This week, Foreign Secretary William Hague revealed that “not an hour goes by when a system in the UK is not being attacked”, and not only do the hackers attempt to steal state or trade secrets, but also aim to disrupt infrastructure, communications and satellite systems.
Hague further commented that the daily attacks show evidence of being deliberate, organised attacks against government networks in the UK from ‘foreign actors’ which could undermine the UK’s security and economic competitiveness.
There is no shortage of examples of how cyber attacks can lead to loss of sensitive information and financial repercussions for government organisations. However, as the cyber threat becomes ever more frequent and sophisticated, the potential to compromise critical systems and cause real world damage grows – and notorious viruses such as Stuxnet and Flame have highlighted the cascading effect that an attack can have on other infrastructure sectors.
What’s more, as our world becomes increasingly connected – with the internet controlling most aspects of daily life from telephone systems, to traffic systems to cash machines and other infrastructure – vulnerabilities increase and urgent steps must be taken to ensure that security procedures are aligned.
It is unfortunate that most cyber security policies – whether government-led or within private enterprise – focus on catching and punishing cybercriminals as opposed to preventing computer crime. The scale and nature of today’s cyber threat as described by William Hague calls for continuous, protective monitoring of IT networks to ensure that even the smallest intrusion or anomaly can be detected before it becomes a bigger problem for all – after all, you can only defend against that which you can see.
In the meantime, traditional point security tools, such as anti-virus software and firewalls, continue on their downward spiral, repeatedly proving their various limitations. Furthermore, having centralised systems in place that can collect and analyse – but, most importantly of all, add context to data as and when it is generated – means that organisations can take advantage of the mass of data accrued. This consequently gives them invaluable intelligence offered by Big Data security analytics.
The other issue to consider is that – even once a cyber breach has been remediated and any potential damage minimised – there often remains an enormous amount of uncertainty surrounding the origins of the attack. Without confirmation of the source of attacks, inaccurate finger-pointing can and often does occur – and when this happens between nation states, already-tense diplomatic conflicts can be inflamed.
As such, further forensic analysis of the breach is often required, which traditional point security solutions do not provide. A holistic IT security strategy focusing on the continuous monitoring of IT networks provides the network visibility required to piece together seemingly isolated events, giving organisations the intelligent insight needed for deep forensic analysis. Only with this deep level of network visibility can cyber attacks be mitigated and accurately attributed to the correct perpetrators.