Top 10 IT security stories of 2011

Cybersecurity has been one of the top buzzwords for 2011 as information security moves up the agendas of government and businesses alike.

Cybersecurity has been one of the top buzzwords for 2011 as commercial organisations increasingly found themselves up against advanced, persistent attacks of the order previously seen only by military organisations.

Information security has moved up the agendas of most corporates and other businesses, but government too is placing increasing emphasis on the topic, backing national cybersecurity efforts with dedicated budgets.

Here are ten articles that illustrate some of the key challenges around information security facing governments, business and individuals.

1. UK needs cyber taskforce, says John Reid

The new UK cybersecurity strategy is a big step forward, but we will need many more, according to John Reid, former minister and chairman of the Institute of Security and Resilience Studies.
“The strategy contains the beginnings of a grand strategy to orchestrate all levers of power to achieve a common objective,” he told attendees of the Govnet Cyber Security 2011 conference in London.

2. UK cybersecurity strategy a bit thin on details, say critics

Security suppliers and other industry commentators have generally welcomed the government’s long-awaited new UK cybersecurity strategy, but not without reservation.

The strategy, finally published on 25 November, focuses on better resourcing for computer crime authorities, improving communication between government and the private sector, and investing in national defences and critical infrastructure against cybercriminal attack.

3. Hackers cost UK economy billions every year, says head of military cybersecurity

Hacking by foreign governments and businesses costs the UK economy billions of pounds, according to the head of the British military's cybersecurity programme.The biggest cyber threat to the UK is economic, not military, according to Jonathan Shaw.

4. Military-grade cyber attacks: How businesses can protect themselves

RSA Conference Europe 2011 has provided a useful working definition of the term advanced persistent threats, or APTs, as military-grade cyber attacks on commercial entities. In the face of APTs, businesses need a new defence doctrine, which is under discussion by an increasing number of corporate chief information security officers, says RSA.

5. Analysis: Intelligence key to security business case

Information security is becoming an increasingly important part of any business as the value of information assets continually grows, as do the threats from cyber crime and espionage. But in many businesses, information security is still not well integrated with the rest of the business, consequently either inhibiting the business or exposing it to high levels of risk. Security intelligence is the key, according to a panel of infosecurity professionals.

6. DigiNotar certificate authority breach: Why it matters

There has been much speculation around the identity and motive of the hacker who was able to breach DigiNotar and issue fraudulent digital certificates for hundreds of websites, but putting such speculation aside, what is the broader significance of the incident?

7. UK business and government dangerously out of tune with cyber threats, says Chatham House

Business and public sector organisations lack understanding of the nature and gravity of cyber threats and the UK government lacks vision and leadership in dealing with cyber attacks, according to a report by Chatham House.

Widespread confusion over the scale and nature of cyber criminality is undermining efforts to tackle the problem, the think-tank warned in the report.

8. World IPv6 Day: Why it really matters

On World IPv6 Day in June, around 200 organisations offered content over IPv6 for a 24-hour trial to ensure a smooth transition as IPv4 addresses run out. But that is still some time away. Of more immediate concern, and the reason why IPv6 Day really matters, is to highlight the security holes that are already opening up.

9. Sony data breach: 100m reasons to beef up security

The hacking of Sony's PlayStation Network and Online Entertainment service in 2011 potentially exposed more than 100 million users to fraud in one of the biggest data breaches to date.

The Sony breaches followed several similar data breaches by online service suppliers such as and Lush, so what effect are they likely have on the online services industry?

10. Advanced persistent threats – are businesses prepared?

Businesses usually attain adequate levels of IT defences at the point that it becomes more cost-effective for cyber criminals to target someone else. But a problem arises when organisations fail to recognise that they are being targeted by advanced persistent threats (APTs) which are designed to get around most defences.

Read more on IT consultancy