Cyber Terrorism - is it a Serious Threat to Commercial Organizations?
by David Love - Head of Security Strategy, EMEA for Computer Associates - Tuesday, 1 April 2003.
Cyber Terrorism is a hot topic in the popular press and on general Computer industry web sites. Unfortunately, the ‘hype’ surrounding the topic is actually doing a disservice to the application of sensible security defences in the commercial and industrial sectors. Not many years ago, the preferred method of selling IT Security was to exaggerate the threat and thus the risk to systems without the more professional rigour of making a business case for the application of security to the specific business requirement. Selling by ‘Fear’ never did work well. From the less sophisticated sectors of the industry, the same discredited method of selling Cyber terrorism protection is now in evidence. However, decision making in corporate protection is now moving from the IT Department to the Boardroom and, in general, Directors will not authorize expenditure on protection without the presence of a sound business proposal.

Similarly, there are several analyst companies who are forwarding ’evidence’ to the general IT industry of large scale intrusions, the explosion of cyber crime, cyber espionage and cyber terrorism without any real evidence to support their wilder prognostications. Unfortunately, the general current climate of fear is leading to an atmosphere where credibility is assigned to these unsubstantiated reports. From the particular analysts perspective, this wide scale reporting and subsequent television appearances serve only to increase their revenue from an industrial and commercial audience that is normally not so unusually gullible. There has never been a time when one should exercise more caution on unsubstantiated intelligence - reading it on the Web does not make it fact!

What is the problem then with the current statistics that show precise exponential rises in all aspects of cyber crime? It is because the components of the UK industry have no precise way of measuring the scale of attacks and, in the majority of cases, still no capability to determine that an attack has taken place that such reports have to be viewed with real scepticism. Using such statistics to extrapolate future trends in threat is intellectually unsustainable.

Until the formulation of the National High Tech Crime Unit (NHTCU) some three years ago, there was little police expertise in this area. However, the explosion in the use of the computer for all aspects of eBusiness has forced the UK Government to more proactive measures and the first real survey of cyber crime in the UK has now been conducted under the auspices of the NHTCU. The results announced at the Government Cyber Crime Conference in early December give a much better picture of the threats we face as a cyber trading nation. That some £38,000,000,000 of trade was conducted on the Internet in the UK in 2002 with some £18,500,000,000 in the financial sector alone gives us an indication of what has become a very tempting target for Cyber criminals and, moreover, an indication on the reliance we are now beginning to place on conducting our business and personal lives on the Internet. It is this very reliance on this medium of business that now makes an attractive target for the Cyber Terrorist.


Credential manager system used by Cisco, IBM, F5 has been breached

Pearson VUE is part of Pearson, the world's largest learning company. Over 450 credential owners (including IT organizations such as IBM, Adobe, etc.) across the globe use the company's solutions to develop, manage, deliver and grow their testing programs.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Nov 25th