A game of cyber tug o’ war
We are in imminent danger of a possible state-sponsored cyber-attack. The threat is real and the UK and US armies of desktop warriors is working with top sectors at risk to prepare for such events.
At a briefing at the London Stock Exchange, Sir David Omand, former director of GCHQ, said that if sanctions against Russia were to continue and become more severe then we should expect future attacks on the City.
He noted that there could already be some Trojans in place – from any number of groups from any number of countries – sitting dormant ready to cause some cyber damage when the time is right.
There is a high potential for offensive state-sponsored cyber operations against financial institutions right now and the sector needs to be prepared to deal with not only the prevention but also the aftermath of such breaches.
Reports have suggested that a well-known Russian state sponsored group called APT28 could be preparing for attacks against banks internationally.
Omand pointed out that while there is a need for military intervention, in some cases companies should be able to be responsible for cyber security themselves.
Having said that, he noted that only a quarter of UK CEOs have said that they are confident that their companies could handle a serious cyberattack. Which isn’t ideal.
Here’s a quick breakdown of the current stats on the frequency of cyber-attacks (yes you will be surprised):
- 43% of US companies have experience a cyber-breach
- 81% of large UK organisations have had the same experience
- 60% of small UK companies have been attacked
- The average cost of a cyber-attack to a US company is around $20 million
- UK breaches are thought to have a lower cost impact, for now.
It is quite a feat to be able to stay one step ahead of hackers and cyber criminals. Especially as a quick trip into the dark (or deep) web can provide all the tools that you need to cause some serious damage.
So who is fighting these cyber wars?
While the UK has 77th Brigade, the US DoD is still in the midst of putting together a Cyber mission force which should be completed by the end of the 2016 fiscal year.
The mission force will consist of 6,200 personnel who will be tasked with defending critical cyber infrastructure and the DoD’s own networks. This force will be ready for operations at the end of the 2016 fiscal year.
Also speaking at the London Stock Exchange, Adm Michael Rogers, commander of US Cyber Command, said that the US has identified 16 sectors which, if affected by a cyber-breach, would have a significant effect on national security. The financial sector being one of the top ones in that 16.
The admiral added that companies should assume that they will be penetrated at some point. It’s a case of when not if.
As much as the military is able to assist in protecting against such attacks, companies and institutions need to be ready to deal with the aftermath of these events too.