Patrik Runald (Global) - Pointing Fingers: Who is to Blame for Cross-Border Cyber Attacks?

High profile attacks, such as Aurora, Stuxnet and Zeus leave us in no doubt that cross border cyber attacks are real and not just plots for action movies.  They also indicate a significant game change. Last month the Pentagon declared cyberspace is a new warfare domain. And even though that could be offensive or defensive, perhaps the best starting offense might be the best defense.

It’s important that governments and corporations alike protect their state and industry secrets more than ever before.  The fact is the U.S. and China are the top two countries hosting crimeware and receiving stolen data. But just because a server is in a particular country, does not mean the attacker is.

The bad guys will go where the money is - certain parts of the world become targets because they house companies with rich IPs; others because they have a high percentage of online consumers. China, the U.S., India and Japan currently have the highest percentage of internet users. China in particular has more internet users than the U.S. has citizens, so it’s a natural target for cybercriminals. However, regardless of country, if you have IP, you are going to be a target.


Rather than looking at things from a U.S. vs. China angle, a more accurate summary would be cybercriminals vs. companies. The wildly successful techniques used in state-sponsored attacks are moving down a malware adoption lifecycle. Yesterday’s million-dollar, well-planned, high-profile attack is quickly becoming a $25 exploit kit available online to armies of low-level hackers.

Last year 52% of data-stealing attacks were conducted over the web, and 2011 doesn’t look any safer. Particularly as more advanced hacking technology is reaching the global black market faster than ever before, and faster than traditional security can comprehend.  To stop targeted attacks and cross border advanced threats, organizations need new security strategies. Their content security needs to examine—in real time—the substance of each website and email. Traditional endpoint and network security products, while a good start, are no longer sufficient.

Co-operation between countries depends on history and outside political factors. For example, there is already international co-operation on spam rings. Each case will vary of course. It will depend on the nature of the attacks and the organizations affected. Outside of the political arena, I believe that international corporate collaboration is key. We have the benefit of being able to monitor and protect from threats 24/7 as we have Websense Security Labs teams in San Diego, EMEA and China.  For us, working with international teams is a huge strength.

By Patrik Runald, Senior Manager of security research, Websense


« Tony Mwai (Africa) - Smarter Computing Can Help Governments do More with Less


Mark Warburton (Global) - Bitcoin: a Virtual Currency for the Future? part 2 »

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies


Do you think your smartphone is making you a workaholic?