Following news that Chinese spies have reportedly stolen the designs for Australia’s new warplane, Andrew Mabbitt, Security Consultant at MWR InfoSecurity, has given the following comment.
“With the cost of research and development being in the hundreds of billions of pounds and taking numerous years, it’s no wonder that companies and nation states would be interested in launching cyber-attacks to steal intellectual property for a fraction of the price and time.
Free eBook: Modern Retail Security Risk – Get your copy now.
“It is worth noting that despite all of the reporting around the prevalence of cyber attacks, relatively few actual cases get reported. This case was found in the Snowden leaks and is the tip of the iceberg. Attacks are happening to all sizes of business and in most, if not all, industries.
“Protecting the information can be difficult as well, as a highly complex, multi-party project such as the F35 will require a high level of collaboration by a number of different organisations. Compromise of one of those organisations will allow access to whatever information that company has access to and may be used as a foothold to other organisations. For example, the widely reported attack on the retailer Target was believed to have been conducted through a link from a supplier.
“Alternatively, MWR is seeing a heightened amount of end-user targeted attacks such as spear phishing due to their successful nature. These targeted attacks rely more on the susceptibility of the end-user rather than the misconfigured servers.
“Protecting information therefore requires a robust approach that focuses on protecting the key pieces of information through segregation, hardening and aggressive monitoring for potential attacks, even those that might come through links to trusted partners or originating from the computers of users.”
By Andrew Mabbitt, Security Consultant, MWR InfoSecurity
About MWR InfoSecurity
Established in 2003, MWR InfoSecurity is a research-led information security consultancy, with a client list consisting of Dow Jones, NASDAQ, FTSE 100 companies and Government agencies & departments. MWR consults with clients around the world, providing specialist advice and services on all areas of security, from mobile through to supercomputers.
Central to its philosophy is the desire to deliver high quality cyber security consulting services and unsurpassed levels of support to clients. MWR’s focus is working with clients to develop and deliver a full security programme, tailored to meet the needs of each individual organisation.
MWR’s services range across professional and managed services, technical solutions and training covering areas such as security research, incident response, web defense, phishing, mobile and payment security.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.