4 August 2005 Businesses are increasingly at risk of targeted attacks on their IT infrastructure according to UK intelligence services. The threats cost each British business £96,000 on average in 2003.
British businesses are particularly at risk from international criminal gangs, according to the UK’s National Criminal Intelligence Service (NCIS). A NCIS survey of 203 major British business found that 83% of them had been targeted in cyber crime attacks, and had lost £195 million between them in 2003.
Meanwhile, figures from IBM show that organisations particularly targeted by ‘cyber criminals’ include government bodies and manufacturing, financial services and healthcare businesses. According to IBM’s Global Security Index August 2005 report, roughly 65% of all security attacks recorded were targeted at organisations in these sectors.
Methods used to target specific organisations include targeted Trojans, which open channels of communication to other computers and broadcast information, and so-called ‘spear phishing,’ using emails which include information relevant to particular businesses or individuals to trick employees into divulging confidential information.
A significant problem in dealing with specifically targeted security threats is that most anti-virus software is designed to combat more general, untargeted malware. Code written to attack a particular organisation’s infrastructure is less likely to be detected by standard security packages.
“All the security measures in the world cannot fully protect an organisation against the most sophisticated attacks,” said analyst Paul Stamp of Forrester Research. But Stamp said the most effective protection was to use multiple threat mitigation techniques and enforcing a strict code of IT practice on employees and partners alike.