The UK Government's Home Affairs Select Committee has warned that the authorities must do more to stop online fraud and deter state-sponsored cyber-espionage or risk losing the fight against e-crime.
Arbor Networks believes that it is right to do more as the advantages of the scale of IT to businesses provides the same advantages to those operating on the other side of the law.
Darren Anstee, Solutions Architect Global Team Lead for Arbor Networks. commented: “The frequency and complexity of cyber threats continues to escalate. However, although attacks themselves have become more complex - the technical know-how required to carry them out has in some cases fallen. Readily available botnets-for-hire, malware toolkits and other services which now exist to facilitate cyber-crime have made it much easier for criminals to exploit the opportunities the Internet provides. Looking purely at Distributed Denial of Service (DDoS) attacks, one type of cyber-threat, our research indicates that attacks are growing in size - average size is up 43% so far this year - and large attacks, capable of saturating the Internet connectivity of even large organisations, are becoming increasingly common. We have already tracked more than double the number of attacks over 20Gbps that we monitored in the whole of 2012.
“The Home Affairs Select Committee’s warnings should be heeded. The Internet has provided many businesses and our broader economy with significant growth opportunity - unfortunately criminals can also exploit this opportunity. Any organisation operating online in the UK is a potential target, and it was recently reported by the GCHQ that the UK faces at least 70 sophisticated cyber-attacks a month. To stay on top of this authorities in the UK must look to develop a cohesive strategy for dealing with cyber-crime.”
The groups behind cyber attacks are continually finding new and more inventive ways to attack businesses, according to Barracuda Networks, whose VP of product management in Europe and IT security pioneer Klaus Gheri said: “The growing threat of Internet crime is not specific to the UK. It is the same everywhere. Law agencies are ill equipped to protect against cyber warfare. Social media sites have become a regular hunting ground for cyber-espionage attacks and an easy way for cyber criminals to launch targeted attacks against businesses.
“The government has the biggest responsibility here. It needs to pass legislation for all businesses to have a prescribed minimal amount of cyber security. There should also be an obligation for businesses to report any hacks and data loss.
“In the meantime, businesses need to wake up and recognise that they are at risk of an attack. It is imperative that they set dedicated budget aside to address the organisation’s cyber security.
“The right technology such as Next Generation Firewalls (NG Firewalls) and Web Application Firewalls (WAFs) are there for businesses to control what enters their network and applications. This, combined with staff awareness training should be a no-brainer for all organisations.”
Adapt's response to the MP report on e-crime is to ask how UK companies can beat low level crime on their own. Much low-level internet based financial crime has been falling into a 'black hole' and not reported to the police. If fraudsters can get away with activity like this, how can UK companies act against them?
James Carnie, head of solutions architecture at Adapt explained: "With security concerns high on the agenda of any customer making transactions online or giving out personal information, the protection of this data has become a key part of every UK company's customer service offering. The report highlights something that these companies have been concerned about for some time: that customer data is potentially at risk from low level, unpenalised crimes. It's therefore up to the UK companies themselves to act fast and combat potential threats on their own. However, MSPs can help protect UK businesses from low-level crime, with access to high quality, highly secure, controlled and accredited data centres to host their data. This helps to prevent form the opportunistic low level crime where the data is physically stolen (server, disk, etc) or electronically stolen (USB stick). Turning to a service provider that has strong security credentials can significantly reduce risk, giving the company monitoring tools and a dedicated team of experts to monitor any new threats to customer data.”