From: Financial Times
By Brian Groom, Business and Employment Editor
Cabinet ministers will warn FTSE 100 bosses on Wednesday that responsibility must start at board level if they are to counter the growing threat to their operations from cyber attacks.
At a private conference at the Foreign Office in London, company chiefs will be told by Iain Lobban, director of the Government Communications Headquarters, that his organisation sees “credible threats to cybersecurity of an unprecedented scale, diversity and complexity”.
GCHQ has seen “determined and successful” efforts to steal intellectual property, take commercially sensitive data and exploit information security weaknesses by targeting partners, subsidiaries and supply chains.
In a sign of how seriously the threat is perceived, the event will be attended by chairman and chief executives of FTSE 100 companies in sectors including retail, telecommunications, finance, defence, information technology and energy.
They will be addressed by William Hague, foreign secretary, Vince Cable, business secretary, and David Willetts, the business department minister responsible for cybersecurity. Sir Michael Rake, chairman of BT, will give a business view.
In advice to be issued to companies, the government cites the case of a UK biotechnology company that was ready for a product launch after five years of research and development costing £1bn.
Eight months before the launch, the research director received an email that appeared to be from a colleague with a PDF of a relevant scientific paper. In fact it was a fake containing malware that enabled an attacker to steal the research.
A foreign competitor was able to release a cheaper version of the product on to the market ahead of the UK company, which lost important contracts and found itself beaten to the market with additional products.
Mr Willetts told the Financial Times that this and other examples were “anonymised and simplified versions of incidents of which GCHQ is aware”.
In June, MI5, the Security Service, warned that a foreign state-sponsored cyber attack against the computer systems of an unnamed big listed British company had cost it £800m in lost potential revenues.
In its guidance to companies, the government will warn that cyber risk must be managed at board level. It urges directors to have a full picture of the damage a company would suffer if sensitive information were stolen or online services disrupted.
For operational managers, it gives advice on issues such as limiting the number of privileged user accounts and how to secure data when staff are working at home or whilst mobile.
Mr Willetts said: “Cyber attack is one of the biggest single threats to British business. It’s a threat to their intellectual property, to the delivery of their services and to personal data they hold.”
He said the conference was an opportunity for senior ministers and the head of GCHQ directly to explain the threat to the heads of British businesses and give practical advice on steps they can take to tackle it.
He added: “I don’t think we have yet reached a stage where it is part of a standard board-level assessment of risks facing a company.”
Mr Lobban said the technical level of attacks was growing exponentially. “What was considered a sophisticated cyber attack only a year ago might now be incorporated into a downloadable and easy to deploy internet application, requiring little or no expertise to use.”
Leave a Reply