Government 'frightened' of warning public about cyber threats

'They're frightened of frightening people and affecting the economy,' says Peter Wood, CEO of First Base Technologies

The government doesn't properly warn the public warn about types of cyber threats and their consequences because it fears frightening people and affecting the economy.

That's the view of Peter Wood, CEO of First Base Technologies, an information security consultancy that uses penetration testing and ethical hacking to gauge clients' cyber defences.

Wood also warned that police don't have the resources to inform the public about threats posed by hackers.

"Those I know in law enforcement have their hands full just dealing with the results of criminal activities, they have no resources left to talk about it. You'd hope maybe Whitehall would be thinking about what to do in advance," said Wood, speaking during a Trend Micro security roundtable.

"There's always a balance in government between explaining the risks and highlighting them so people can take appropriate protective action and limiting the commercial growth of the internet because a tremendous proportion of the economy now depends on that," he continued.

Wood indicated that he'd taken part in government panels, but those in power don't want to worry the public by divulging how simple it's becoming for criminals to steal information.

"My small experience to being invited to tables in Whitehall suggests they don't want to scaremonger and unfortunately I think they come down too much on the conservative side - with a small 'c'. They're frightened of frightening people and affecting the economy, I think," he said.

Wood had previously discussed how simple it is for cyber criminals to gain access to information including email addresses, user names and passwords through an "Evil Twin" Wi-Fi network attack.

It allows a hacker to set up a service identifier (SSID) to be the same as a wireless network, be it that in a workplace or in a communal space such as a coffee shop, enabling the hacker to see all activity that takes place on the network.

This allows a hacker to steal private data such as personal details or banking information being entered into a device without the user even being aware they're being hacked.

Despite the danger posed by relatively simple hacks such as Evil Twin, Wood said it's been difficult to warn people about the threats.

"We gave a presentation about this at InfoSec about five years ago and it was very difficult to get traction on it. It seems to take people a long time to understand things," he said.

"I fear, from our perspective, that it's ignorance. Most people I try to talk to about security who aren't security specialists are focused on it being one thing, but it's several things coming together, which is what criminals think like and look for, and good nice people don't think about," he said.