MI5 chief: Massive cybercrime wave putting businesses at risk
MI5 boss Jonathan Evans has warned that companies in the UK are fending off an 'astonishing' level of cyberattacks. Image credit: Security Service
Businesses in Britain are under sustained attack from
governments and gangs bent on intellectual-property theft and other
cybercrime, with one company suffering millions of pounds in losses, the
head of MI5 has revealed.
They are victims of the black cyber-economy,
which has a huge pool of resources to draw on for conducting
state-sponsored cyber-espionage and cybercrime, MI5 director general
Jonathan Evans said in a speech on Monday.
"Vulnerabilities in the internet are being exploited aggressively, not
just by criminals but also by states," Evans told an audience at the
Mansion House in London. "The extent of what is going on is astonishing —
with industrial-scale processes, involving many thousands of people,
lying behind both state-sponsored cyber-espionage and organised cybercrime."
MI5 worked with one major London-listed company that estimated it had
lost £800m in revenue as a result of a hostile cyberattack from a state,
he said. The damage came through intellectual-property loss and
commercial disadvantage during contract negotiations.
"They will not be the only corporate victim of these problems," Evans said.
While the MI5 head did not mention particular attacks, companies have been grappling with threats such as Flame, which Kaspersky Labs has described
as "a sophisticated cyber-espionage toolkit primarily targeting Windows
computers in the Middle East". The US and Israel developed Flame to collect data on the Iranian nuclear programme, so that the countries could develop cyber-sabotage tools, according to the Washington Post.
Cyberattacks in the UK
MI5 is involved in investigations of cyberattacks on more than a dozen major companies,
Evans said. The intelligence service is working with GCHQ, government
departments and the police to investigate the attempts, via the Centre
for the Protection of National Infrastructure (CPNI). Organisations that
may be future targets have been identified, according to Evans.
"What is at stake is not just our government secrets but also the safety
and security of our infrastructure — the intellectual property that
underpins our future prosperity and the commercially sensitive
information that is the lifeblood of our companies and corporations," he
said.
He pointed out that businesses face risks not only to core systems, but also to foreign subsidiaries and suppliers.
In addition, the risks of cyberattack to the UK are being exacerbated by the 'internet of things', which will see increasing connections made to the internet by objects such as buildings, cash machines and cars, Evans added.
"This increases the potential for mischief and leads to risks of
real-world damage as well as information loss," he said. "We are
contributing to the international process of ensuring that the
appropriate IT security management standards are in place to manage some
of these new risks."
Comments