In relation to the news that William Hague is talking about global cybercrime at a conference in Brussels where he will tell delegates that cybercrime is one of the greatest global and strategic challenges of our time and that the UK is determined to be viewed as the world leader in cyber security, with it recently spending £2 million setting up a cyber-crime centre, Darren Anstee, solutions architect team lead at Arbor Networks, has the following comments:
* The government seems to have awakened to the threat of cyber-crime but could you say the same for UK businesses?
In UK businesses the level of awareness of cyber threats is very mixed. Some organisations are well aware of what is going on out there, how they might be targeted, where their risks lie and what mitigation strategies are available to them – others aren’t. In general larger organisations, and especially those in markets which have been targeted before e.g. Banking / financial services, now look at cyber threats as a business risk and put strategies, solutions and services in place as needed. Organisations which have not done this are placing themselves at risk of significant impact should the worst happen, as in many cases we are now dependent on the Internet and other IT systems to offer our services, sell products, process transactions or access cloud based data and applications. The mainstream press coverage of cyber threats, and the speed at which they are evolving, is helping to educate the broader audience.
* Do you have any thoughts on the 24-hour helplines Hague mentions? Are these common? Or do you only get access with big purchases? Also, does the fact that there are hacker hotlines highlight exactly how big a business cyber-crime actually is?
As we all know botnets are now being run professionally, as money making businesses, this has been the case for a while. The commercial focus of these organisations has, to some extent, contributed to the ever increasing capabilities being engineered into the malware that is out there. Numerous DDoS ‘services’ now exist and can be hired for relatively small sums – as little as $40 per day and between $300-900 per month dependent on size of the botnet involved and its’ capabilities. Many of these services also offer 24 x 7 support, and some even offer a ‘free trial’ period so that their effectiveness against a target can be assessed before any payment is made. These services even advertise in some cases, as has been seen with Gwapo’s professional DDoS service and their YouTube videos. This commercialisation of DDoS has made this particular type of cyber threat accessible to virtually anyone, and we have now seen DDoS being used as a competitive weapon between relatively small, Internet based organisations.