The outbreak of the Stuxnet worm highlights a shift in cyber criminal activity. Traditionally, attacks are dispersed across the internet with a financial motive. Increasingly, they are becoming more specific, targeting particular firms or states in order to obtain data and cause sabotage.
The sophisticated piece of malware has caused fear among governments, businesses and the public
In December 2009, Operation Aurora, a malware designed to extract intellectual property, was targeted at several US-based technology companies. The attack concerned many in the industry as it showed that even giant firms, such as Google and Microsoft, are vulnerable.
The Stuxnet worm has escalated the problem. Perceived as a form of cyber warfare that could be used against a state, the sophisticated piece of malware has caused fear among governments, businesses and the public.
It was deployed in Iran through a single universal serial bus (USB) device, targeting specific Siemens-made components found in critical infrastructure, and modified the codes. It is believed the worm decreased productivity and caused physical sabotage at the Bushehr and Natanz power plants, although Iranian authorities deny this.
Stuxnet was such an advanced attack that even security firms were not prepared for it. The method in which it was deployed demonstrates the risks involved in using such devices. And it is here that the private sector is most vulnerable.
Businesses are increasingly going mobile and taking up cloud computing services, leaving them more open to attack. Sensitive company information is available to access on a variety of different platforms. Without effective encryption on USB devices, smartphones, laptops and other mobile internet devices, such information can be easily accessed by criminals.
Adequate protection is essential, but one of the biggest vulnerabilities facing both the private and public sector is human error. Employee negligence or internal sabotage are impossible to prevent and its effects can be devastating.