GCHQ Director Iain Lobban today stated that sensitive government data, including defence, technology and engineering firms' designs, has been the target of a ‘disturbing’ number of cyber attacks. Foreign Secretary William Hague also revealed that intellectual property theft is constantly being attempted by cyber thieves – with efforts to steal British ideas and designs in the IT, technology, defence, engineering and energy sectors, amongst other industries “representing an attack on the UK's continued economic wellbeing."
Ross Brewer, vice president and managing director for international markets, LogRhythm, has made the following comments:
“While the government says it ranks cyber security as a top priority, it is worrying that Chatham House believes there is a reluctance to share information with private companies. Key services are increasingly outsourced to the private sector with large proportions of critical national infrastructure under private ownership. While international co-ordination on cyber crime is important, it is vital the government extends this approach to its private sector partners as the Advanced Persistent Threats (APTs) used by attackers to steal data specifically seek out the weak links in any system in order to penetrate networks.
“Chatham House has criticised these companies for accepting high levels of risk and repeated high profile incidents have shown that public sector organisations are no strangers to data breach. Securing critical national infrastructure, and the intellectual property that generates so much revenue for the UK economy, depends on a change in the way we view the cyber threat. Attacks are going to increase in volume and sophistication, and there will always be some that successfully penetrate systems. Traditional perimeter security solutions will always be a key part of security strategy but it is now far more important that organisations have systems in place that can detect anomalies as they occur so that they can be responded to immediately.
“The clues required to do this exist in the millions of pieces of log data that are generated by IT systems every day. All organisations now require systems to be in place that can both collect and analyse 100 percent of logs in real time – only this approach can provide the traceability needed to identify patterns in seemingly unrelated incidents. GCHQ already has its Good Practice Guide no.13 (GPG 13) in place that recommends this kind of ongoing Protective Monitoring to public sector bodies. The private sector would be well advised to take a look at the GPG 13 requirements to see how they could be integrated into their own data management and security strategies.”
Recent LogRhythm research* found that the UK public is increasingly dissatisfied with repeated data breaches befalling both public and private sector organisations. 80 percent of respondents stated that they have reservations trusting organisations to keep their data safe from hackers. 26 percent of respondents were adamant they would never have anything to do with organisations which had lost data as a result of cyber crime while 61 percent stated they would try to avoid interacting with these organisations if at all possible. Just 13 percent stated their attitude to a brand would be unaffected by a data loss incident.
* 2,000 respondents, conducted for LogRhythm by OnePoll, October 2011. An infographic showing the full survey results can be found here: http://www.logrhythm.com/Portals/0/resources/LogRhythm-infographic.pdf