Hackers 'are no longer winning', says KPMG cyber chief

Despite progress over the past two years, a wealth of threats still plague both the public and private sectors

Hacker in the shadows

Hackers are 'no longer winning the cyber crime war' following years of public and private investment and cross-industry collaboration, according to KPMG's global head of cyber futures David Ferbrache.

The nation's cyber resilience against hackers has improved over the past two years, with joint operations between law enforcement and the private sector frustrating opportunities for criminals to profit from cyber crime.

Speaking at a London technology forum on Thursday, Ferbrache said: "I'm not sure they quite are [winning the war], curiously... I would have given you a different answer two years ago."

"The takedown operations by law enforcement in conjunction with tech firms, telecoms, financial services are getting better, faster and more disruptive in terms of some of the things that the dark web sites use for trading information," he said.

He also said that active defence measures taken by the National Cyber Security Centre, that are being used to protect the wider population who cannot be expected to implement advanced cyber security protocols, are also very effective at keeping the bad guys at bay.

It's also becoming increasingly difficult to hack modern systems, something he observed during his time as red team exercise leader at the professional services firm, he explained.

"It's actually getting harder to break into well-configured systems than it used to be. I used to run the red team penetration testing for KPMG as well and our job was getting harder."

He added it's the systems that aren't well-configured that worry him the most, such as easily discoverable routers left with their default passwords unchanged.

Echoing the tone of the Westminster eForum discussion around the UK's cyber security capabilities, Fiona Boyd, head of cyber security operations at Fujitsu EMEIA, described the fight against hackers as "a constant war of attrition".

Boyd cited figures from the Student Loans Company, which in 2015 reported three cyber attacks on the business. A year later, that rose to 95, and in the fiscal year 17/18 that rose to 965,000.

Although Ferbrache said things are getting better, there was agreement on the panel that pervasive threats still threaten the cyber security of both the public and private sectors in the UK.

Smart malware

Jeremy Watson, professor of engineering systems at University College London (UCL), said that he was "excited" at the prospect of smarter, AI-powered cyber defence tools becoming available, but added AI-driven malware is already a threat.

"At UCL we've been looking at how AI can shape an attack system for industrial control systems and been able to show that it is possible to do that as well as to defend," said Watson. "So, if we can do that from an academic point of view then clearly people with malintent and the resources can do it in other ways."

Speakers added that 'secure by design' protocols should be implemented as soon as possible to help secure the growing internet of things (IoT) industry, which is set to explode as manufacturers capitalise on the demand for smarter devices.

This would include the creation of new business models to make securing IoT devices more attractive for manufacturers, according to Watson.

However, the panel warned that without legislation compelling manufacturers to bake security measures into the device as standard, it becomes a difficult task.

"If you look at the darker side of some security, it's like selling the absence of the negative - it isn't necessarily an easy sell," said Watson.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

Google fixes zero-day flaw in Chrome and Chrome OS
bugs

Google fixes zero-day flaw in Chrome and Chrome OS

23 Oct 2020
Microsoft spearheads industry-wide charter against AI cyber attacks
Security

Microsoft spearheads industry-wide charter against AI cyber attacks

23 Oct 2020
Weekly threat roundup: Chrome, Citrix and WordPress
Security

Weekly threat roundup: Chrome, Citrix and WordPress

23 Oct 2020
IT services giant Sopra Steria falls victim to Ryuk ransomware
Security

IT services giant Sopra Steria falls victim to Ryuk ransomware

23 Oct 2020

Most Popular

Why you should prioritise privileged access management
Sponsored

Why you should prioritise privileged access management

9 Oct 2020
IT services giant Sopra Steria falls victim to Ryuk ransomware
Security

IT services giant Sopra Steria falls victim to Ryuk ransomware

23 Oct 2020
The enemy of security is complexity
Sponsored

The enemy of security is complexity

9 Oct 2020