We are sharing info with competitors to combat cyber threats, says BSkyB

BSkyB last week fell victim to a cyber attack from the Syrian Electronic Army

Enterprises need to work collectively with both law enforcement agencies and industry competitors to respond to the rising threat posed by hacktivist groups and state sponsored attacks, according to BSkyB's head of cyber security.

Internet service provider and broadcasting firm BSkyB last week fell victim to a cyber attack from the Syrian Electronic Army, which compromised a number of Sky News apps on Google's Play store before the situation was resolved, while the hactivist group also temporarily gained control of the firm's @SkyHelpTeam Twitter account.

"Our biggest problem was in communication, and actually getting hold of [those targeted by the phishing attack]," explained Phillip Davies, head of cyber and content at BSkyB, speaking at the Info-Crime event in London on Tuesday. "They weren't corporate Twitter accounts, they were individual Twitter accounts, and our biggest problem was getting hold of the people concerned and communicating in a safe and quick way."

The attack came in the wake of a more damaging breach by the Syrian hackers directed at Associated Press, which subsequently caused financial markets to temporarily spike last month after a false tweet was broadcast to millions of followers, and the group, one of various hactivist groups targeting large enterprises, has pledged to conduct more attacks on companies in future.

Davies said that although the financial repercussions of the SEA incident were small, and the impact on its own brand minimal, the threat of targeted cyber attacks is an ongoing challenge for BSkyB, and other large enterprises in the UK.

BSkyB has identified four main security threats to its business, including attacks from organised cyber criminals, insider threats, and those origniating from nation states. In addition hactivist groups have targeted the company, with Anonymous previously succeeding in stealing data from the company before posting the information on peer-to-peer sharing site PirateBay.

In the face of such threats, Davies said that working with other companies affected by the same problems is key to understanding and responding to the threats posed.

"We are collaborating with others to understand what the hactivism threats might look like, because that is a growing area," he told Computerworld UK.

"There is often a discussion that hactivism doesn't necessarily equal an advanced persistent threat, but actually those lines are often blurred. It is about understanding the whole environment, and understanding what threats might be coming our way."

In order to mitigate the risk of breach, BSkyB has been working with other companies which have been targeted.

"We have been working very closely with our peers and our competitors, which has been a difficult selling point to our board at times, but it is important that we share information with our competitors because they are likely to be hit with the same risks that we are.

"That cross-industry working is incredibly important, so when we do have an attack, and last week it was the Syrian Electronic Army, we were working closely with ITN and other broadcasters affected, as well as other ISPs too."

Collaborating on a government level has also been important, and Davies said that one of the benefits of Project Auborn, now the Cyber Security Information Sharing Partnership, was that law enforcement agencies had the opportunity to listen to what businesses have learnt as part of their own experiences.

"There is good cooperation with the government, we work closely with BIS, and we work with law enforcement agencies," he said.

However there are also challenges with working to combat threats of an international and cross-border nature which create difficulties for law enforcers across the EU for example.

"We are looking at trans-national issues, we are looking at stuff that is outside the UK. It is quite challenging for law enforcement agencies to actually work together to deal with these issues, because when you are looking at legislation like the mutual legal assistance treaty (MLAT), it doesn't lend itself to closer working with cyber crime."

Nevertheless, Davies said that the establishment of EU cyber crime agencies has helped share information about cyber threats on a wider scale.

With regards to its own operations, Davies said that the firm is aiming to further improve its collective defences by integrating its own security infrastructure, such as intrusion detection and prevention systems, with the data provided by other external sources.

"We want to take that information away and look at what we have got from the police, security services and so on and pull all of that information together."

He added: "That is where we are working towards at the moment - we want to be able to better predict the threats that we face looking beyond our network."

Join the CSO newsletter!

Error: Please check your email address.

Tags BSkyBGooglesecuritytwitter

More about EUGoogle

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Matthew Finnegan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts