Businesses in Britain are under sustained attack from governments and gangs bent on intellectual-property theft and other cybercrime, with one company suffering millions of pounds in losses, the head of MI5 has revealed.
MI5 boss Jonathan Evans has warned that companies in the UK are fending off an 'astonishing' level of cyberattacks. Image credit: Security Service
They are victims of the black cyber-economy, which has a huge pool of resources to draw on for conducting state-sponsored cyber-espionage and cybercrime, MI5 director general Jonathan Evans said in a speech on Monday.
"Vulnerabilities in the internet are being exploited aggressively, not just by criminals but also by states," Evans told an audience at the Mansion House in London. "The extent of what is going on is astonishing — with industrial-scale processes, involving many thousands of people, lying behind both state-sponsored cyber-espionage and organised cybercrime."
MI5 worked with one major London-listed company that estimated it had lost £800m in revenue as a result of a hostile cyberattack from a state, he said. The damage came through intellectual-property loss and commercial disadvantage during contract negotiations.
"They will not be the only corporate victim of these problems," Evans said.
While the MI5 head did not mention particular attacks, companies have been grappling with threats such as Flame, which Kaspersky Labs has described as "a sophisticated cyber-espionage toolkit primarily targeting Windows computers in the Middle East". The US and Israel developed Flame to collect data on the Iranian nuclear programme, so that the countries could develop cyber-sabotage tools, according to the Washington Post.
MI5 is involved in investigations of cyberattacks on more than a dozen major companies, Evans said. The intelligence service is working with GCHQ, government departments and the police to investigate the attempts, via the Centre for the Protection of National Infrastructure (CPNI). Organisations that may be future targets have been identified, according to Evans.
"What is at stake is not just our government secrets but also the safety and security of our infrastructure — the intellectual property that underpins our future prosperity and the commercially sensitive information that is the lifeblood of our companies and corporations," he said.
He pointed out that businesses face risks not only to core systems, but also to foreign subsidiaries and suppliers.
In addition, the risks of cyberattack to the UK are being exacerbated by the 'internet of things', which will see increasing connections made to the internet by objects such as buildings, cash machines and cars, Evans added.
"This increases the potential for mischief and leads to risks of real-world damage as well as information loss," he said. "We are contributing to the international process of ensuring that the appropriate IT security management standards are in place to manage some of these new risks."