In-depth

Talking to the spooks about cyber security

Inside the enterprise: Government agency GCHQ is the latest to lend its weight to a cyber security campaign.

Spooks!

The dangers to businesses of a cyber attack are all too real. Cybercrime is no longer just about teenage hacking, but a well-organised activity focused on financial gain.

For a large quoted company, the damage caused by an advanced attack can cost more than 100m, and wipe 12 per cent of its stock market value, according to figures from management consultants PA Consulting Group.

Advertisement - Article continues below

A separate study by Norton, a division of security software company Symantec, puts the worldwide cost of cybercrime at US$110bn (70bn), if malware and phishing attacks are taken into account.

Against this backdrop, governments worldwide are scrambling to boost their cybercrime and cyber attack defences.

In the UK, the 2010 Strategic Defence Review increased resources for fighting cyber warfare, and defending against cyber attacks is now considered as important as military programmes.

But governments are also starting to look more deeply at how cyber attacks and cybercrime can affect business. Protecting government and military assets is no longer enough. Critical national infrastructure such as power grids and transportation are in private hands. And attacks that create disruption to a large company, are bound to disrupt the wider economy.

So this week, the Department of Business, Innovation and Skills teamed up with the Government's electronic intelligence agency, GCHQ, to provide new guidance to business about defending themselves from cyber attacks.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

National cyber security agencies, or CERTS, have issued guidance to businesses before. But GCHQ, through its information security arm CESG, is specifically targeting senior executives and boards.

The new advice will help companies identify their critical information assets and to understand the risks they face, at both a technical and financial level.

The agency will also issue an "Executive Companion" that will look at risk management and corporate governance, and a third briefing, covering 10 critical areas of cyber protection and prevention and deterrence of attacks.

The Government hopes the guidance will convince boards to take cybercrime and cyber threats more seriously, and will improve co-operation, both between Government and business, and between businesses themselves.

This makes sense, because when it comes to critical national infrastructure and economic assets, businesses and the public sector are interlinked: an attack on one sector is increasingly likely to damage the others.

Whether guidance from GCHQ or even a prospect of a friendly chat over tea and biscuits with the spooks will be enough to convince boards to act remains an open question. IT departments have been warning about the cyber attack risk for years, but not all boards take the threat seriously.

Advertisement - Article continues below

"The scale of the risk deserves to be managed at board level within companies, yet typically it isn't - or not at least until after a major attack has been discovered, when the cost of resolving the problem becomes much greater than it would have been had adequate protection measures been in place," warned Ed Savage, a security expert at PA Consulting.

"Taking proactive action is a better strategy than battening down the hatches and hoping to avoid it." But that, of course, means spending money.

Stephen Pritchard is a contributing editor at IT Pro

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/security/ethical-hacking/355860/developer-scores-100000-bounty-from-apple-for-exposing-a-critical
ethical hacking

Developer scores $100,000 bounty from Apple for exposing a critical vulnerability

1 Jun 2020
Visit/security/hacking/355854/hackers-wreaking-havoc-on-googles-cloud-infrastructure
hacking

Hackers are wreaking havoc on Google’s Cloud infrastructure

1 Jun 2020
Visit/security/encryption/355820/k2view-innovates-in-data-management-with-new-encryption-patent
encryption

K2View innovates in data management with new encryption patent

28 May 2020
Visit/security/phishing/355810/zloader-malware-returns-as-a-coronavirus-phishing-scam
phishing

ZLoader malware returns as a coronavirus phishing scam

27 May 2020

Most Popular

Visit/server-storage/network-attached-storage-nas/355849/western-digital-sneaked-inferior-smr-tech-into
network attached storage (NAS)

Western Digital accused of sneaking inferior SMR tech into NAS drives

1 Jun 2020
Visit/security/data-breaches/355777/easyjet-faces-class-action-lawsuit-over-data-breach
data breaches

EasyJet faces class-action lawsuit over data breach

26 May 2020
Visit/operating-systems/microsoft-windows/355812/microsoft-warns-against-installing-windows-10-may-2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020