Why DDoS Attacks Are 'No Big Deal'Consultant: Regulatory, Reputational Pressures Loom Larger
Child, an information security specialist, presents himself as a bit of a maverick, and he is quick to dismiss the DDoS attacks that have threatened U.S. and EU institutions since the fall of 2012.
"DDoS attacks have been around since time immemorial," says Child, founding partner of Kingston Smith Consulting, which provides security and risk services to scores of clients, including banks. "There may be different variants and themes, but my personal opinion is: Guys, if you're being subject to DDoS attacks, and they're actually circumventing and accessing your systems, you've got more to worry about than DDoS attacks."
Child accepts that the recent attacks have been stronger than those seen in the past, but he still believes that current security controls and automation should be sufficient to prevent DDoS-related outages.A bigger concern, he adds, is whether DDoS is being used by attackers to distract security personnel, so fraud can be perpetrated behind the scenes.
"Quite often, these are just masked attacks to service another purpose," Child says.
In an interview conducted at the Infosecurity Europe event, Child discusses:
- His role as a security consultant;
- Top regulatory and security concerns;
- Why he believes DDoS is old news.
Child is a founding partner of Kingston Smith Consulting, an association of independent accountancy firms with more than 100 offices in 50 countries. He leads the London-based firm's technology risk management practice line. Previously, he was EMEA director at the consulting firm Jefferson Wells and prior to that, global director of information technology audit at Aviva. The senior IT auditor and information security risk professional has developed and directed international audit and risk functions in a range of sectors, including financial services, retail and manufacturing. He is a specialist in risk management, data privacy, internal audit and quality management and has managed the successful implementation of global projects and business initiatives.
Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.