The Private Sector is Becoming a More Attractive Target for Cyber-Terrorism


Ready, Aim, Hack - the New Warfare
by Adam Turner

Source: Information Technology

January 29, 2001

IN AN AGE in which corporations are more powerful than governments and essential services are in private hands, the private sector is becoming a more attractive target for cyber-terrorism, a visiting online security expert says.

Crippling a country’s economic giants using information warfare tactics is one of the most effective ways to attack an enemy, says London-based Graham Titterington of independent analyst and consulting company Ovum.

``In the world capitalist economy, most people regard major companies as the country itself and that’s where you’d make the most immediate impact,’’ Titterington says.

``People would go for major commercial organisations rather than government.’’

Titterington was in Australia this month after addressing the International Quality and Productivity Centre’s e-security conference in Singapore. He says reports of online sabotage during the Middle East conflict through defacing websites and denial of service attacks - crippling a server by swamping it with requests - are a sign of things to come.

Despite the increasing number of security breaches, he says ``virtually all’’ business do not pay enough attention to security.

Aside from virtual terrorism, external threats such as online industrial espionage are also a growing danger for the commercial sector.

``The traditional view of IT security was that it was very largely an internal problem and the disgruntled employee, or very recently ex-employee, were your number one threats. The threats that you are exposed to on the Internet, the almost random threats from the outside world, are so great that I don’t follow that model any longer,’’ Titterington says.

``My feeling is that it’s pretty evenly pegged now. If I had to come off the fence I’d put it slightly on the external. Most of the more serious ones seem to come from external sources.’’

The FBI’s annual online security survey of the United States’ Fortune 500 companies found more than half know they have had an illegal use of their system over the last 12 months.

``These things do happen all the time and they’re only the ones who know about it,’’ he says.

``The thing with espionage, for example, is that the hackers try to get in, steal information and get out without being noticed. They don’t want to do any damage because they hope they won’t be noticed so they can get back in and do it again.’’

In the same way locks on doors only keep out honest people, Titterington is philosophical about the effectiveness of online security measures.

``Potentially it’s a bottomless pit. You could sink millions into it and you still wouldn’t get 100 per cent security, no matter what you did,’’ he says.

``Any e-business that is considering what to do should think of it in a positive frame of mind; this is an enabler, this will enable me to do things safely, this will build trust with my business partners.’’

Back To Contents