Cyber-Security Congress: politics driving cyber-security as much as business
Cybercrime

Cyber-Security Congress: politics driving cyber-security as much as business

The lines between cyber-criminals and state-sponsored attacks, monetary gain and political influence are becoming increasingly blurred, according to speakers at this year’s Cyber Security Congress in London. The event – convened under the Chatham House Rule – was often not so much about cyber-criminals, but the growing issue of politics and nations getting involved in cyber-based activates.

 

Politics vs business

One intelligence expert claimed that we have entered a new era, where politics, rather than business, was the driving force of many of these activities.

Russian 'fake news' efforts during the US elections were "much more extensive" than most know, similar campaigns are currently happening in France, and more will continue around Europe and further afield this year. But the motivations will not just be to influence elections or perceptions of leadership, but also make countries richer.

We’re told that while there are limits on how much money can be made from the likes of credit card fraud, the amounts that can be made from predicting stock market changes through manipulation are almost limitless.

“I don’t see a way that this won’t be a major force in the future.”

Another speaker said it was “very concerning” that governments around the world are “investing too much in cyber-offensive capabilities rather than defence.”

 

Emerging markets

Various policy makers and public sector workers from Europe and US were present, and concerns were raised around preventing cyber-crime in emerging markets. The lack of adequate laws, processes around digital evidence gathering, and enforcement of punishments means many countries – many within Africa were cited as examples – could become ‘safe-havens’ for cyber-criminals.

There was also concern around certain countries overlooking or actively employing cyber-criminals for state-sanctioned attacks, but there was confidence that international cyber-agreements – aka “Cyber-nonproliferation” treaties could be agreed upon because countries wouldn’t want to become the “cyber North Korea” and be frozen out of digital markets.

 

GDPR

Unsurprisingly, GDPR was hot topic. The EU’s incoming data privacy regulations were described as “clunky, but essential, and a long time coming.” Speakers advised to look beyond the fines, and use it not only as an opportunity to tighten processes, improve security and consistency on a worldwide level, but as a chance to give security a mandated leadership role within the company.

Companies that haven’t yet begun preparation should prioritise data mapping and ensuring everything they do from now on is embedded with a “privacy by design” approach.

 

Actual business

Outside of politics and regulations, there was some talk around business trends. Although experts IDG Connect has talked to in the past have said otherwise, the audience was told cyber-criminals are not using Machine Learning techniques to infiltrate, explore, and hide within target networks.

Another expert said that he expected ransomware to decline in popularity in 2017, but we would see a massive increase in email and business process compromise. In these attacks, attackers – whether for monetary gain, political motives, or even industrial sabotage – will infiltrate a network, learn how a company works (processes, habits, email styles between workers) and then strike on a weak point.

The Bangladesh Swift and Tesco Banking attacks were cited as examples of process hacks, as was a company whose printers were compromised to change payment details invoices but not on databases. Compromising business processes from start to finish usually takes around four months; around three months just monitoring, one for infiltration and planning, while the final execution happens in one day.

 

Also read:
Cyber Security Show: Security the new “keeping the lights on”
InfoSec 2016: GDPR hangs heavy over Europe

PREVIOUS ARTICLE

«AWS wants to lower the bar of entry for all companies wanting to do IoT

NEXT ARTICLE

Critical lack of skills could be the biggest security challenge »
author_image
Dan Swinhoe

Dan is Senior Staff Writer at IDG Connect. Writes about all manner of tech from driverless cars, AI, and Green IT to Cloudy stuff, security, and IoT. Dislikes autoplay ads/videos and garbage written about 'milliennials'.  

  • twt
  • twt
  • Mail

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Will Kotlin overtake Java as the most popular Android programming language in 2018?