Hackers 'are no longer winning', says KPMG cyber chief

Despite progress over the past two years, a wealth of threats still plague both the public and private sectors

Hacker in the shadows

Hackers are 'no longer winning the cyber crime war' following years of public and private investment and cross-industry collaboration, according to KPMG's global head of cyber futures David Ferbrache.

The nation's cyber resilience against hackers has improved over the past two years, with joint operations between law enforcement and the private sector frustrating opportunities for criminals to profit from cyber crime.

Speaking at a London technology forum on Thursday, Ferbrache said: "I'm not sure they quite are [winning the war], curiously... I would have given you a different answer two years ago."

"The takedown operations by law enforcement in conjunction with tech firms, telecoms, financial services are getting better, faster and more disruptive in terms of some of the things that the dark web sites use for trading information," he said.

He also said that active defence measures taken by the National Cyber Security Centre, that are being used to protect the wider population who cannot be expected to implement advanced cyber security protocols, are also very effective at keeping the bad guys at bay.

It's also becoming increasingly difficult to hack modern systems, something he observed during his time as red team exercise leader at the professional services firm, he explained.

"It's actually getting harder to break into well-configured systems than it used to be. I used to run the red team penetration testing for KPMG as well and our job was getting harder."

He added it's the systems that aren't well-configured that worry him the most, such as easily discoverable routers left with their default passwords unchanged.

Echoing the tone of the Westminster eForum discussion around the UK's cyber security capabilities, Fiona Boyd, head of cyber security operations at Fujitsu EMEIA, described the fight against hackers as "a constant war of attrition".

Boyd cited figures from the Student Loans Company, which in 2015 reported three cyber attacks on the business. A year later, that rose to 95, and in the fiscal year 17/18 that rose to 965,000.

Although Ferbrache said things are getting better, there was agreement on the panel that pervasive threats still threaten the cyber security of both the public and private sectors in the UK.

Smart malware

Jeremy Watson, professor of engineering systems at University College London (UCL), said that he was "excited" at the prospect of smarter, AI-powered cyber defence tools becoming available, but added AI-driven malware is already a threat.

"At UCL we've been looking at how AI can shape an attack system for industrial control systems and been able to show that it is possible to do that as well as to defend," said Watson. "So, if we can do that from an academic point of view then clearly people with malintent and the resources can do it in other ways."

Speakers added that 'secure by design' protocols should be implemented as soon as possible to help secure the growing internet of things (IoT) industry, which is set to explode as manufacturers capitalise on the demand for smarter devices.

This would include the creation of new business models to make securing IoT devices more attractive for manufacturers, according to Watson.

However, the panel warned that without legislation compelling manufacturers to bake security measures into the device as standard, it becomes a difficult task.

"If you look at the darker side of some security, it's like selling the absence of the negative - it isn't necessarily an easy sell," said Watson.

Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Recommended

HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
Mastering endpoint security implementation
Security

Mastering endpoint security implementation

16 Apr 2021
US, UK say Russia was behind SolarWinds hack
cyber attacks

US, UK say Russia was behind SolarWinds hack

16 Apr 2021
1Password targets enterprise customers with Secrets Automation
IT infrastructure

1Password targets enterprise customers with Secrets Automation

14 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
Roadmap 2021: What’s coming from 3CX
Advertisement Feature

Roadmap 2021: What’s coming from 3CX

30 Mar 2021