Top 10 security stories of 2013 so far

Stuart Sumner
clock • 13 min read

Computing looks back at the most important cyber security stories of the past six months

8 - Outsourcing a 'major component' of two-thirds of IT security lapses

Outsourcing was identified as a key attack vector in almost two-thirds of security investigations carried out by security services company Trustwave, again in February.

The claim was carried in the company's 2013 Global Security Report, which draws on the incident-response investigations that it has carried out on clients' behalf, as well as the results of thousands of penetration tests and millions of website and web application attacks.

"In 63 per cent of incident response investigations, a major component of IT support was outsourced to a third party... Many third-party vendors leave the door open for attack, as they don't necessarily keep client security interests top of mind," stated the report

In some cases, organisations that have outsourced a portion of their IT functions are unaware of the demarcation between themselves and their outsourced partner, leaving gaping holes that no one takes responsibility for. This also accounts for a large proportion of the attacks in the retail sector, added the report, because many small retail chains outsource some or all of their IT functions.

7 - European Union security directive slammed by Ross Anderson

Earlier this year computer security guru Professor Ross Anderson criticised the European Union's proposed computer security directive which, he says, represents "yet another unfortunate step towards the militarisation of cyberspace".

The directive forms the centrepiece for the EU's new cyber security strategy, which was launched in February.

In an analysis, Anderson wrote that "it will oblige member states to set up single 'competent authorities' for technical expertise, international liaison, security breach reporting and CERT [computer emergency response team] functions. In the UK, these functions are distributed across GCHQ, MI5/CPNI, the new National Crime Agency, the Information Commissioner's Office and various private-sector bodies".

As a result, it will no doubt put the security services in de facto charge of the internet, while also damaging co-operation between government agencies and the private sector, which runs most of the internet infrastructure in the UK and across Europe.

"Centralisation will not just damage the separation of powers essential in any democracy, but will also harm operational effectiveness. Most of our critical infrastructure is in the hands of foreign companies, from O2 through EDF to Google; moving cyber security co-operation from the current loose association of private-public partnerships to a centralised, classified system will make it harder for most of them to play," he added.

6 - Arms dealers turn to cyber security

Arms vendors are moving into the cyber security sector in response to a decline in sales of their traditional weapons, according to the Stockholm International Peace Research Institute

It is the first time that annual arms sales have fallen since 1994. According to the Institute, the 100 largest arms-makers' revenues fell by five per cent in 2011 and, in response, many are moving into cyber security as this is an area of security spending that has not yet come under pressure from government austerity measures.

"Companies such as Raytheon, BAE Systems and EADS Cassidian are seeking alternative revenue channels from the civilian sector while maintaining ties to military spending in this market. These companies' cyber security activities are focused on data and network protection software and services; testing and simulation services; training and consulting services; and operational support," claimed the Institute.

Furthermore, these cyber security services are also in demand worldwide among governments of all types, with demand stimulated by recently uncovered threats. The Stuxnet and Flame attacks against Iranian nuclear facilities, especially, demonstrated how national infrastructure can be targeted by determined attackers even when the supporting computing infrastructure is not internet-connected.

[Turn to next page for the Top Five]

Related Topics

You may also like
UK data regulator finds gaps in Google's Privacy Sandbox proposals

Privacy

UK data regulator finds gaps in Google's Privacy Sandbox proposals

Concerns shared with the Competition and Markets Authority

clock 22 April 2024 • 3 min read
Leicester Council confirms ransomware attack

Hacking

Leicester Council confirms ransomware attack

Hackers are now publishing stolen data

clock 05 April 2024 • 3 min read
Long Reads: A chance meeting cost this CIO £400,000

Security

Long Reads: A chance meeting cost this CIO £400,000

Betrayal, bewilderment and Bank of America

clock 02 October 2023 • 7 min read
Stuart Sumner
Author spotlight

Stuart Sumner

View profile
More from Stuart Sumner

The Metaverse is 'a grand folly' say CIOs and Zuckerberg's actions are 'terrifying'

'Whole world of complexity' for energy companies to deliver on government promises, says energy CTO

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

Get the newsletter

More on Security

Maritime security: 'Hacking a ship is just like hacking a Tesla but bigger'
Security

Maritime security: 'Hacking a ship is just like hacking a Tesla but bigger'

Cyberattacks on shipping up 400-500% in five years, Lloyds List Intelligence

John Leonard
John Leonard
clock 16 May 2024 • 4 min read
Tories self-refer to ICO over data breach
Security

Tories self-refer to ICO over data breach

Revealed hundreds of personal email addresses by forgetting to BCC

Tom Allen
Tom Allen
clock 15 May 2024 • 2 min read
Why cybersecurity staff burn out, and what to do about it
Security

Why cybersecurity staff burn out, and what to do about it

The 'cyber skills gap' results from lack of support, career path and understanding risk

John Leonard
John Leonard
clock 14 May 2024 • 13 min read