A Major UK Cyber Attack Will Happen Soon

Uploaded on 2017-10-19 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

A “category one” cyber-attack, the most serious tier possible, will happen “sometime in the next few years”, a director of the National Cybersecurity Centre has warned.

According to the agency, which reports to GCHQ, and has responsibly, for ensuring the UK’s information security, a category one cybersecurity incident requires a national government response.

In the year since the agency was founded, it has covered 500 incidents, according to Ian Levy, the technical director, as well as 470 category three incidents and 30 category two, including the WannaCry ransomworm that took down IT in multiple NHS trusts and bodies.

But speaking at an event about the next decade of information security, Levy warned that “sometime in the next few years we’re going to have our first category one cyber-incident”. The only way to prevent such a breach, he said, was to change the way businesses and governments think about cybersecurity.

Rather than obsessing about buying the right security products, Levy argued, organisations should instead focus on managing risk: understanding the data they hold, the value it has, and how much damage it could do if it was lost, for instance.

His words at the Symantec event come against the background of a major breach at the US data broker Equifax, which lost more than 130 million Americans’ personal information in a hacking attack in May. The data stolen is extremely sensitive, including names, addresses, social security numbers and dates of birth – all the information needed to steal someone’s identity online.

A further 400,000 British residents were affected by the hack, as well as a number of Canadian residents. The information stolen about them was much less personal in nature, however, consisting only of names, dates of birth, email addresses and telephone numbers.

Striking a dour note, Levy warned that it may take the inevitable category one attack to prompt such changes, since only an attack of that scale would result in an independent investigation or government inquiry.

“Then what will really come out is that it was entirely preventable… It will turn out that the organisation that has been breached didn’t really understand what data they had, what value it had or the impact it could have outside that organisation.”

Levy’s advice to organisations who want to prevent such a catastrophic breach from affecting them is to stop putting their faith in off-the-shelf security solutions, and instead work with employees to uncover what is actually possible.

“Cybersecurity professionals have spent the last 25 years saying people are the weakest link. That’s stupid!” he said, “They cannot possibly be the weakest link – they are the people that create the value at these organisations.

“What that tells me is that the systems we’ve built, as technical systems, are not built for people. Techies build systems for techies, they don’t build technical systems for normal people.”

Guardian:

You Might Also Read: 

GCHQ Unveils Its Cybersecurity Playbook:

UK Cyber Chief: Company Directors Are Devolving Responsibility For Hacks:

 

« Facebook's Algorithm And Russian Ads
Firefighters Get AR Powered Glasses »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Athena Forensics

Athena Forensics

Athena Forensics is one of the UK's leading providers of Computer Forensics, Mobile Phone Forensics, Cell Site Analysis and Expert Witness Services.

Netwrix

Netwrix

Netwrix empowers information security and governance professionals to identify and protect sensitive data to reduce the risk of a breach.

Hacker House

Hacker House

Hacker House teaches you what hackers can learn about your business and systems so that preventative solutions to protect your assets can be applied through active measures.

Cyber Security Raad (CSR) - Netherlands

Cyber Security Raad (CSR) - Netherlands

The Cyber Security Council (CSR) is a national, independent advisory body of the Dutch government undertaking efforts at strategic level to bolster cyber security in the Netherlands.

Armis

Armis

Armis offers the markets leading asset intelligence platform designed to address the new threat landscape that connected devices create.

Vdoo

Vdoo

Vdoo provides an end-to-end product security platform for automating all software security tasks throughout the entire product lifecycle.

Council to Secure the Digital Economy (CSDE)

Council to Secure the Digital Economy (CSDE)

CSDE brings together companies from across the ICT sector to combat increasingly sophisticated and emerging cyber threats through collaborative actions.

National Health Care Anti-Fraud Association (NHCAA) - USA

National Health Care Anti-Fraud Association (NHCAA) - USA

National Health Care Anti-Fraud Association is the leading national organization focused exclusively on the fight against health care fraud.

Simply Hired

Simply Hired

Simply Hired is a job search engine that collects job listings from all over the web, including company career pages, job boards and niche job websites.

Raonsecure

Raonsecure

Raonsecure is one of Korea’s leading ICT security software companies – providing a variety of PC and mobile security solutions to financial institutions, government, and enterprise.

Hex-Rays

Hex-Rays

Founded in 2005, privately held, Belgium based, Hex-Rays SA focuses on the development of fast, stable, and robust binary analysis tools for the IT security market.

Alias

Alias

Alias (formerly Alias Forensics) provide penetration testing, vulnerability assessments, incident response and security consulting services.

TPx Communications

TPx Communications

TPx is a leading managed services provider offering a full suite of managed IT, unified communications, network connectivity and security services.

WPScan

WPScan

With WPScan, you'll be the first to know about vulnerabilities affecting your WordPress installation, plugins, and themes.

Coastline Cybersecurity

Coastline Cybersecurity

Coastline Cyber is a cybersecurity consulting firm dedicated to helping organizations strengthen their security posture by reducing risks, mitigating threats, and protecting against attacks.

Amnet Technology Solutions (Amnet Systems)

Amnet Technology Solutions (Amnet Systems)

Amnet Systems is a technology services organization that provides Managed IT, Cloud Computing, Cyber Security, Data Center and Audio Visual services since 1995.