3

A recent survey, conducted by IT risk management specialists nCircle, suggests that as many as 50% of IT security professionals think that the organisations they work for are a potential target for state-sponsored hackers. A number that Tim Keanini, nCircle Chief Research officer, thinks is rather on the low side in reality.

"The number of organizations that are potential targets for state-sponsored cyber attacks is probably much higher than 50%, because if attackers can’t break into a targeted organization, they will go after partners and suppliers" Keanini insists, adding "Frankly, I’m surprised that the level of paranoia among information security professionals isn’t higher."

Of course, to paraphrase a well known saying, just because you are a paranoid IT security professional doesn't mean that China isn't out to get you. Or, perhaps more accurately, just because the media says that China is the country most likely to be hacking your business doesn't mean that everyone else isn't also at it. The public perception of who is behind state-sponsored attacks is not only shaped by media reporting, but also mis-shaped if you ask me. Ask Keanini and he will say the same: "The reality is that nations that are really good at cyber attacks don’t make the news because they don’t get caught." Interestingly, when it comes to those IT security pros who were surveyed (more than 200 of them who attended the 2013 RSA Conference in San Francisco) some 48% go with China as being the best equipped for launching state-sponsored cyber attacks but 33% point the finger in the direction of the United States itself when it comes to advanced technical capability for such activity.

I'm not sure it really matters which direction state-sponsored hacking comes from, or where it is perceived to come from, or indeed if it is state-sponsored at all. Just look at the Worldwide Infrastructure Security Report from Arbor and you will see that quite clearly DDoS attacks are on the up: 76% of respondents experienced DDoS attacks towards their customers during the past year. Add to that the rise of hacktivism, with 33% reporting political and ideological disputes as the motivation behind those attacks, and it becomes clear that IT security professionals and the organisations they work for need to be focusing more on defense in depth and worrying less about apportioning blame.

As Dan Holden, Director of Arbor’s Security Engineering & Response Team, points out: "Global recognition for effective cyber security solutions in business is rising, but many still continue to bury their heads in the sand. The truth is that any business operating online - from the largest enterprise to an individual operator - can become a target for attack, because of who they are, what they sell or who they partner with. It’s extremely important that organisations of all size take best practice defensive steps to ensure they are adequately protected if, or more likely when, they become the target of an attack."

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

3
Contributors
3
Replies
38
Views
4 Years
Discussion Span
Last Post by LastMitch
0

Ask Keanini and he will say the same: "The reality is that nations that are really good at cyber attacks don’t make the news because they don’t get caught." Interestingly, when it comes to those IT security pros who were surveyed (more than 200 of them who attended the 2013 RSA Conference in San Francisco) some 48% go with China as being the best equipped for launching state-sponsored cyber attacks but 33% point the finger in the direction of the United States itself when it comes to advanced technical capability for such activity.

I agree. The main reason is because most of the IT hardware and software are still manufacturing in China. It's like a blue-print. It should be manufacturing here in the US. But that's not going to change anytime soon.

0

do you think it will change at all? :)

My opinion I don't know.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.