Feeds

Experts: Firms need to come clean about cyber attacks

Dutch counter-terrorism head says gov was last to know on DigiNotar hack

Protecting users from Firesheep and other Sidejacking attacks with SSL

LCC Businesses need to ‘fess up when they’ve been the victims of cyber attacks, experts at the London Conference on Cyberspace (LCC) said today.

Government and biz bosses said that even though companies didn’t really want to own up to having been breached, they needed to start sharing information with officials to protect critical infrastructures.

Erik Akerboom, president of the Cyber Security Council in the Netherlands, said that his government needed to know about the DigiNotar hack when it happened, not later on.

“We needed information at the time that DigiNotar was hacked; it was hacked in June but we didn’t find out then,” he said.

Digital certificate firm DigiNotar was hacked in June this year and forged Google.com SSL credentials were then used to spy on 300,000 Iranian internet users. The incident was notorious over the summer when it was discovered that the firm’s security was wholly inadequate, and because it took so long for the company to come clean.

DigiNotar only started to revoke certificates in mid-July, and didn’t go public with the security issue until August. The company subsequently filed for bankruptcy, having lost all the trust its business relied upon.

Akerboom said that the Netherlands was considering making it compulsory for firms to inform the government when their networks were attacked, but the government would then keep the information confidential to protect the companies' business.

Matthew Kirk, group external affairs director at Vodafone, said it would be tough to make businesses disclose attacks without a better trust relationship between companies and governments.

“Our instinct as a company is much more self-regulation rather than compulsory on almost everything. But I think there’s a critical role for government, which is not so much compulsion but creating... trust,” he said.

“I think it needs to be done in an atmosphere where it’s actually in the companies’ interest to disclose,” he added.

Harry van Dorenmalen, chairman of IBM Europe and also a member of the National Security Council in the Netherlands, was more forceful about what should be expected of the private sector.

“I think the private sector in general needs to step up much more than they do,” he said, adding that if businesses found it difficult to go to the government individually, they should consider presenting issues to the government through business groups.

“That’s an appeal to the private sector to step up, be vocal and be connected,” he said. ®

The next step in data security

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.