BE WARNED – THE OLYMPICS ARE COMING!

We will soon be the target for major attacks.

David Hobson, MD of Global Secure Systems (GSS), talks about the forthcoming threats to head our way.

The Olympics is one of the largest global events staged by any individual country yet, unfortunately, the headlines often have little to do with the athletes’ performance on the field - The Munich massacre of 1972; the Atlanta bombing of 1996 and this year’s games haven’t even begun in Beijing yet they’ve been making headlines. And soon it will be our turn.

The recent issues and protests surrounding the torch on its journey through the streets of London, Paris and San Francisco have highlighted some very serious security issues we will face in the run up to, and during, 2012. Once the UK steps into the limelight, with the baton passed to London during the closing ceremony at this year’s event on the 24th August, the focus will be redirected and we will become the next major target of attacks driven by political and religious beliefs – believe it or not, not everyone in the world loves the UK and our culture. These attacks are more than likely to be both physical and digital and will, undoubtedly, be a magnificent smokescreen for organised crime to hide behind. The security community faces a tremendous challenge of educating organisations about the threats to their business.

At the end of 2007 the Times newspaper had a front page story disclosing details of an unprecedented warning issued by CPNI – Centre for Protection of National Infrastructure to major businesses in the UK accusing China of carrying out state-sponsored espionage against vital parts of Britain’s economy, including the computer systems of big banks and financial services firms. The Government alleges that British companies doing business in China are being targeted by Chinese State Organisations using the internet to steal confidential commercial information (a touch ironic with them hosting this years Olympics!). And we’re not alone, while I was in the USA, recently, it was publicly confirmed that the US Defence Department acknowledged that their systems have also been compromised by China and they have no idea to what extent and depth. So what are the threats to your organisation and why would the Government issue notices to anyone?

As the dependence on IT continues to grow, so does the realisation of how much sensitive or critical information is held within IT environments. As more and more sensitive data is digitised, and regulatory requirements become increasingly stringent, organisations face the challenge of securing and protecting their data against unauthorised access, tampering and loss. An enterprise's network is an inherently complex entity including a myriad of devices, platforms, applications and operating systems. Because of increased employee mobility and the growing number of end-user network-capable devices, tracking and controlling network access has become essential to maintaining data security in corporate networks. Organisations must balance access to these resources, whilst protecting valuable assets and ensuring customers' privacy. Failing to get the equilibrium right proves to be a costly business issue.

The sheer number of threats and intrusions to corporate IT systems has grown phenomenally in the past few years and today's security risks are complex. Threats to an organisation range from external threats to internal threats as well as passive threats. Networks and personal computers need to be protected from vandals (malicious mobile code, Trojans, worms, VB/JavaScript), viruses, data exposure and inappropriate content. To better deal with the rapidly evolving threats, organisations are moving towards combining proactive and reactive security measures both within the existing network and at the boundaries where the network may interface with external and unknown devices. Historically associated with protecting a network against attack from the Internet, firewalls are increasingly becoming more important for securing a network against internal threats.

So where to start? Even thinking about dealing with the number of security vulnerabilities that your organisation faces is enough to cause a migraine. Finding and prioritising the sheer volume of network's vulnerabilities, and then ensuring that they are fixed, is a nearly impossible task that can leave your organisation exposed. Implementing ongoing vulnerability management to discover and assess vulnerabilities, and to implement and maintain system configurations, will ensure secure environments saving time and money in the long run.

The threat to business is increasing as we rely upon the data within an organisation. The good news is that UK plc finally seems to be waking up to the threat to their business. The information we have suggests that, after many high profile data losses, boardrooms are finally giving security a bigger piece of their IT budget. Is this because no CEO wants to see himself or herself on the front page of the nationals, and have to explain to their shareholders how they lost all their customer data? Or is it because the threats are finally being given proper airtime?

Either way, one of the issues the security industry faces is that if it does its job well, it will never be able to prove that the money was well invested because incidents have been prevented before they happened! I had the good fortune to sit next to Richard Walton, former Director of Communications and Electronic Security Group, GCHQ at a couple of events recently. He rightly pointed out that had legislation been passed before 9/11, making it compulsory for airlines to fit locked armour doors to a plane cockpit, 9/11 would not have happened. Well, not in the form that it did. In my opinion the industry would have been up in arms over the extra expenditure calling it unnecessary. Perhaps in hindsight this is something that should have been done, after all there had been plenty of hijackings of aircraft before but hindsight is a wonderful thing.

We need Finance Directors to recognise the real benefits from an investment in security that is necessary not only for today but to protect us into the future. As a result of this outlay, when they see fewer breaches, that should be recognised as money well spent instead of down the drain. The threats will be growing, with UK plc becoming a major global target in the run up to 2012. There’s no time to be wasted as it’s pointless to secure the door after the horse has bolted.

London’s Olympics will definitely be reported on and subsequently be remembered in history, let’s just hope for all our sakes it’s for the right reasons.

www.gss.co.uk