Infosec 2015: Power, money and propaganda are main aims of cyberattacks, says GCHQ chief
Spook avoids talk of Snooper’s Charter
GCHQ's cyber security chief warned that the nation's businesses are at risk of being attacked by criminals and terrorists whose main motivations are money, power and propaganda.
Giving a keynote speech at the Infosec conference held in London this week, the intelligence agency's Director General for Cyber Security, Ciaran Martin, said that organisations should take their lead from GCHQ and render them as "irrelevant as possible".
He said that in the last 10 years, the security industry has moved from talking about "what might happen" to what is now happening on a daily basis". He told delegates that it had fallen to the agency to be the UK's "top scarer". He explained that the three main motives in cyber-attacks were money, power and propaganda - particularly as intellectual property and corporate reputation gain increasing importance to organisations.
"We're genuinely surprised at the variety of UK organisations that can been subject to intrusion," he said. He urged firms to think about what would make them "attractive as a target" to criminals as a good way of approaching IT security.
Martin said that organisations faced too many incidents to be concerned about "stopping attacks everywhere" and now the main aim in IT security was to protect "what you care about most".
But the UK market, despite increased awareness of attacks, displayed a "relative immaturity of norms and practices", even in supposedly secure institutions, said Martin. He hoped that new GCHQ standards would prevent the sorts of attacks that wiped bank drives in Asia and affected a Saudi Arabian oil firm in 2012.
Martin distanced his agency from the controversial allegations that it conducted mass surveillance of British citizens and said that GCHQ's powers were "strictly circumscribed" and "needed clear justifications as laid down by parliament".
When questioned on the upcoming Investigatory Powers Bill, or 'Snooper's Charter', that the government plans to enact, Martin refused to give an answer but added that the agency's roles only worked "because we have an intelligence capability".
"If we want to protect the UK from the darkest reaches of cyberspace, we have to know how it all works."
Defeating ransomware with unified security from WatchGuard
How SMBs can defend against the onslaught of ransomware attacksFree download
The IT expert’s guide to AI and content management
How artificial intelligence and machine learning could be critical to your businessFree download
The path to CX excellence
Four stages to thrive in the experience economyFree download
Becoming an experience-based business
Your blueprint for a strong digital foundationFree download