A report from the Ponemon Institute published last week shows that major companies believe that they are already experiencing nation-sponsored cyber attacks, and they also believe that a cyber attack on the critical national infrastructure (CNI) is likely in the next two years. Coincidentally, on the day that the report was published, news broke about a sophisticated worm attack on the Iranian nuclear research establishments. The attacks on Googles operations in China at the beginning of 2010 have raised concerns in this area, and the new research indicates that it is not just a localized problem.
The general cyber security scene remains challenging
While cyber crime generally grows as a threat to companies and countries, the numbers do not show a linear progression. The criminal community is both highly organized and dominated by some big players. Numerically, credit card details and online banking credentials account for the overwhelming proportion of stolen data. Successes by law enforcement can therefore have a substantial, but short-term, effect on the picture. When the Rock Phish gang was taken down in November 2008 it cut worldwide spam and associated phishing and botnets by around 50 per cent, but after a few months a new gang was using an improved tool called Avalanche and had captured 65 per cent of the market. The 2009 imprisonment of Albert Gonzalez, who had been active in many major data breach incidents including TJ Maxx and Heartland Payment Systems, may have contributed to the reduced volume of data theft reported in 2010. Another equally credible explanation is that the data thieves stole so many credit card records in 2009 that the market price of the data fell by 95 per cent and the laws of supply and demand affected their strategy. It seems likely that the criminals have turned their attention to more lucrative and more targeted attacks on high-value data. Any change in targeting creates new challenges for cyber security professionals.
When do you discover that you have been hacked?
Data theft is about copying valuable information, rather than about stealing the only copy of the data. The owner of the data will not be aware that this has happened until either their cyber defense infrastructure raises an alarm or, much more frequently, someone notices the hacked data is in the wrong hands when, for example, a competitor develops a similar product in record time or a customer detects that their credit card has been misused. These factors mean that nation-sponsored data theft is not likely to be discovered quickly as nations play the long game, and the figures relating to all forms of data theft may be significantly in error.
Sign up for Computerworld eNewsletters.