Letter from the Editor, September 2014
Welcome back from the summer break.
In this issue, Mark Johnson introduces us to cyber crime, security and digital intelligence, a topic close to the heart of every business. The article is an edited extract from Cyber Crime, Security and Digital Intelligence, published by Gower Publishing. AFN readers can purchase Cyber Crime, Security and Digital Intelligence direct from Gower with a 30% discount, using code G8ATZ30 at the checkout.
We are always interested in articles and book reviews written by AFN members and readers. If you would like to contribute to the AFN newsletter or the website in September, please contact us at firstname.lastname@example.org.
There are several factors determining the future shape of the cyber security landscape:
- The rise of the machine readable Web, also known as Web 3.0
- Increasingly vast data storage
- Computer processing at light speed
- Increasingly advanced and persistent threats
- Slow human decision-making speeds and a general lack of awareness
- A growing chasm between cyber security decision needs and cyber security decision capabilities.
The only obvious solution to this conundrum is the complete automation of cyber security decision making, but the technology to support that is far from ready.
In the meantime, we need to learn to live with the challenge and find ways to better protect our information assets from attack, theft, exposure, loss or damage. Cyber security and cyber risks are ubiquitous, which is to say that they are everywhere and of importance to any person or organisation using one or more internet-enabled devices.
The importance of security and the potential impact of the risks are primarily determined by the level of dependency that the person or group has on the technology.
The one word we need to keep in our thoughts is “resilience”. How resilient are we as a sector, community or nation in the event of a major cyber security event? Some sectors are more sensitive than others and there are also strong interdependencies between key sectors (listed below) which suggests the potential for what is called a “cascading failure”:
- Financial services
- Supply chain
- Defence and security
Loss or degradation of service in any one of the above areas is likely to have deleterious effects on the others. This makes these sectors particularly attractive to an attacker as well as making them the most sensitive in terms of accidental failures or natural disasters. Essentially, if you work in any of the areas listed, you should be prepared for the possibility of state-grade cyber attacks and intrusions and you should be putting corresponding state-grade countermeasures in place.
Cyber security risks for financial firms
During the late summer of 2012, a number of leading US banks experienced a serious and apparently coordinated series of Denial of Service (DoS) attacks that lasted for a period of several weeks and in fact, some of the attacks commenced earlier in the year. Senior political figures in the United States, including Senator Joseph Lieberman, chairman of the Senate Homeland Security Committee, reportedly asserted that these attacks originated in Iran, although no evidence to support this statement was put forward in the public domain.
Coincidentally, during the same period the computer systems of the UK’s Royal Bank of Scotland (RBS), one of the country’s largest financial firms, went down due to what was reported to be an internal software failure following an upgrade. Whatever the facts behind these events, it is now clear that western banking was in crisis mode through much of the year due to various types of cyber vulnerability.
The Anti-Fraud Network is a network of professionals who specialise in the prevention and investigation of fraud and white collar crime, and the pursuit of claims arising out of the theft or other dishonest appropriation of assets, corruption, misuse of confidential information or similar breaches of duty. Recovering the proceeds of fraud and corruption is one of the truly global problems facing organisations today. Proceeds rarely stay in the country where they have been stolen. For organisations to recover stolen or corrupt assets they need access to lawyers and professionals specialising in their recovery across the world.
The Anti-Fraud Network is dedicated to providing access to trusted points of contact across the globe and offering a unified first-class international service to clients, at a time when experience, speed, co-operation and highly responsive service are most important.
The Anti-Fraud Network has been Highly Commended by the Financial Times in the 2008 FT Innovative Lawyers Awards Report
Nicholas Burkill of Dorsey & Whitney is an expert in bribery and corruption matters, and is widely considered by sources to be an authority on the implications of the new Bribery Act. Sources describe Burkill as “extremely personable, very bright, client-focused and always looking for the best commercial solutions.”
The Dorsey team is an excellent choice for tax and fraud disputes, and group head Nicholas Burkill is ‘an enormously experienced fraud litigator, with great depth of knowledge; intelligent and hardworking, with an excellent sense of humour. One of the best around’.
Legal 500 2010
Dorsey & Whitney’s practice head Nicholas Burkill is a ‘cool-headed and determined litigator’.
Legal 500 2011