In-depth

Talking to the spooks about cyber security

Inside the enterprise: Government agency GCHQ is the latest to lend its weight to a cyber security campaign.

Spooks!

The dangers to businesses of a cyber attack are all too real. Cybercrime is no longer just about teenage hacking, but a well-organised activity focused on financial gain.

For a large quoted company, the damage caused by an advanced attack can cost more than 100m, and wipe 12 per cent of its stock market value, according to figures from management consultants PA Consulting Group.

A separate study by Norton, a division of security software company Symantec, puts the worldwide cost of cybercrime at US$110bn (70bn), if malware and phishing attacks are taken into account.

Against this backdrop, governments worldwide are scrambling to boost their cybercrime and cyber attack defences.

In the UK, the 2010 Strategic Defence Review increased resources for fighting cyber warfare, and defending against cyber attacks is now considered as important as military programmes.

But governments are also starting to look more deeply at how cyber attacks and cybercrime can affect business. Protecting government and military assets is no longer enough. Critical national infrastructure such as power grids and transportation are in private hands. And attacks that create disruption to a large company, are bound to disrupt the wider economy.

So this week, the Department of Business, Innovation and Skills teamed up with the Government's electronic intelligence agency, GCHQ, to provide new guidance to business about defending themselves from cyber attacks.

National cyber security agencies, or CERTS, have issued guidance to businesses before. But GCHQ, through its information security arm CESG, is specifically targeting senior executives and boards.

The new advice will help companies identify their critical information assets and to understand the risks they face, at both a technical and financial level.

The agency will also issue an "Executive Companion" that will look at risk management and corporate governance, and a third briefing, covering 10 critical areas of cyber protection and prevention and deterrence of attacks.

The Government hopes the guidance will convince boards to take cybercrime and cyber threats more seriously, and will improve co-operation, both between Government and business, and between businesses themselves.

This makes sense, because when it comes to critical national infrastructure and economic assets, businesses and the public sector are interlinked: an attack on one sector is increasingly likely to damage the others.

Whether guidance from GCHQ or even a prospect of a friendly chat over tea and biscuits with the spooks will be enough to convince boards to act remains an open question. IT departments have been warning about the cyber attack risk for years, but not all boards take the threat seriously.

"The scale of the risk deserves to be managed at board level within companies, yet typically it isn't - or not at least until after a major attack has been discovered, when the cost of resolving the problem becomes much greater than it would have been had adequate protection measures been in place," warned Ed Savage, a security expert at PA Consulting.

"Taking proactive action is a better strategy than battening down the hatches and hoping to avoid it." But that, of course, means spending money.

Stephen Pritchard is a contributing editor at IT Pro

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Marsh McLennan reveals its cyber risk analytics center
risk management

Marsh McLennan reveals its cyber risk analytics center

15 Oct 2021
Justice Department unveils civil cyber fraud initiative to battle online crime
cyber attacks

Justice Department unveils civil cyber fraud initiative to battle online crime

7 Oct 2021
Senator to introduce new bill to force ransomware payment disclosures
ransomware

Senator to introduce new bill to force ransomware payment disclosures

6 Oct 2021
The best defence against ransomware
Whitepaper

The best defence against ransomware

1 Oct 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021
Veritas Backup Exec 21.3 review: Covers every angle
backup software

Veritas Backup Exec 21.3 review: Covers every angle

14 Oct 2021