Infosec 2015: Power, money and propaganda are main aims of cyberattacks, says GCHQ chief

GCHQ's cyber security chief warned that the nation's businesses are at risk of being attacked by criminals and terrorists whose main motivations are money, power and propaganda.

Giving a keynote speech at the Infosec conference held in London this week, the intelligence agency's Director General for Cyber Security, Ciaran Martin, said that organisations should take their lead from GCHQ and render them as "irrelevant as possible".

He said that in the last 10 years, the security industry has moved from talking about "what might happen" to what is now happening on a daily basis". He told delegates that it had fallen to the agency to be the UK's "top scarer". He explained that the three main motives in cyber-attacks were money, power and propaganda - particularly as intellectual property and corporate reputation gain increasing importance to organisations.

"We're genuinely surprised at the variety of UK organisations that can been subject to intrusion," he said. He urged firms to think about what would make them "attractive as a target" to criminals as a good way of approaching IT security.

Martin said that organisations faced too many incidents to be concerned about "stopping attacks everywhere" and now the main aim in IT security was to protect "what you care about most".

But the UK market, despite increased awareness of attacks, displayed a "relative immaturity of norms and practices", even in supposedly secure institutions, said Martin. He hoped that new GCHQ standards would prevent the sorts of attacks that wiped bank drives in Asia and affected a Saudi Arabian oil firm in 2012.

Martin distanced his agency from the controversial allegations that it conducted mass surveillance of British citizens and said that GCHQ's powers were "strictly circumscribed" and "needed clear justifications as laid down by parliament".

When questioned on the upcoming Investigatory Powers Bill, or 'Snooper's Charter', that the government plans to enact, Martin refused to give an answer but added that the agency's roles only worked "because we have an intelligence capability".

"If we want to protect the UK from the darkest reaches of cyberspace, we have to know how it all works."

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.