Take the war to enemy’s doorsteps

1543

Companies should take an offensive approach to combating cyber attacks, as the landscape in information warfare has changed over the past 10 years.

This is according to Centre for Information Security executive director Beza Belayneh, who gave a presentation entitled “Information warfare: clear and present danger to the business”, at ITWeb’s Security Summit, in Midrand, yesterday.

“The traditional views on information security have changed. The best way for companies to defend themselves is to destroy, deny and disrupt their enemies before it is done to them.”

The root of information warfare lies in business competition, where information could give one company an advantage over another, noted Belayneh. This makes information that is vital to a firm’s success the target of cyber attacks.
“Businesses should be interested in cyber criminals because cyber criminals are interested in business. Every conceivable business out there is now a target for cyber attacks.”

One of the main points of entry into companies’ information security systems is their own workforce. “As soon as we close the door on cyber attackers, they are coming in through the employee backdoor,” he said.

Belayneh says information warfare can be used to find the weaknesses in a company’s information security strategy as it uses unconventional means to attack. The three-week wave of cyber attacks on Estonia in 2007, and similar events, made the issue of information warfare more prevalent.

The cyber attacks were targeted at the websites of Estonian organisations, including the Estonian Parliament, banks, ministries, newspapers and broadcasters.



Media reports state the attacks ranged from distributed denial-of-service attacks, to using botnets for the purpose of mass spam distribution. A disgruntled ethnic Russian in Estonia was found to be the culprit for the attacks.
“The world should realise cyber attacks are on the rise and cyber criminals are becoming more and more sophisticated. These days anyone can use a Web site to attack another Web site.”