Cyber risk: an ever-evolving threat
Computers are riddled with security vulnerabilities and there is no easy way to patch them. Even more disturbingly, anti-virus companies are starting to admit that they cannot keep up with the deluge of computer-generated viruses now attacking computer systems on a daily basis.
That was the stark message delivered by Dr Simon Moores, speaking yesterday at the opening of this year’s AIRMIC risk management conference in Birmingham, UK. He gave a comprehensive and worrying overview of the nature of the threats and the vulnerabilities now faced by companies all over the world.
He said that the recent leaks from Edward Snowden have shown that everything about the safety of the Internet as a common communications medium has been shown to be broken.
“The crisis and damage caused not by Edward Snowden but by the unregulated unrestrained conduct of national security agencies will last for decades,” he said.
He added that the Internet has had gaping vulnerabilities from its inception.
“The US National Security Agency’s specific objective was to weaken the security of the entire physical fabric of the Internet,” he said. “One of its main goals was to shape the worldwide commercial cryptography market to make it more tractable to advanced cryptoanalytic capabilities being developed by that organisation.”
He said that when Edward Snowden started leaking classified info from the US intelligence agencies the world started learning about programs such as Dishfire, a covert global surveillance collection system and database run by the NSA.
“Only this month the Guardian newspaper revealed that Vodafone has secret wires that will allow government agencies to listen to all the conversations on its network,” he added.
He went on to give an overview of the other sources of security breaches, summarising them into three distinct threats: electronic criminal groups, nation sponsored activities and non-state actors.
He gave insights in to the way in which criminal groups operate via what is known as the ‘dark net’ or ‘deep web’, which makes up the 90 percent of the internet never accessed by search engines such as Google.
He also highlighted the fact that even large companies such as eBay have recently experienced security breaches.
As for how companies should address the growing risk, he warned that companies should never assume the first ‘loss’ is a coincidence, and should be careful to use the right people to evaluate risk. It is vital to listen to your staff, he added, and to thoroughly investigate all avenues relating to a breach.
“Best practices are no guarantee of safety – but they should not be ignored because we are living in an age of litigation and remediation,” he said.
