Last week, the Bank of England warned that the perceived risk of cyber attack on financial institutions had risen sharply, noting in its Financial Stability report that “while losses [to cyber attack] have been small relative to UK banks’ operational risk capital requirements, they have revealed vulnerabilities.” The report also warned that if these vulnerabilities were exploited, the cost would be significant.
These warnings follow a year in which fighters allied to Al-Qassam have carried out denial of service attacks against many US-based financial institutions and during which an attack on Spamhaus peaked at over 300 Gbps of traffic. Although most of these attacks were aimed at financial organisations, what is to stop them targeting others or even infrastructure next?
Organisations should be surprised that the internet works so well, rather than be surprised when it fails. This is only an issue because it has become normal to think of the internet as a utility such as power or telecommunications, where a service is paid for with contractually agreed service levels. Out of sight, the internet is cobbled together in a whole series of insecure, sometimes outdated technologies which are lashed together with the sweat and tears of dedicated network engineers.
The internet is also dependent on numerous other factors which cannot be controlled by end users. For example, reliable power and access to cooling is needed; and a global network of cables needs to be protected from being cut by construction machinery or damaged by fishing trawler nets. Then of course, there are risks caused by those acting maliciously, which has happened in the past – and with greater attention being paid by the military to cyber attack, may well happen in the future.
It represents a leap of faith for so many organisations to bet their business model on the internet, which is managed with so few formal controls. The complexity of the internet is growing exponentially while the skills and capability to manage the systems is growing (at best) in a linear fashion. I believe that we will see substantial disruption to organisations, and entire businesses failing through not appreciating that relying on the internet means relying on third party services for which there are no contracts and not even a clear owner.
Organisations should celebrate the miracle that is the internet proving to be so robust for so long and press ahead with business as usual, but having contingency plans in place to survive a sustained loss of internet access is probably wise – from maintaining access to business-critical information to interacting with customers and having appropriate insurance to cover losses. The internet is incredible, but this shouldn’t blind us to the fact that it isn’t a traditional utility and its prolonged failure is a business risk.
Stephen Bonner is head of information protection and business resilience at KPMG LLP
It’s true – technology can fail! And we have a quiz about that!
SEC filing reveals that Elon Musk’s AI firm, xAI, has raised another $6 billion, as…
Two chip veterans named for Intel's board of directors, amid reports of expertise gap after…
Another major city in the United States is to receive Alphabet's Waymo ride-hailing service, with…
Facebook parent confirms its 23rd data centre in the US will be located in Louisiana,…
Federal regulator reportedly cites animal lab at Elon Musk's Neuralink for “objectionable conditions or practices”
President-elect Donald Trump nominates a new chairman to head the SEC, who is a noted…