Enterprises need to work collectively with both law enforcement agencies and industry competitors to respond to the rising threat posed by hacktivist groups and state sponsored attacks, according to BSkyB’s head of cyber security.
Internet service provider and broadcasting firm BSkyB last week fell victim to a cyber attack from the Syrian Electronic Army, which compromised a number of Sky News apps on Google’s Play store before the situation was resolved, while the hactivist group also temporarily gained control of the firm’s @SkyHelpTeam Twitter account.
“Our biggest problem was in communication, and actually getting hold of [those targeted by the phishing attack],” explained Phillip Davies, head of cyber and content at BSkyB, speaking at the Info-Crime event in London on Tuesday. “They weren’t corporate Twitter accounts, they were individual Twitter accounts, and our biggest problem was getting hold of the people concerned and communicating in a safe and quick way.”
The attack came in the wake of a more damaging breach by the Syrian hackers directed at Associated Press, which subsequently caused financial markets to temporarily spike last month after a false tweet was broadcast to millions of followers, and the group, one of various hactivist groups targeting large enterprises, has pledged to conduct more attacks on companies in future.
Davies said that although the financial repercussions of the SEA incident were small, and the impact on its own brand minimal, the threat of targeted cyber attacks is an ongoing challenge for BSkyB, and other large enterprises in the UK.
BSkyB has identified four main security threats to its business, including attacks from organised cyber criminals, insider threats, and those origniating from nation states. In addition hactivist groups have targeted the company, with Anonymous previously succeeding in stealing data from the company before posting the information on peer-to-peer sharing site PirateBay.
In the face of such threats, Davies said that working with other companies affected by the same problems is key to understanding and responding to the threats posed.
“We are collaborating with others to understand what the hactivism threats might look like, because that is a growing area,” he told Computerworld UK.
“There is often a discussion that hactivism doesn’t necessarily equal an advanced persistent threat, but actually those lines are often blurred. It is about understanding the whole environment, and understanding what threats might be coming our way.”
In order to mitigate the risk of breach, BSkyB has been working with other companies which have been targeted.
“We have been working very closely with our peers and our competitors, which has been a difficult selling point to our board at times, but it is important that we share information with our competitors because they are likely to be hit with the same risks that we are.
“That cross-industry working is incredibly important, so when we do have an attack, and last week it was the Syrian Electronic Army, we were working closely with ITN and other broadcasters affected, as well as other ISPs too.”
Collaborating on a government level has also been important, and Davies said that one of the benefits of Project Auborn, now the Cyber Security Information Sharing Partnership, was that law enforcement agencies had the opportunity to listen to what businesses have learnt as part of their own experiences.
“There is good cooperation with the government, we work closely with BIS, and we work with law enforcement agencies,” he said.
However there are also challenges with working to combat threats of an international and cross-border nature which create difficulties for law enforcers across the EU for example.
“We are looking at trans-national issues, we are looking at stuff that is outside the UK. It is quite challenging for law enforcement agencies to actually work together to deal with these issues, because when you are looking at legislation like the mutual legal assistance treaty (MLAT), it doesn’t lend itself to closer working with cyber crime.”
Nevertheless, Davies said that the establishment of EU cyber crime agencies has helped share information about cyber threats on a wider scale.
With regards to its own operations, Davies said that the firm is aiming to further improve its collective defences by integrating its own security infrastructure, such as intrusion detection and prevention systems, with the data provided by other external sources.
“We want to take that information away and look at what we have got from the police, security services and so on and pull all of that information together.”
He added: “That is where we are working towards at the moment - we want to be able to better predict the threats that we face looking beyond our network.”