While 2014 will be remembered for a number of severe cyber-attacks, these are likely to diversify and escalate in 2015.
“It is probable that more severe cyber shocks are in the offing,” says Dr Uri Rosenthal, special envoy for the Global Conference on Cyberspace. “And attackers have the advantage over the defence.”
It’s not only actual cyber-threats that are of concern, but the fact that most global events will reverberate quicker and further than ever thanks to increasing connectivity.
“Global shocks are increasing in variety,” Rosenthal says. “But they are also interconnected through the internet. When we talk about what is in the offing, the Internet is more involved in daily lives.”
He points to infrastructure like smart grids that are vulnerable and could come under attack during this year.
Future shocks, he adds, are being driven by the exponential speed of the Internet, which means that events can reach everyone in seconds.
In addition, there is an issue around the attribution of attacks, where it’s not always clear who is responsible. “We always have strong suspicions but to pin it down is difficult if not impossible. For law enforcement agencies to deal with cyber problems means they have to embrace digital evidence.”
Public/private participation is key to reacting to attacks, Rosenthal says. Although many of the attacks could be on public systems of infrastructure, usually the skills to deal with them lie in the private sector. For instance, he points out, the Netherlands has a combined incident response centre.
Rosenthal points out that the Internet gives rise to huge numbers: both negative and positive. More than 3-billion people around the world use the internet, while there are 30-trillion individual web pages. In addition, there are 6-billion mobile phone subscribers.
In South Africa, about 41% of the population have someone in their direct surroundings who uses the Internet; and 10% of people have Internet at home.
In the emerging markets, mobile communication is going far beyond 100%, while there is also an upswing in fixed line connectivity.
With the growing number of users, threats are escalating as well. In 2013, 1 400 financial institutions in nine countries were victims of cyber-attacks, while more than 600-million people had personal information compromised.
“There are a lot of international hacker groups with capabilities similar to those of governments.”
“Threat are on the increase in many ways,” says Rosenthal. “While some people think we are mastering the malware threat, research shows it is continuously on the increase, more complex, more intense and the diversity is increasing as well.”
However, Rosenthal says it’s wrong to focus just on the threats. “There is another story: we see ambitions, aspirations on the positive side of internet and mobile communications.
“We can talk about economic growth, social development and the wonderful daily life in the offing related to the Internet of Things. There are also big figure son this side: for instance the decade to come the growth in global trade is for 25% internet connected and mobile communication connected. We can also talk about e-health, e-education and e-commerce.”
Craig Rosewarne, MD of Wolfpack Information Risk, points out that cyber security threats are real, and organisations need to work together to combat them.
“In South African, we tend to not want to share knowledge – but we have to. We are facing common challenges across the continent; our citizens are exposed; and we can rely on getting very few services from police.”
As a matter of urgency, he says we need develop technical skills. A national awareness programme has been on the cards for some years, gut needs to be rolled out soon. And we need to see greater leadership from government when it comes to cyber security.
High-profile cases that were averted towards the end of 2014 should sound a warning to both private and public sector organisations, he says. These were the R800-million that was almost stolen from Gautrain, and a close call on the Eskom payroll that could have lost R3-billion.