Cyber Threats To UK Business | Titania

Q&A with Ian Whiting of Titania

Ian Whiting is the founder and CEO of Titania, which won the NFU Mutual-sponsored 2014 British Chambers of Commerce Small Business of the Year award.

Titania is a network security auditing and compliance software company and Ian has over 15 years’ experience in the industry. During his career he has worked with organisations and government agencies globally, in order to help them improve their information security.

Here he gives his opinions on the threats which UK businesses face from cyber criminals and what they can do to protect themselves.

Q. What types of businesses are targets for cyber criminals?

A. Any company with an internet connection is a potential target and it does not matter if the business is small or large. If you are part of the supply chain, you may even have third party access to your systems in some form. We can look at the breach suffered by Target and note it was compromised through a HVAC (Heating, Ventilation & Air Conditioning) supplier. Other companies, such as Sony, have been breached by exploitation of customer access points.

These breaches came with huge commercial cost and embarrassment, but there is also wide concern around the vulnerability to direct attacks of SCADA Industrial Control Systems.  We have seen such an attack recently in Germany where a steel manufacturer suffered severe damage to their manufacturing plant. The consequences of similar attacks on SCADA systems have the potential to provide immediate repercussions across a wide range of Critical National Infrastructure (CNI) facilities.

Q. What motivates cyber criminals?

A. Interests can vary hugely. From financial crime, intelligence gathering, corporate espionage, state sponsored attacks or hacktivism to publicity and marketing for a cybercrime tool. Short-lived stunts such as defacing a high-profile website for publicity do not require in-depth skills, yet they can wreak serious havoc for legitimate businesses.

Regardless of the motivation of a malicious actor, organisations operating online need a correct evaluation of their risks and a threat response policy, in order to minimise operational disruptions.

Q. What are the biggest cyber threats to businesses in 2015 and beyond?

A. The big attacks that target the internet’s core infrastructure, by leveraging open source code vulnerabilities such as Heartbleed, Shellshock and Poodle will become more common, simply for the scalability and level of damage that can be caused.

Q. What are the most effective ways to protect your business?

A. Navigating today’s threat landscape has become an increasingly difficult challenge for businesses of all sizes. Security is an issue that needs to be addressed from different angles for it to become efficient. Governments and regulatory bodies must issue clear guidance and practical, easy-to-apply measures that deter abuse of the virtual space. Directorial and management boards need to recognise the criticality of cyber risks and include it in budget and strategic planning.

In the UK, the government has published a best-practice scheme called Cyber Essentials. The guidance provided by the scheme provides basic controls that businesses can put in place in order to help protect against the most common attacks. Even small changes, such as educating and helping staff understand common threats and tackling spam can make a huge difference to the security of an enterprise. On the other side, the industry needs to do its part by tackling difficult to understand technical jargon.

Finally, compliance remains a necessary measure to ensure a minimum level of security for most organisations in the UK. The US private sector seems to achieve more with the carrot of security, instead of the stick of compliance. Perhaps it is time for the security industry to learn how to leverage the benefits of safety as opposed to the fears of non-compliance.

Q. What are the biggest barriers to protecting against cybercrime?

A. Technology has emerged at break-neck speeds, so adoption in personal and professional capacity was an expected consequence. Meanwhile the information security community has been left to hold the front as 3bn people with different levels of understanding moved online. Hence lack of awareness of risks is probably the biggest barrier to cyber security.

Q. How does Titania help businesses to protect themselves?

A. We discover vulnerabilities that scanners and other standard network tools, leave undiscovered. By providing clear practical reporting on critical vulnerabilities, including how to mitigate them, we remove security knowledge gaps and enable risk reduction, at all levels of an organisation.  
Businesses can now close previously unknown attack opportunities, quickly and at low cost.
Our tools provide such an intuitive, flexible and secure audit process that they have won multiple awards and are used in over 60 countries. Key to this success, is our free trial, which allows organisations to see their power for themselves. 

Q. How are the authorities faring in the fight against cybercrime?

A. On a national level we are starting to see more governmental initiatives in terms of guidance and bite-sized information that can be applied straightaway. Law enforcement and the justice system struggle with outdated laws that leave technological crime in a grey area. The European Union offers regulations and inter-state cooperation like Europol, but it also needs to include businesses and find satisfactory policies which do not sacrifice ease of trade for security.

Q. How can businesses keep up to date with the latest cyber threats?

A. There are a few reliable sources that can be checked with confidence for live updates as well as security recommendation. US-CERTCERT UKSANS ISC (Internet Storm Center)IETF and SCAP are a few of the official security institutes and standards institutions that provide live updates on emerging threats and offer quick, free-of-charge solutions.

The original article can be found on the NFU Mutual website.