In-depth

Talking to the spooks about cyber security

Inside the enterprise: Government agency GCHQ is the latest to lend its weight to a cyber security campaign.

Spooks!

The dangers to businesses of a cyber attack are all too real. Cybercrime is no longer just about teenage hacking, but a well-organised activity focused on financial gain.

For a large quoted company, the damage caused by an advanced attack can cost more than 100m, and wipe 12 per cent of its stock market value, according to figures from management consultants PA Consulting Group.

A separate study by Norton, a division of security software company Symantec, puts the worldwide cost of cybercrime at US$110bn (70bn), if malware and phishing attacks are taken into account.

Against this backdrop, governments worldwide are scrambling to boost their cybercrime and cyber attack defences.

In the UK, the 2010 Strategic Defence Review increased resources for fighting cyber warfare, and defending against cyber attacks is now considered as important as military programmes.

But governments are also starting to look more deeply at how cyber attacks and cybercrime can affect business. Protecting government and military assets is no longer enough. Critical national infrastructure such as power grids and transportation are in private hands. And attacks that create disruption to a large company, are bound to disrupt the wider economy.

So this week, the Department of Business, Innovation and Skills teamed up with the Government's electronic intelligence agency, GCHQ, to provide new guidance to business about defending themselves from cyber attacks.

National cyber security agencies, or CERTS, have issued guidance to businesses before. But GCHQ, through its information security arm CESG, is specifically targeting senior executives and boards.

The new advice will help companies identify their critical information assets and to understand the risks they face, at both a technical and financial level.

The agency will also issue an "Executive Companion" that will look at risk management and corporate governance, and a third briefing, covering 10 critical areas of cyber protection and prevention and deterrence of attacks.

The Government hopes the guidance will convince boards to take cybercrime and cyber threats more seriously, and will improve co-operation, both between Government and business, and between businesses themselves.

This makes sense, because when it comes to critical national infrastructure and economic assets, businesses and the public sector are interlinked: an attack on one sector is increasingly likely to damage the others.

Whether guidance from GCHQ or even a prospect of a friendly chat over tea and biscuits with the spooks will be enough to convince boards to act remains an open question. IT departments have been warning about the cyber attack risk for years, but not all boards take the threat seriously.

"The scale of the risk deserves to be managed at board level within companies, yet typically it isn't - or not at least until after a major attack has been discovered, when the cost of resolving the problem becomes much greater than it would have been had adequate protection measures been in place," warned Ed Savage, a security expert at PA Consulting.

"Taking proactive action is a better strategy than battening down the hatches and hoping to avoid it." But that, of course, means spending money.

Stephen Pritchard is a contributing editor at IT Pro

Featured Resources

Unleashing the power of AI initiatives with the right infrastructure

What key infrastructure requirements are needed to implement AI effectively?

Download now

Achieve today. Plan tomorrow. Making the hybrid multi-cloud journey

A Veritas webinar on implementing a hybrid multi-cloud strategy

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

The workers' experience report

How technology can spark motivation, enhance productivity and strengthen security

Download now

Recommended

What is e-safety?
e safety

What is e-safety?

27 Jan 2021
Your essential guide to internet security
Security

Your essential guide to internet security

27 Jan 2021
Mimecast links breach to SolarWinds hackers
Security

Mimecast links breach to SolarWinds hackers

27 Jan 2021
TikTok vulnerability exposed private user data
data protection

TikTok vulnerability exposed private user data

26 Jan 2021

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
Hackers are actively exploiting three Apple iOS flaws
exploits

Hackers are actively exploiting three Apple iOS flaws

27 Jan 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

26 Jan 2021