UK CYBER EXTORTION
2005-09-22
UK businesses are continuing to lose billions of pounds each year through an insufficient focus on safeguarding systems from attack by hackers and hi-tech extortionists.
This was the opinion of experts from the National Hi-Tech Crime Unit (NHTCU), Yankee Group and Blue Square who gathered together to raise awareness of the issue amongst industry representatives in a dedicated seminar organised this month by network services provider, PacketExchange.
In particular, the session considered the nature of Distributed Denial of Service attacks (DDoS) which are affecting many online businesses. Recent examples include various industry sectors including betting, gaming, travel and government. Disrupted services results in loss of customers and brands are irreversibly damaged in a matter of hours. Given that this form of crime cost companies an estimated £2.4bn in 2004* and many more are not disclosed, it is clear that firms who do business online are falling victim, but simply cannot afford the effects of this type of crime.
PacketExchange CEO, Kieron O‘Brien highlighted the level of exposure that firms currently face given the congested nature of the public internet and the way in which information (transit) is moved around the globe and controlled by internet service providers at different tiers in the internet community. He strongly made a case for improved understanding of the potential threats (including those affecting upstream suppliers) and by way of solution, proposed increased use of private networks which operate outside the public internet. Such networks avoid congestion providing fast, secure and reliable online business and transactions to all users. This is appropriate given the weaknesses of the internet as we know it which herald from its origins as a tool for academic institutions to share data. He commented:
“The true extent of the damage inflicted by DDoS is unclear due to the fact that many businesses are loathed to admit that they have been a victim of cyber extortion and therefore may be vulnerable to future attacks. If network access or systems are critical to the business, then DDoS counter-measures should be part of the business continuity planning and a realistic budget security set.
O‘Brien continued:
“There is also a need to plan for worst-case scenarios and ensure that a multitude of measures have been taken to reduce and minimise the chances of an attack and the ability to cope with one if it occurs. Bandwidth suppliers have a central role to play in advising of the best mix of solutions that will prevent and reduce the impact of an attack.”
In conclusion, the presenters agreed on the need to balance confidentiality with greater co-operation between organisations to tackling the issue of cyber extortion head on.
*Data from the National Hi-Tech Crime Unit
For further information, please contact:
John Gisborne, Splash Communications
Tel: +44 (0)1225 348008
