Olympics and IT � be aware be very aware

The upcoming Olympics could see the start of a wave of cyber-terror attacks against the UK.

Not everyone loves the UK and our culture. Once the Olympics begin, we will become a major target of attacks driven by political and religious beliefs - and these attacks are likely to be both physical and digital.

This year's Games haven't even begun in Beijing and yet protests about human rights have been making headlines. London and the UK will step into the limelight the minute that Prime Minister Gordon Brown accepts the baton at the closing ceremony on 24 August. These attacks will provide a magnificent smokescreen behind which organised crime can hide. The security community must wake up to what may be in store and begin educating organisations about the threats to business.

The UK's Centre for Protection of National Infrastructure has already warned British businesses that China is carrying out state-sponsored espionage against vital parts of Britain's economy, including the computer systems of big banks and financial services firms. The government alleges that British companies doing business in China are targeted by Chinese state organisations that use the Internet to steal confidential commercial information. The US Department of Defense has confirmed that its systems have been compromised by China, and that it has no idea to what extent and depth. So what are the threats to your organisation, and why would the government issue these notices?

As our dependence on networks and IT grows, so does the realisation of how much sensitive information is held in these environments. Yet we are opening up our networks to increasing numbers of third parties. Business in the future will be about how we collaborate, securely, with our partners.

Challenge

As more sensitive data are digitised, and regulatory requirements become increasingly stringent, organisations face the challenge of securing that data against unauthorised access, tampering and loss.

An enterprise's network is a complex entity including a myriad of devices, platforms, applications and operating systems. Because of increased employee mobility and the growing number of end-user devices, tracking and controlling network access has become essential to maintaining data security in corporate networks. Organisations must balance access to these resources with the requirement to protect valuable assets and ensure their customers' privacy.

The sheer number of threats and intrusions into corporate IT systems has grown phenomenally in the past few years and today's security risks are complex. Threats to an organisation include both external and internal attacks as well as passive threats. Networks and personal computers need to be protected from vandals (malicious mobile code, trojans, worms, VB/JavaScript); viruses; data exposure and inappropriate content. To deal with these rapidly evolving threats, organisations are moving towards combining proactive and reactive security measures within the existing network and at its boundaries, where the network may interface with unknown devices. Firewalls are being used to secure a network against external and internal threats.

So where to start? Even thinking about the security vulnerabilities that your organisation faces is enough to cause a migraine. Implementing ongoing vulnerability management to discover and assess vulnerabilities, and to implement and maintain system configurations, will ensure secure environments and save time and money in the long run.

The threat to business is increasing as we rely upon the data within an organisation. The good news is that UK plc seems to be waking up to the threat. The information we have suggests that, after many high profile data losses, boardrooms are giving security a bigger piece of their IT budget. Is this because CEOs don't want to see themselves on the front page of the national newspapers, and having to explain to shareholders how they lost all their customer data? Or is it because the threats are finally being given proper airtime?

One of the issues the security industry faces is that if it does its job well, it cannot prove that the money was well invested because incidents are prevented before they happen. Richard Walton, former director of the communications and electronic security group at GCHQ, has pointed out that had legislation been passed before 9/11, making it compulsory for airlines to fit locked and armoured cockpit doors, the attack would not have happened. But the industry would have been up in arms over such 'unnecessary' expenditure.

Business has recognised the need to improve collaborative working, and the necessity of sharing data. However, we need finance directors to recognise the benefits of an investment in security. No amount of security spending will double a business's turnover or profit by itself. However, it will enable a business to grow, securely, using collaboration technology. It should be seen as a business enabler, and regarded as money well spent as the time between security incidents gets longer.

All eyes on London

For the next four years, the world will be looking to London. Why else have we invested billions in attracting the Games? We know that physical security will be stepped up - don't expect to board planes and perhaps trains quite so quickly. We know that there will be major issues vetting all the workers at the Olympics, and that the sites will be targets for potential terror attacks. But we also need to be aware that cyber terrorism is a real issue, and that the UK and its businesses need to prepare themselves to repel cyber attacks as well as physical ones. If we can manage that, then the Olympics will be remembered for the right reasons

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them

Close