals to prevent expensive loss of data. The message is clear: Keep systems in order. Carry out regular checks. Cooperate with other firms.
Dr Ian Levy of Britainâs GCHQ warns against falling prey to tech salespeople. âIf someone tries to sell you a security system and they canât explain what it is, donât buy it.â And he warns against cyber hype. âThere are not omnipotent cyber ninjas out there. It is just code!â
The key is regularly auditing a system and, as the Estonian experience shows, cyber security â global, national and local â is as much about commonsense as anything else.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
