At a press conference in the heart of Silicon Valley, five men in suits posed for a photo that shed unprecedented light on the world's most powerful intelligence agency. partnership in the world.
These men belonged to the Five Eyes spy alliance, each representing the intelligence services of Great Britain, Australia, Canada, New Zealand and the United States. They had never appeared together in public before.
Their smiles for the camera contrasted with the grim warning issued by one of the group members, the head of British MI5 Ken McCallum.
He warned, that the UK has seen a sharp increase in aggressive attempts by foreign countries to steal the country's high-tech secrets. The biggest threat of all: China.
McCallum says more than 20,000 people in the UK have been contacted online by Chinese agents in espionage activities of «epic proportions». » />Five Eyes spy alliance, left to right: Mike Burgess from Australia; Canadian David Vigneault, FBI Director Christopher Wray; Andrew Hampton from New Zealand; and MI5 Director General Ken McCallum Photo: Promotional material
One alleged Chinese spy created fake LinkedIn profiles to contact thousands of British officials, offering them cash, trips to China and paid speaking engagements as ways to reveal state secrets.
Reports of China's secret spy ring in Britain will follow weighing on the minds of City executives as corporations bolster their offices with expensive cyber defenses to protect their data from being stolen by ransomware gangs.
Although some UK companies are now spending millions of pounds on cyber insurance, many remain uninsured.< /p>
UK SMEs are the most vulnerable, according to Jamie McCall, cyber research fellow at the defense think tank. Royal United Services Institute
“Many organizations simply don't see this as an important risk, especially smaller companies. They might think, you know, a cyber attack is something that happens to someone else, or it only happens to large corporations,” he says.
The lack of insurance coverage can be partly blamed on insurance fees.
Ten years ago, cyber insurance was cheap and easy to buy. Insurers have cut prices to stimulate demand in the nascent market.
«Naive insurers entered the cyber insurance market without much cybersecurity experience, writing policies with very high limits and no security requirements. to get a policy. They all went up in flames when the ransomware problem happened,” says McCall.
A rise in Russian-backed cyber hackers demanding multimillion-dollar ransoms from city firms has left insurers facing mounting losses. Some insurers have been forced to exit the cyber risk market entirely.
Profit-seeking insurers have raised prices and made it harder to qualify for protection as many companies fail to meet higher minimum security requirements.
< img src ="/wp-content/uploads/2024/01/c8f1b9082ea44ff710eca6a577b61008.jpg" />Last year, Lloyd's of London began excluding disruptive government-sponsored cyberattacks from its policies. Photo: SOPA Images/LightRocket
Although costs have fallen since then as more cyber insurers re-entered the market last year, how much the policy will actually extend is also hotly debated.
When cyber spies steal trade secrets, the answer is usually simple.
While insurance often covers the costs of subsequent investigation and compliance following a cyberattack, loss of intellectual property and confidential information is typically not covered.
Insurers can easily determine the value of financial losses based on company information. Day-to-day operations are disrupted, but trade secrets are not.
“They are difficult to value. That doesn't mean there's no damage, but it's more difficult for insurers to quantify, says Josephine Wolfe, associate professor of cybersecurity policy at Tufts University in the US.
More complicated is the question of who pays the insurance company bills. in the event of a catastrophic cyber attack.
Lloyd's of London, the world's largest and oldest global insurance market, last year began excluding disruptive «state-sponsored» cyber attacks from its standard insurance policies.
The new rule prohibited insurers from selling protection against government attacks. sponsored cyber attacks that are so severe that they have a «significant impact» on a country's ability to function.
It sought to protect insurers from the enormous costs of systemic cyber warfare by updating war exclusions first introduced to protect previously engaged risk managers from costs to replace sunken battleships during the Spanish Civil War.
“ Think of the digital equivalent of a nuclear strike. A remote possibility like a nuclear strike is not something insurers can cover as standard,” James Burns, head of cyber strategy at insurer CFC Underwriting, wrote on LinkedIn.
The changes came after how Western powers blamed Russia for the 2017 NotPetya hack, one of the most devastating cyberattacks in history that took down the computer systems of companies in more than 60 countries.
After a lengthy legal battle, insurers were left on the hook for -for billions of dollars in insurance claims.
However, it is unclear how cyber exceptions will work in practice.
“We haven't seen them in many big tests yet. We haven't seen many attacks where insurers have rejected large claims and people have gone to court to find out what it all really means,” Wolf says.
This uncertainty will add to companies' concerns about reports that Chinese spies are hiding in their systems, laying the groundwork for future cyber warfare.
Potential danger Undetected spies were exposed last year after the Chinese hacking group Volt Typhoon was caught hacking into a US communications system at a key military outpost in the Pacific.
Cyber attackers from China have been hiding in the island's IT system since 2021 through a «stealth and targeted» hacking campaign.
Microsoft security researchers said with «moderate confidence» that the stealthy attack explored ways to disrupt critical communications infrastructure between the United States and Asia in future crises.
The discovery raised fears that Beijing would try to cut off U.S. military channels during invasion of Taiwan, a longtime US ally located less than 2,000 miles from the outpost.
This sparked worldwide alarm from Five Eyes, with the UK's cyber security agency later calling on critical national infrastructure operators to «take action to prevent attackers from hiding on their systems.»
Rafe Pilling, director of threat intelligence at Five Eyes US cybersecurity company Secureworks states: “You can't just push a button and launch a cyber attack like you would a missile. All access must be secured up front,” he says.
Renewed concerns about Chinese espionage will serve as a reminder that while insurers are meant to take risks, there is a limit to how much they can protect. proposal.
“Companies can't just think that insurance will be a panacea. They have to do everything themselves,” says Jonathan Kewley, partner and co-chair of the global technology group at law firm Magic Circle Clifford Chance.
The smiles at the Silicon Valley press conference suggest the alliance is working furiously. to protect Western infrastructure from attacks too destructive to insure against.
Свежие комментарии