Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Cyber Security and the CIO Challenge

Gordon Makryllos | April 17, 2013
Cyber security is the double edged sword of modern business.

Cyber security is the double edged sword of modern business. Because the Internet is an evolving technology that carries enormous potential and vulnerability, cyber security embraces questions of internet freedom, network architecture and the economic potential of cyberspace.

Large global multinationals, small local businesses and startups alike use online infrastructure to facilitate economic and technological innovation. With this growth comes increased risk as well as opportunity. Advanced, persistent threats reflect the risks posed by adversaries with the sophistication, resources and determination to cause real and permanent damage by exploiting the architecture of networks, and of cyberspace itself.

The 2012 Cyber Crime and Security Survey: Systems of National Interest, published by the Australian Government, disclose some of the cyber security measures that key infrastructure sectors have in place. Of the 255 organisations surveyed in Australia's banking and finance, communications, energy, resources, transport and water sectors, 90 percent reported they have firewalls and security software in place. However, 20 percent of the same respondents described some form of ''cyber incident'' that occurred in 2012. Logic would define that there is a gap, and cyber-attacks are occurring more frequently than desired.

It's no surprise 16 percent of respondents identified being exposed to 'denial-of-service attacks' (DoS). These attacks are fundamentally different to other virus, malware or identity attacks. The apparent legitimacy of a DoS attack is achieved by using authorised ports - hence firewalls and the other security software listed above are ineffective against them.

No one can argue that the cyber security of an enterprise is the domain of anyone else but the CIO. Processes, practices and decisions all largely fall to the one person.

The stakes are high for CIO's as more and more reliance is placed on them by employees, partners and consumers, to protect them from the reality of the cyber domain. The report identifies that 19 percent of respondents believe the key motive for cyber crime is financial gain, so the stakes rise higher quickly.

The report findings state the top two suspected motives as being non-targeted unsolicited malicious damage (17 perdent), followed by indiscriminate attack (almost 16 percent). So often when looking for the culprit of a random attack, a DoS attack is held responsible. These types of attacks can render enterprises' online services totally redundant, sometimes for long period of time. If an attack is launched, it has the ability to not only affect customer facing avenues of an organisation, but also any online services that an enterprise relies on internally, such as online portals or other integral services.

Based on the report's findings and the discussion surrounding DoS attacks, below is a brief outline of how to combat this form of cyber warfare:


1  2  Next Page 

Sign up for CIO Asia eNewsletters.