MI5 boss: “astonishing” amount of cyber attacks

Scaremongering, says Cambridge security researcher.
  • Liam Tung (CSO Online (Australia))
  • — 27 June, 2012 11:36

MI5 Director General Jonathan Evans says there is an “astonishing” level of aggressive internet vulnerability exploitation by both state-sponsored and organised cybercrime groups.

Speaking in London on Monday at the Lord Mayor’s defence and security lecture ahead of the London Olympics, Evans said both attack groups put the nation’s secrets, infrastructure and intellectual property at risk of serious damage.

Cyber security stood alongside terrorism and ‘hostile intelligence as a primary concern for the agency that was clouded by “uncertainties we can be certain about” and “those things we remain uncertain about”, said Evans in a nod to Donald Rumsfeld’s famous quote.

One thing Evans was certain about was the real financial threat to business from “hostile state” cyber attacks, pointing to a case where he claimed an unnamed London listed company that MI5 worked with, following such an attack, suffered £800m in losses.

The massive losses were incurred through IP theft and a weakened bargaining position during contractual negotiations, he said.

While he did not urge companies to necessarily invest in security measures, he recommended the boards of all companies “consider the vulnerability of their own company to these risks as part of their normal corporate governance” and that they demand their advisors and suppliers do the same.

Cambridge University security researcher Ross Anderson told CSO.com.au Evans’ speech was “the same old scaremongering”, accusing the UK Cabinet Office of peddling in a report that estimated the cost of cybercrime in the UK at £27 billion a year.

Anderson contended the UK would achieve better results by spending more on law enforcement and less on anticipatory security such as antivirus.

Cyber security has also become a more vital source of funding for the UK’s “Single Intelligence Accounts”, which include MI5, MI6 and its signals intelligence agency, GCHQ, which in 2010 scored the bulk of the UK’s £650m four year budget to tackle cybercrime, according to a 2011 analysis by The Register.

MI5‘s Evans warned the risk of “real world damage” would increase as more offline networks connected to the internet, referring to the ‘internet of things’. While established terrorist groups had not posted a major ‘cyber’ threat to critical infrastructure, he expected them to become versed in how to do it in the future.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

NetIQ PCI DSS Compliance Suite

The pressure to satisfy compliance requirements can be overwhelming.

more »

Submit your own security event

Submit your training courses

Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.

Read More
more »