The world is faster, and more connected, than ever before: that pace and those networks just keep growing.
As individuals, businesses and societies we are now linked in ways that would have been unimaginable just a couple of decades ago, and through these links we are sharing huge amounts of information.
We are living in a knowledge economy where information has become incredibly valuable, whether that is commercial information that would enable a competitor to overtake us in the market, or personal data that is exchanged and exploited by criminals for financial gain.
If you recognise the value of information, then it’s time to take cyber security seriously.
Smartphones are the perfect example of the phenomenal expansion in computing power experienced in the last five decades.
Apple’s latest high-end offering, the 5s, includes 64-bit technology, providing yet more proof that Moore’s Law is alive and kicking even faster than predicted.
The amazing progress of technology has had a huge impact on society and, in particular, our connectivity. In any one day on the internet, 144,000 hours of video are posted on YouTube, 1bn files are uploaded to Dropbox and 200m active twitter users send 400m tweets.
As individuals, we’ve come to rely on instant access to our social networks and a forever-growing wealth of information at the tap of a finger: 65% of people in the UK would give up alcohol for a year to maintain their broadband connection, 76% would give up chocolate and 78% would give up coffee.
However, the more information we share, the more we open ourselves up to threats. Fraud cost the UK over £73bn in 2012 and the UK is the worst place in world for identity fraud: almost one quarter of UK residents have been a victim.
Organised criminal gangs increasingly use social networks and social engineering to carry out cyber crime. For example, with information gleaned from social networks, criminals can tailor spear-phishing email attacks, making the target much more likely to fall for their bait.
Do you tell twitter when it’s your birthday? Can I work out your mother’s maiden name from your Facebook Family Tree? Cyber criminals follow wider trends, and so the more we use social networks and share information, the more this habit will be used against us.
This is why the World Economic Forum has stated that “personal data is the new oil of the internet and the new currency of the digital world”.
Of course, it is not just personal information that is at risk: the internet has also changed the way we buy and sell goods and services, and how we do business in general, making the private sector incredibly vulnerable in cyber space.
The internet helps facilitate $10tn in online transactions every year, and the internet-related market in the UK is now estimated to be worth £82bn a year, with British businesses earning £1 in every £5 from the internet.
The huge value of the internet to business provides opportunities for criminals, as well as competitors, rogue states and other malicious actors. Undoubtedly, your business will store and share information on a daily basis that would be extremely valuable to others. Competitors and criminals are particularly interested in:
- Personal data (employees and customers).
- Bid information.
- Financial data.
- Strategies, plans and forecasts.
It is imperative that organisations secure their personnel and physical defences, as well as their technical ones, as highlighted by the recent £1.3m attack on Barclays Bank in which a member of a criminal gang successfully posed as an IT engineer to plant a malicious device on one of the bank’s computers, which the gang then used to remotely access other machines and transfer money between accounts.
It is crucial that staff members are trained in the need to value and protect information, and that measures are put in place to protect against malicious insiders. With the proliferation of USB sticks and bring-your-own-device, combined with a lack of cyber security training in so many companies, it is perhaps no surprise that most cyber breaches are the result of human error (although it is also worth noting that the most costly breaches are carried out by malicious insiders).
The figures are staggering: 93% of large corporations and 76% of small businesses reported a cyber security breach in the past year and the cost of a breach is estimated to be between £110,000 to £250,000 for large businesses and £15,000 to £30,000 for smaller ones.
These financial costs, of course, do not include the huge reputational damage caused by your business hitting the headlines for failing to protect one of its most vital assets, information.
Cyber attacks can come from anywhere, as the Barclays case shows, but social networks and highly sophisticated spear-phishing emails are increasingly being used.
If an attacker can gain the trust of their target, just for as long as it takes to click a link, then a huge amount of information, and money, is at stake.
For example, when Coca-Cola was in talks with China’s largest soft drinks manufacturer, China Huiyuan Juice Group, the Deputy-President of Coca-Cola’s Pacific Group, Paul Etchells, gave little thought to a link he clicked in an email which he had seemingly received from his company’s CEO.
Unfortunately for Coca-Cola, the email was malicious: it had not come from the CEO and the link was loaded with malware, which enabled the attackers to access emails and steal passwords to set themselves up as administrators on Coca-Cola’s network, and therefore become privvy to an awful lot of very sensitive information. Coca-Cola’s $2.4bn acquisition of China Huiyuan Juice Group quickly fell apart, and the attack was subsequently blamed on state-backed Chinese attackers.
Over ten years ago, the internationally-renowned security technologist Bruce Schneier said “only amateurs attack machines; professionals target people”. This has not changed in the last decade, and the attacks have become more sophisticated the more we share.
As individuals and businesses we put a lot of information out there: be careful with it.