Monday, 19 March 2012

Cyber Security Important to the UK

I attended "The Future of Cyber Security 2012" conference http://bit.ly/woU3Ed in London today, the range of topics was wide ranging from protecting mobiles, to the cyber economy, implementation of cyber security as well as the future of cyber security. When I got home there was interesting coincidence in that I found the BBC web site had an article on that UK is the ‘most internet-based major economy’ http://bbc.in/FPSugF based on a report by researchers at the Boston Consulting Group (BCG). The report claimed the "internet economy" was worth £121bn in 2010, more than £2,000 per person in the UK, they predict it will continue to expand at a rate of 11% per year for the next four years, reaching a total value of £221bn by 2016. The figures justify that cybercrime is big business, the money is in the internet and it is perceived as being easy to commit with a low chance of being caught and if you are the sentencing is lower than for a physical robbery, with highly skilled cybercriminals developing and distributing automated click and attack tools even the most basic IT literate person can go online and commit cybercrime.

As I said there were a good range of talks at the conference from all sectors of public, private and academic bodies, each talk complemented each other which the conference even better from an attendees point of view.

Cyber security is important to the UK as a substantial amount of business is conducted on the Internet as shown in the BCG report, but important to all countries. Stefan Tanase from Kaspersky alluded to the cybercrime economy maturing with organised crime planning exit strategies to escape from the illegal activities before they are caught. This very much like the organised crime expanding from criminal activities into legimate activities, the koobface gang has invested in nightclubs and other other ventures, although they have not been caught, due to being exposed they have stopped their activities. Although the risk of being caught is low, the longer they go on, the more likelihood of been caught. With cyber-criminal gangs stopping after a couple of years the investigation of cybercrime need to speed up.

Charlie McMurdie, head of PCeU gave facts and figures on the performance of the PCeU, it was given a £30million budget and told to target £504million of cybercrime, it has exceeded this in the first year of operation. This gives the indication of the scale of the crime although it is difficult to come up with a series of metrics that can be used to judge performance of security plans. If 100,000 credit card details are recovered and the potential for fraud is about £2k, it is not a simple case of multiplying out the factors as some of the credit card details would of already been cancelled and the actual value can be considerable less. However the police are making inroads into targetting the more important players rather than the foot soldiers of the gangs, taking the example of hactivism with the activities of Anonymous, the several hundred thousand of people who download the tools and took part either directly or be handing remote control of their PC over to Anonymous although identifiable and could be arrested to get some high figures of arrest it is those who developed and controlled the tools that are being targeted. AN interesting fact is that the majority of people in the UK who download the tools did on their work PC's a fact that should make public and private sector organisations sit up and reflect on the implications to their security policies.

If you were involved in cyber security in the 1990's you would of seen Malware development move from a couple of new virus per day through to the current 9 new variants per second being detected by Secunia as told by Stefan Frei. Additionally it has moved from some of the Malware being annoying but not dangerous with the screen being flipped upside down to virtual all Malware today aimed at making money with passwords and identity credentials being targeted as reported by Jeremy Spencer from Orange, if they can’t steal money from your machine, your machine becomes a resource they can sell as part of a botnet.

There were discussions on where criminal activity will be heading in the future as cyber security needs to keep up with and developing counter techniques to ensure the security of devices, protecting intellectual property as well as identity and money

A good portion of the talk was about protecting mobile devices and the trend of BYOD within organisations. Orange used the conference to launch their new product "Secure Mobility" which is combining the Orange VPN service with Mobile Iron's solution to form an end to end security platform with remote management of corporate activities. I won't go into this in detail as I'm sure Orange will be pushing the details out to corporate users.

No comments:

Post a Comment