E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: ComputerWeekly.com

Posted on June 13, 2011

The security breach at the International Monetary Fund underlines the need for legislation on cyber security, says a privacy, data protection and data security lawyer.

It emerged at the weekend that the International Monetary Fund (IMF), which holds sensitive economic data about many countries, was targeted by a sophisticated cyber attack earlier this year.

Cyber security officials said the hack, which took place over several months, was designed to instal software to create a digital insider presence at the IMF, according to the BBC.

IMF staff were notified of the attack in an e-mail last week. The e-mail from IMF management said suspicious file transfers had been detected, and that an investigation had shown that a desktop computer had been compromised and used to access IMF systems.

David Beesley, managing director of consultancy Network Defence, says spear phishing is difficult to defend against because it primarily targets users not PCs, and the information that attackers can gather from social networking sites makes the phishing e-mails look very convincing.

"Really, firms need to use a mix of user education and layered security solutions to defend themselves. Employees should be aware that even plausible-looking e-mails should be treated with suspicion, and IT teams should look at their AV and anti-spam solutions to try and stop malware propagating. Using Web proxies can stop executables and exploit code from reaching desktops, and intrusion detection systems can help spot unusual data traffic movements," David Beesley said.

The internal IMF memo said there was no reason to believe personal information was sought for fraud purposes. However, the IMF has declined to comment officially on the extent or aims of the attack, saying only the organisation remains fully functional.

News of the attack on the IMF has raised fresh concerns that similar cyber attacks could be directed at critical national infrastructure (CNI) organisations with potentially life-threatening consequences.

News of the IMF attack is troubling, providing yet further evident of systematic attacks on critical infrastructures and systems, says Stewart Room, partner at London law firm Field Fisher Waterhouse.

"How long will these attacks be tolerated before politicians react to pass general legislation for cyber security?" Stewart Room asked in a blog post.

According to Room, legislation is desperately needed. The first priority is to protect CNI, he says, but because there is no clear way to determine what is CNI, it would be more appropriate to introduce legislation that contains a general obligation for security.

This would mean that, where a person or organisation is in control of data and/or computer and communications systems, they should be responsible for assuring resilience to prevent harm to national interests, society, the economy or individuals.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.