Attacks On UK Critical Infrastructure Will Double

Uploaded on 2017-12-13 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

The UK’s critical infrastructure faces an increase in cyber-attacks of up to 100% over the next two years at the same time as it faces a critical shortage of security analysts, cyber security expert Huntsman Security has warned.

With critical infrastructure systems increasingly connected to the Internet and customers’ homes, the opportunity to compromise them has also grown; with consequences ranging from critical services being held for ransom, to service outages, economic chaos and even disruption, injury or death to citizens.

This year alone has seen high-profile attacks on power plants in the Ukraine and USA, and significant threats to UK and European transport infrastructure. The risk for critical infrastructure businesses is compounded by the upcoming NIS Directive, as companies that fail to meet security standards will face fines in the tens of millions of pounds. 

“With the ISACA predicting a global shortage of two million cyber security jobs by 2019, there simply aren’t enough security analysts in the UK, or even the world, to cope with the growing threat that critical infrastructure faces,” said Peter Woollacott, CEO of Huntsman Security.

“National agencies are already reporting a significant increase in reported attacks, let alone those that pass undetected. 
“As more elements of services move online, so there are many more opportunities for attackers of any size or capability to try their luck. As a result, our critical infrastructure faces a blizzard of attacks of varying sophistication, any one of which could be as damaging as WanaCry or Stuxnet. 

“Even a simple DDoS attack has brought services such as Sweden’s trains to their knees recently. There’s no way to block all of these potential attacks at the walls of an organisation, and security analysts will soon be overwhelmed by the sheer volume they face. If organisations can’t address these challenges, the danger to the public, and the harm to the organisation itself, will be unacceptable.”

Attacks on national infrastructure have been increasing steadily. In the US, reported cyber incidents against critical infrastructure increased by 49% between 2012 and 2015, with a potentially larger number of unreported or unnoticed incidents yet to be discovered.

In the UK, the introduction of the EU Directive on Security of Network and Information Systems NIS Directive in May 2018 will place additional pressure on critical infrastructure organisations. Under NIS, companies could face fines of up to 4% of turnover or £20 million, whichever is greater, if they can’t prove they have taken sufficient steps to “prevent and minimise” the impact of security incidents.  To date energy, transport, health, drinking water supply and distribution and digital infrastructure have been proposed as the industries NIS covers.

Regardless of industry, the greatest challenge to organisations will be the volume and diversity of potential and actual attacks they face. In this environment, it will be critical to be able to identify, triage and respond to potential threats before they have an opportunity to cause damage. 

Ideally these tasks should be automated, so that security teams only need to take action on those attacks which present the highest risk, instead of being distracted by false alarms.

 “The fact that NIS is making organisations think about these dangers is important, but these thoughts have to be matched with the right action,” continued Woollacott. “When connections were entirely physical, it was relatively simple to prevent and stop attacks, in the online world, this is nowhere near enough. 
“Without the ability to automatically triage potential threats and take the appropriate action, whether that’s simply logging the incident, alerting security teams, or quarantining the danger, organisations will find themselves overwhelmed and the odds of being victim to a major attack with serious consequences will increase accordingly. 
“The Internet as a means of communication is here to stay, meaning organisations will ultimately be judged by how they react to it. By accepting that they can’t stop every attack at the walls, critical infrastructure organisations are safeguarding not only themselves, but the UK as a whole.”

Information Age

Britain Bombarded With High Level Cyber Attacks:

Which Countries Are Ready For Cyberwar?:

Some Observations On Britain's New Cyber Security Strategy:

 

« Cisco & INTERPOL: Working Against Cybercrime
10 Things About The Network and Information Security Directive (NIS) »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Chubb

Chubb

Chubb is the world’s largest publicly traded property and casualty insurer. Commercial services include Cyber Risk insurance.

Anomali

Anomali

Anomali delivers intelligence-driven cybersecurity solutions to enhance threat visibility, automate threat processing and detection, and accelerate threat investigation, response, and remediation.

CLUSIF

CLUSIF

Clusif is the reference association for digital security in France. Its mission is to promote the exchange of ideas and feedback through working groups, conferences and publications.

Global Station for Big Data & Cybersecurity (GSB)

Global Station for Big Data & Cybersecurity (GSB)

GSB is an interdisciplinary research hub to cover big data, information networks, and cybersecurity.

ReversingLabs

ReversingLabs

ReversingLabs develops cyber threat detection and mitigation tools that address the the latest directed attacks, advanced persistent threats and polymorphic malware.

Absio

Absio

Absio provides the technology you need to build data security directly into your software by default, and the design and development services you need to make it happen.

Adzuna

Adzuna

Adzuna is a search engine for job ads used by over 10 million visitors per month that aims to list every job everywhere, including thousands of vacancies in Cybersecurity.

Privacera

Privacera

Privacera enables consistent data governance, security, and compliance across all your data services - on-premises and in the cloud - so you can maximize the value of your data.

IQ4 - Cybersecurity Workforce Alliance (CWA)

IQ4 - Cybersecurity Workforce Alliance (CWA)

Cybersecurity Workforce Alliance, a division of iQ4, is an organization comprised of a diverse range of professionals dedicated to the development of the cybersecurity workforce.

Aigner Business Solutions

Aigner Business Solutions

Aigner Business Solutions GmbH is a specialist in IT-Security and Data Protection. Concise and focussed.

Tego Cyber

Tego Cyber

Tego Cyber delivers a state-of-the-art threat intelligence platform that helps enterprises deploy the proper resolution to an identified threat before the enterprise is compromised.

Foundries.io

Foundries.io

Foundries.io have built a secure, open source platform for the world's connected devices, and a cloud service to configure this to any hardware and any cloud.

Feroot Security

Feroot Security

Feroot Security secures client-side web applications so that businesses can deliver a flawless user experience to their customers. Our products help organizations protect their client-side surface.

Qeros

Qeros

Qeros is a next-generation distributed system enables secure data and transaction processing at the velocity of thought.

Anchor Technologies Inc (ATI)

Anchor Technologies Inc (ATI)

Anchor provides a full spectrum of cybersecurity services assisting our clients with all aspects of cybersecurity risk planning, identification, management, and monitoring.

Lightpath

Lightpath

Lightpath is revolutionizing how organizations connect to their digital destinations by combining our next-generation network with our next-generation customer service.