Hackers 'are no longer winning', says KPMG cyber chief

Despite progress over the past two years, a wealth of threats still plague both the public and private sectors

Hacker in the shadows

Hackers are 'no longer winning the cyber crime war' following years of public and private investment and cross-industry collaboration, according to KPMG's global head of cyber futures David Ferbrache.

The nation's cyber resilience against hackers has improved over the past two years, with joint operations between law enforcement and the private sector frustrating opportunities for criminals to profit from cyber crime.

Speaking at a London technology forum on Thursday, Ferbrache said: "I'm not sure they quite are [winning the war], curiously... I would have given you a different answer two years ago."

"The takedown operations by law enforcement in conjunction with tech firms, telecoms, financial services are getting better, faster and more disruptive in terms of some of the things that the dark web sites use for trading information," he said.

He also said that active defence measures taken by the National Cyber Security Centre, that are being used to protect the wider population who cannot be expected to implement advanced cyber security protocols, are also very effective at keeping the bad guys at bay.

It's also becoming increasingly difficult to hack modern systems, something he observed during his time as red team exercise leader at the professional services firm, he explained.

"It's actually getting harder to break into well-configured systems than it used to be. I used to run the red team penetration testing for KPMG as well and our job was getting harder."

He added it's the systems that aren't well-configured that worry him the most, such as easily discoverable routers left with their default passwords unchanged.

Echoing the tone of the Westminster eForum discussion around the UK's cyber security capabilities, Fiona Boyd, head of cyber security operations at Fujitsu EMEIA, described the fight against hackers as "a constant war of attrition".

Boyd cited figures from the Student Loans Company, which in 2015 reported three cyber attacks on the business. A year later, that rose to 95, and in the fiscal year 17/18 that rose to 965,000.

Although Ferbrache said things are getting better, there was agreement on the panel that pervasive threats still threaten the cyber security of both the public and private sectors in the UK.

Smart malware

Jeremy Watson, professor of engineering systems at University College London (UCL), said that he was "excited" at the prospect of smarter, AI-powered cyber defence tools becoming available, but added AI-driven malware is already a threat.

"At UCL we've been looking at how AI can shape an attack system for industrial control systems and been able to show that it is possible to do that as well as to defend," said Watson. "So, if we can do that from an academic point of view then clearly people with malintent and the resources can do it in other ways."

Speakers added that 'secure by design' protocols should be implemented as soon as possible to help secure the growing internet of things (IoT) industry, which is set to explode as manufacturers capitalise on the demand for smarter devices.

This would include the creation of new business models to make securing IoT devices more attractive for manufacturers, according to Watson.

However, the panel warned that without legislation compelling manufacturers to bake security measures into the device as standard, it becomes a difficult task.

"If you look at the darker side of some security, it's like selling the absence of the negative - it isn't necessarily an easy sell," said Watson.

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now

Recommended

Russia hacked Liam Fox's personal email to steal trade documents
phishing

Russia hacked Liam Fox's personal email to steal trade documents

4 Aug 2020
British teenager charged over Twitter hack
hacking

British teenager charged over Twitter hack

3 Aug 2020
Mid-year report says vulnerabilities up 22% in 2020
hacking

Mid-year report says vulnerabilities up 22% in 2020

30 Jul 2020
BlackRock banking Trojan targets Android apps
trojans

BlackRock banking Trojan targets Android apps

27 Jul 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do I fix the Windows 10 Start Menu if it's frozen?
operating systems

How do I fix the Windows 10 Start Menu if it's frozen?

3 Aug 2020