Sir Iain Lobban, GCHQ director, told the BBC that secrets are being stolen on an “industrial scale” with the main purpose being to steal intellectual property for national gain – indicating that foreign governments are the threat actors rather than individual hackers.
He added that it’s not just government and military secrets at risk. "We started a couple of years ago thinking this was going to be very much about the defense sector but really it's any intellectual property that can be harvested."
“Everyone is equally a target, and governments, NGOs and commercial organizations need to recognize that this trend is rapidly becoming the new norm,” said Jarno Limnéll, doctor in military science and director of cyber-security for Stonesoft, in an emailed statement. “Worryingly, however, this path will only lead to a lose-lose scenario. Nations need to pull together to pursue international norms and laws regulating the cyber security domain. In the near future, some Western country is likely to face a catastrophic and deliberate cyber-attack mounted against its critical infrastructure and this will result in include human casualties.”
He also said that 70 attacks per month is likely a low estimate.
“Today’s revelation from MI5 and GCHQ strikes me as an extremely conservative figure,” Limnéll said. “With the cyber battlefield increasingly being established as the new norm, nation-states worldwide are pouring resources into developing a range of defensive, offense and intelligence capabilities.”
Lobban admitted that foreign hackers have been penetrating UK networks for years.
“The ferocious, persistent and relentless determination of hackers today has created a need for organizations to deploy robust, real time defenses on their network, so that they can spot and combat threats as soon as they occur – rather than letting cyber crime run rife on our networks unnoticed,” said Ross Brewer, vice president and managing director for international markets at LogRhythm, in an email to Infosecurity. “This requires a level of visibility and protective monitoring that is simply not adopted widely enough yet.”
He added, “With such controversy around cyber espionage as a national security issue, there must also be great efforts to ensure that governments in particular strike a suitable balance between offensive and defensive policies.”