By Dr. Guy Bunker @guybunker
This week’s announcement by Europol's European Cybercrime Centre (EC3) that it had signed a Memorandum of Understanding (MOU) with the European Banking Federation (EBF) - which represents 4,500 banks and building societies in the region - to “intensify cooperation between law enforcement and the financial sector”, has significant implications. Just twenty-four hours later the British Bankers' Association (BBA) revealed that 12 government and law enforcement agencies are to use a “pioneering financial crime alert system” to warn banks on the latest threats in cyber-crime and fraud.
This is reminiscent of the sentiment brought to the surface at the Nato Summit, which brought cyber security into global consciousness. Just like Nato’s spearheading of a global unified approach to cyber security is indicative of a global recognition of the real threat imposed, this key collaboration is another step further to creating unified open communications around cyber security best practice policy and key technology innovations and development, as well highlighting potential attacks. The MOU will mean that EC3 and EBF will “exchange expertise, statistics and other strategy information”, including data on the latest cyber threats and new malware and evolving means of payment fraud, a strong step forward towards a global defence against cyber warfare.
The importance for heightened cyber security in organisations that are part of the critical national infrastructure – from banking to business – was further confirmed yesterday by the discovery of the Shellshock virus – a major security flaw that poses a huge potential security threat at every level. It’s thought that 500 million machines could be infected globally (compared to 500,000 with the Heartbleed bug). Shellshock was found in the code of Bash, typically used on non-Windows operating systems – i.e., Mac, Unix and Linux. Servers, home computers, and embedded devices are all vulnerable. All internet users – both consumers and businesses alike - have been warned against using credit cards online. And whilst hackers began to immediately exploit the flaw, posting videos of their exploits online, it is not yet clear if the bug has been exploited for more damaging and widespread purposes. But the seriousness is clear as the US government has rated the cyber risk as 10 out of 10.
As of today, it’s more likely that larger organisations will be directly affected, but we wait for further information. While Cert-UK is reportedly working with partners and industry to ensure that organisations are able to repair systems as soon as possible and the government is working to ensure its own systems are secure, it’s crucial that organisations remain extra vigilant in the protection and management of their critical information for the foreseeable period.