Cybersecurity has been one of the top buzzwords for 2011 as commercial organisations increasingly found themselves up against advanced, persistent attacks of the order previously seen only by military organisations.
Information security has moved up the agendas of most corporates and other businesses, but government too is placing increasing emphasis on the topic, backing national cybersecurity efforts with dedicated budgets.
Here are ten articles that illustrate some of the key challenges around information security facing governments, business and individuals.
The new UK cybersecurity strategy is a big step forward, but we will need many more, according to John Reid, former minister and chairman of the Institute of Security and Resilience Studies.
“The strategy contains the beginnings of a grand strategy to orchestrate all levers of power to achieve a common objective,” he told attendees of the Govnet Cyber Security 2011 conference in London.
The strategy, finally published on 25 November, focuses on better resourcing for computer crime authorities, improving communication between government and the private sector, and investing in national defences and critical infrastructure against cybercriminal attack.
Hacking by foreign governments and businesses costs the UK economy billions of pounds, according to the head of the British military's cybersecurity programme.The biggest cyber threat to the UK is economic, not military, according to Jonathan Shaw.
RSA Conference Europe 2011 has provided a useful working definition of the term advanced persistent threats, or APTs, as military-grade cyber attacks on commercial entities. In the face of APTs, businesses need a new defence doctrine, which is under discussion by an increasing number of corporate chief information security officers, says RSA.
Information security is becoming an increasingly important part of any business as the value of information assets continually grows, as do the threats from cyber crime and espionage. But in many businesses, information security is still not well integrated with the rest of the business, consequently either inhibiting the business or exposing it to high levels of risk. Security intelligence is the key, according to a panel of infosecurity professionals.
There has been much speculation around the identity and motive of the hacker who was able to breach DigiNotar and issue fraudulent digital certificates for hundreds of websites, but putting such speculation aside, what is the broader significance of the incident?
Business and public sector organisations lack understanding of the nature and gravity of cyber threats and the UK government lacks vision and leadership in dealing with cyber attacks, according to a report by Chatham House.
Widespread confusion over the scale and nature of cyber criminality is undermining efforts to tackle the problem, the think-tank warned in the report.
On World IPv6 Day in June, around 200 organisations offered content over IPv6 for a 24-hour trial to ensure a smooth transition as IPv4 addresses run out. But that is still some time away. Of more immediate concern, and the reason why IPv6 Day really matters, is to highlight the security holes that are already opening up.
The hacking of Sony's PlayStation Network and Online Entertainment service in 2011 potentially exposed more than 100 million users to fraud in one of the biggest data breaches to date.
The Sony breaches followed several similar data breaches by online service suppliers such as Play.com and Lush, so what effect are they likely have on the online services industry?
Businesses usually attain adequate levels of IT defences at the point that it becomes more cost-effective for cyber criminals to target someone else. But a problem arises when organisations fail to recognise that they are being targeted by advanced persistent threats (APTs) which are designed to get around most defences.