Cyber attacks can take months to control even after detection

Alex Fidgen, Director at MWR InfoSecurity, made the comment following the publication of the Annual Report 2012-2013 from the Intelligence and Security Committee which indicated that cyber espionage had resulted in Ministry of Defence data being stolen.

Fidgen said: “Attacks targeting Government departments or industry suppliers can remain undetected and active for up to a year, so the problem becomes endemic. Furthermore, it can take months to control these attacks meaning that, during this time, huge amounts of information can be downloaded by the attacking party.”

“State sponsored activity is directly interested in the geo-political decisions being undertaken by governments and associated organisations.”

“However, this is part of the larger picture of increased cyber espionage activity by one state versus another. While the report focuses mostly on UK Government departments being targeted, this picture is being played out daily amongst commercial organisations”

Fidgen added: “A large number of organisations lack the understanding or, in the case of the Government, the capacity to deal with sophisticated attacks and their growing volume.”

“Complex networks involving suppliers and partners are a challenge to security and were not built to defend against the attacks that are now being witnessed on a weekly basis.”

He ended: “The sophistication of these attacks is such that each time more organisations are being targeted. Information is being taken from each and pieced together to provide the final goal for the attacker.”