Britain’s businesses are being left vulnerable to crippling cyber attacks due to a severe lack of security skills, according to a technology trade body. The Institute of Engineering and Technology found that barely one in ten small to medium enterprises (SMEs) had “sufficient skills and resources in place” to repel threats from …
I wondered about that, as a friend of mine mentioned the option of WiFi used for industrial control/monitoring systems. Amazing how dumb the cost saving of not having to install a dedicated (and hopefully air-gap isolated) wired network can be.
Most SMEs dont have dedicated resources for anything (payroll, employment law, purchasing,)The real dissapointment is how few commodity service provider (cloud, ASPs etc) make any real policies or service levels around security either.
But I doubt IET will take on the provider community.
The world was given a vivid insight into the potential costs of a well executed cyber attack last week when the Syrian Electronic Army hacked into the Associated Press Twitter account and sent a false message saying a bomb at the White House had injured President Obama.
If hacking into someone's Twitter account is what you consider to be a cyber attack then I think you need to go back to school.
Twitter has always been full of unverifiable and spurious bullshit. It is, in a sense, its own remarkable piece of social engineering in getting people to take anything carried on, what is essentially a gossip network, it seriously. Clever use of it would be nice pump and dump scheme, or in the instance you cite, naked shortselling to make fat profits.
Under virtually every definition of what could possibly constitute a 'cyber attack', this qualifies, stop being so sniffy. Also if you can make the Dow drop by 140 points on rumour alone, who cares if Twitter is full of unverifiable bullshit? It can still have real world effects, obviously.
RF jamming ?
Since when is that supposed to be an issue ? Sure, it'll work the first day or two, if the company was stupid enough to use a WiFi router for all its networking needs, but somebody's bound to notice that the jamming starts when a given van is parked not far away and when they do, the cops will be bringing down that attack venue pretty quick.
Internet vulnerabilities are dangerous because they are (almost) anonymous, overwhelming, are hard to block when they start and can come from any point in the world, which (in most cases) immunizes the attacker from judicial oversight. So it's easy, carries almost no risk and requires next to no physical effort.
RF jamming needs physical proximity to the target, which then forces the attacker to contend with real-life covert activity requirements. Not to mention that a van has somewhat more complicated temperature-control issues, and an idling vehicle staying in place for hours at a time is going to garner attention.
I file that the Unlikely Attack Venue folder. Especially since a simple Ethernet cable is all it takes to thwart the attack completely.
Re: RF jamming ?
"Since when is that supposed to be an issue ? Sure, it'll work the first day or two,"
I think an hour or so might be enough to cause a chemical plant to go seriously wrong!
Never underestimate the ability of dumb people to get stupid things done in places you never imagined possible.
Re: RF jamming ?
I've seen a microwave link get messed up by a judiciously placed pane of glass. Of course, if you look down the line of sight you can see the other aerial, so that was a particularly fun one to work out.
no shortage of skills, shortage of skills at the pricepoint
People complaining about the severe lack of security skills mean the lack of skills available cheap. Or ability to buy it in from offshore. There's no shortage of actual skills in the marketplace just not in the low budget range of wage slavery the average SME allocates to the task.
And hark at gchq with their degree program. Maybe if they paid the going rate they wouldnt need all that bluster either. Maybe they'll insulate people from the reality that they can get x3 the money in industry with the same skill set by only exposing them to the world of their propoganda and degree training.
Money, its always down to that in the end. I'm surprised nobodys suggested relaxing background checks and demanding more visa's for brought in resource yet.