If we are to believe the popular media's take on the world of cyber attacks you would be forgiven for thinking two things: firstly, that it's an issue that only affects multinationals, major household brands or national states; and second that these attacks are mostly carried out by young teenagers intent on defacing or bringing down popular websites either for their own political agendas or simply their own amusement. But is this all there is to it and where does that leave the smaller players - the SMEs, the self employed or even the home internet users?
To start at the top of the tree, it is certainly true that many of the widely reported cyber-attacks on major businesses and well-known websites originate from so called DDoS attacks where the perpetrators which include young hactivist groups are able to take over a huge number of computers and use them to attack a particular site. Whilst obviously harmful from a commercial reputation point of view, for large corporations or even governments hit by such an attack the problem can be overcome in a matter of days, if not hours, and generally, without the loss of important data. The long term implications are limited.
More of a concern for those on the frontline are the less reported but more sophisticated examples of cyber espionage, increasingly committed through what are known as ATP (Advanced Persistent Threat) attacks. These usually involve some form of sneaky social engineering such as a seemingly harmless email or USB stick. When these are opened or inserted into a PC or laptop, they release nasty pieces of code that head straight for vulnerable computer programmes on the IT system, taking control of them or siphoning of valuable data to be sold online.
Concerns over this type of attack are rising, a trend borne out by surveys of those on the front line. Earlier in the year we at (ISC)2 surveyed over 12,000 information security professionals from around the world. When asked for their most pressing security concern the top answer was weaknesses in these internal software programmes. Many underpin national infrastructure such as water and electricity supplies; Others hold company's financial records, customer details and intellectual property.
Further gaps in the media's coverage of the cyber threat open up as you look at the impact on the smaller players, the SMEs or even the self-employed. Many at this level believe they are too small to be at risk but just by being on the internet, you make yourself a target. The smaller guys still have intellectual property, sensitive customer data or commercial intelligence of interest to cyber criminals, and often without the necessary security expertise to protect it. As a result reports from Symantic last year found that more than 36% of all attacks in the first half of last year were directed at SMEs whilst the rate of targeted attacks on big businesses has started to fall.
As government attempts to grow a healthy digital based economy based on support for new ideas and start-ups, this obviously presents a problem. The impact on individual businesses at this level is huge and a single breach could put them out of business altogether.
The threats also feed down into our homes where families, like SMEs have very little time and resource to address these vulnerabilities and keep their most valuable data safe.
So what can we do? Ironically, protecting ourselves against cyber attacks is not so difficult as it might seem and there are a number of simple things that SME's and individuals can do. Probably the single most important thing that should be done is to take regular back ups of data, this can then be used should the worst happen and the system is lost or corrupted. Whilst there is a plethora of new security technology on the market, even freely available anti-virus makes a huge different to the security of your data. However as we have seen from the ATP attacks mentioned above technology can only get your so far. Good practise online such as solid, regularly changing passwords are vital. A good source of information is the Get Safe Online website, an organisation that was set up with the specific aim of protecting individuals and small businesses from these types of attack.
Whilst yet to make the big headlines, the full picture of online crime represents a fundamental challenge to all businesses, governments and our daily lives. In the all-encompassing digital age, information security as a profession and as a way of life is vital to ensuring both our economic prosperity and our sense of safety, privacy and freedom.