As anyone who’s read the headlines in recent weeks will know, cyber attacks present a growing threat to businesses and IT infrastructures of all sizes. It’s a menace that’s increasing and evolving on an almost daily basis with the number of cyber-attacks on businesses and government growing at a seemingly exponential rate.
It’s now obvious that this is no longer the preserve of a few troubled or anarchistic individuals, but a sustained, organised and sophisticated attack from criminals, states and other organisations designed to wage war on business and on governments. Their targets are financial institutions, corporations and state organisations.
They are stealing money, but far more importantly, they’re also appropriating ideas, blueprints, plans and strategies. As we all know IP is the lifeblood of any business, the future of their operations and this is the kernel of information that the hackers are after.
According to William Hague, UK Foreign Secretary there has been an “alarming” rise in the levels of cyber crime. “There are a rapidly multiplying set of challenges in cyberspace on government and institutions,” he says.
Cybercrime has been estimated to cost the global economy $1trillion a year – almost 1.75% of global GDP. No doubt Britain’s industry is attracting attack because of its intellectual property. We are a nation based on ideas and organisations have billions of pounds worth of them stored away on their systems. But unlike our financial reserves, they are not sitting in vaults or under armed guard, so we need to take action in order to protect them.
So how can companies protect themselves from cyber-attack?
The current security landscape is facing a perfect storm of cyber threats with an ever-increasing number of Internet enabled devices, governance and compliance models failing to provide true security, a sophisticated and evolving threat from cyber-criminals and finally, high IT complexity.
It’s clear from the number of high profile breaches that we’re seeing day in day out that the traditional approach to security is failing to keep these rapidly evolving and increasingly sophisticated threats in check. So a new, trusted framework for data security is needed to protect organisations of all types, both now and in the future.
It has taken us almost 15 years to admit to the truth, but it’s clear that layered security isn’t that solution, as it simply does not provide adequate enough protection for industry..
A crucial starting point for any security solution is to have a strong foundation of trust in all endpoint devices. That starts by knowing that the PC has not been changed by a third party and extends to verifying the identity of the device itself. I believe that organisations should seriously consider adding device identity as an independently managed layer to help protect their data.
This device-based security solution offers unmatched protection, particularly for modern day organisations where workforces and their devices are mobile and move beyond the safety of the firewall. It will also play a key role as organisations continue to move towards the Cloud and prepare to face the unique security challenges that this evolution in IT infrastructure will present.
The Trusted Platform Module, a security chip attached to a computer’s motherboard, can provide this solution. It establishes automatic and transparent authentication of known network devices and users; and, because the TPM chip is physically part of the device, it’s uniquely suited for creating and verifying strong device identities and ensuring only authorised access to networks.
But this type of in-device security isn’t something for the future, it’s already here. About half a billion business grade PCs and laptops are already equipped with the technology and so the chances are your organisation already has the foundations to put these solutions into place. It’s perhaps no wonder then that the framework is being championed by major organisations, enterprises and governments across the globe
Up until now many organisations have accepted data breach and any subsequent financial loss as a ‘cost-of-business’. As a result they’ve been reluctant to explore and adopt a new security standard. However the landscape is changing. The level of threat organisations are experiencing has risen sharply over the past two years and the costs in terms of financial theft, but more importantly IP theft, are becoming unsustainable.
It’s only a matter of time before action is taken and very soon, governments too will be demanding a compliance solution that is true and proven. In fact, the EU is already looking at data regulation and compliance, and is expected to issue much more focused legislation.
The Trusted Computing open standards already have the support of the UK and US governments. Indeed, the information Commissioners Office and the Cabinet Office are actively promoting the benefits of Trusted Computing; so perhaps it’s time you did too.