BSkyB's head of cybersecurity believes enterprises must work together when facing cybercriminals. To this end, the firm is now sharing information with its rivals.
The Internet service provider and broadcasting firm fell foul of the Syrian Electronic Army (SEA) last week. Sky News apps were compromised and the control of Sky's help team Twitter account was also temporarily stolen before the situation was resolved.
BSkyB is simply the latest in a long line of enterprise businesses, rights groups and media outlets which have been targeted by the SEA. This year, news outlets The Guardian and Associated Press have been targeted, and the grassroots Syrian hackers have also previously taken umbrage with CBS, The Onion and Reuters.
A member of the SEA's "Special Operations Division" has said that the group "generally targets the most malicious media, especially those who refuse to cover both sides of the war," according to Vice.
Not only have SEA attacks resulted in financial market spikes due to false tweets sent by media outlets, but confusion reigned when an AP tweet declared President Obama had been attacked. The SEA has pledged to target more enterprise firms in the future, despite web hosts severing ties with the pro-Syria collective.
As such threats are unlikely to cease any time soon, the head of cybersecurity at BSkyB, Phillip Davies, believes it is high time firms took matters into their own hands. As reported by ComputerWorld, Davies wants to see corporations working together to combat both hacktivist and state-sponsored attacks which can result in service outages, data and IP theft, as well as the battering of a company's reputation.
In relation to the BSkyB cyberattack, Davies said that, "Our biggest problem was in communication, and actually getting hold of [those targeted]. They weren’t corporate Twitter accounts, they were individual Twitter accounts, and our biggest problem was getting hold of the people concerned and communicating in a safe and quick way."
BSkyB found that organized cybercriminals, insiders, hacktivists and cybercriminals with a nation-state origin are the top security threats to its business. In light of this, the company is working with other firms to try and both understand and respond to the issue. The cybersecurity chief commented:
"We are collaborating with others to understand what the hactivism threats might look like, because that is a growing area. There is often a discussion that hactivism doesn't necessarily equal an advanced persistent threat, but actually those lines are often blurred. It is about understanding the whole environment, and understanding what threats might be coming our way."
Although difficult to sell to the board at times, the Internet service provider and broadcasting firm is working with peers and competitors; sharing information and modifying its own security infrastructure based on the collaborative effort. As competitors including ITN are "likely to be hit with the same risks that we are," cross-industry work is important if companies as a whole are going to be able to fend off future cyberattacks.
"We want to take that information away and look at what we have got from the police, security services and so on and pull all of that information together," Davis told the publication. "That is where we are working towards at the moment -- we want to be able to better predict the threats that we face looking beyond our network."
In May, former senior officials in the Obama Administration recommended that businesses be spared from prosecution and be given the permission required to 'hack back' at attacking forces. Dennis Blair and Jon Huntsman Jr., leaders of the private Commission on the Theft of American Intellectual Property, said that if less forceful measures to stop cyberattacks and the theft of intellectual property fail, then companies should be able to protect their systems on their own terms.