The Lord Mayor of London, David Brewer, last week issued a wake-up call to financial institutions to take a global lead in combating cybercrime.
“Cybercrime is more lucrative and less risky than drugs,” he said. “There is no better place to start than in London,” he continued, highlighting the City’s capability of taking over all of New York’s trading on 9/11 in just half an hour.
“We are already seeing evidence of failure to grasp the nettle,” he warned a select meeting of leading City influencers in London last week.
He warned that while the internet is key to the future success of the City and the global financial marketplace, it is spoken of as if it were regulated, structured and planned, which it is not.
The baseline for the Internet is threefold, he said: security, stability and availability.
Faced with major new cybersecurity threats, companies need to adopt a new approach, said Mark Reece, trading systems architect at the London Stock Exchange, speaking at the same event.
“Security is not just a technology arms race any more – well-established business models are driving criminal activity. Security defences should account for the business model of the attack.”
The landscape of cyber attacks has changed, he said. “Whereas five to 10 years ago attacks were by individual experts, today they are based on a business model by criminal gangs for profit.”
“Particularly scary are zero day attacks where security flaws are exploited before a patch,” he said. The flaw detection process is being infiltrated to exploit the time between detection and software security patching, and packaged attacks were also being produced and resold to less adept hackers.
Another major growing threat is that spam networks are improving their delivery mechanisms. “Spam stopped for a while because of detection, but now I’m getting more,” he said.
“The window remains open for attack longer than we would like,” he said, adding that the sophistication of denial of service and phishing attacks is growing fast.
Government and private sector co-operation is very important in combating cyber crime, added Chris Painter, deputy chief principal of the US Department of Justice, who chairs the G8 High Tech Crime sub-group.
He warned of the new wave of extortion, blackmail, database breaches, insider “sniffers” and wireless villains, motivated by monetary gain and operating in well-organised criminal gangs.
Shaken by numerous major cyber security breaches over the past year, including massive ID theft following the Katrina and Rita hurricanes, the US administration set up the President’s ID Theft Task Force in May, with interim recommendations published in September.
“That might take five years to happen in the UK,” warned Tricia Drakes, chairwoman of the Lord Mayor’s Technology Advisory Group and former Internet Corporation for Assigned Names and Numbers board member, calling on the financial services sector in the UK to take a global lead.