UK Cyber Chief: Company Directors Are Devolving Responsibility For Hacks

Uploaded on 2017-06-06 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

GCHQ has demanded that directors start taking charge of cyber security, warning that they are “devolving responsibility” for protecting businesses from hackers.

Ciaran Martin, the head of the agency’s National Cyber Security Centre (NCSC), said it is unacceptable for boards to plead ignorance about the threat from cyber-attacks.

It comes after this month’s debilitating “WannaCry” ransomware outbreak, which caused chaos in the NHS and brought operations at factories and train stations to a halt.

“Our business leaders need to stop saying that cyber security is too complicated, and stop devolving responsibility,” Mr Martin said at The Telegraph Cyber Security Conference in London recently.

“Boards must start to treat cyber threats with the same level of critical importance as they do financial or legal issues. It needs to be unthinkable that a board member would say that cyber issues are too complex for them to make judgements about.”

The NCSC was set up last year to help businesses and public organisations counter hackers, and faced its first major test two weeks ago when the ransomware outbreak infected hundreds of thousands of Windows PCs. Security experts have linked the attack to North Korea, although Pyongyang has denied any involvement.

As well as forcing the NHS to cancel operations and shut some services, production at Renault and Nissan factories was stopped, computer systems at O2’s owner Telefonica were hit and FedEx’s logistics operations were affected.

Mr Martin said the NSC’s investigation into who was responsible were ongoing and warned businesses to “expect further significant incidents”. Security analysts have criticised large companies for a lack of boardroom responsibility for IT safeguards, claiming this makes the type of attacks that have hit TalkTalk and Tesco Bank more likely.

Many corporate computer systems continue to run outdated software without the latest security updates, making them vulnerable to hackers.

Telegraph

You Might Also Read:

Ignoring Software Updates…:

Mandatory Requirement on Business To Disclose Cyber Attacks:

Directors Report: Cyber Security Checklist For Management (£):

4 Signs a Board thinks Security is Better than it Is (£):

Special Report: CEOs And IT Innovation (£):

 

« Fake Microsoft Tech-Support Using WannaCry
Disney Says Film Hack Threat Was A Hoax »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Tendo Solutions

Tendo Solutions

Tendo Solutions provides intelligence, security, forensics and risk solutions to clients across different sectors and jurisdictions.

Cyber Security Network

Cyber Security Network

Cyber Security Network provide specialist cyber security recruitment services.

ManTech International

ManTech International

ManTech provides comprehensive, integrated cyber security support, which includes computer and network design, implementation, and operations.

Sepior

Sepior

Our vision is to make Sepior the leading provider of cloud-encryption software in the world.

Lynxspring

Lynxspring

Lynxspring provides edge-to-enterprise solutions and IoT technology for intelligent buildings, energy management, equipment control and specialty machine-to-machine applications.

Qatar Computing Research Institute (QCRI)

Qatar Computing Research Institute (QCRI)

QCRI perform cutting-edge research in such areas as Arabic language technologies, social computing, data analytics, distributed systems, cyber security and computational science and engineering.

Learning Tree International

Learning Tree International

Learning Tree's comprehensive cyber security training curriculum includes specialised IT security training and general cyber security courses for all levels of your organisation including the C-suite.

Neupart

Neupart

Neupart provides Information Security Management System, Secure ISMS, allowing organisations to automate IT Governance, Risk and Compliance management.

RATEL (SRB-CERT)

RATEL (SRB-CERT)

RATEL has been appointed as the National Center for the Prevention of Security Risks in ICT systems of the Republic of Serbia (SRB-CERT).

C3.ai

C3.ai

The C3 AI Suite supports configurable, pre-built, high value AI applications for predictive maintenance, fraud detection, anti-money laundering, sensor network health and more.

Lionfish Cyber Security

Lionfish Cyber Security

Lionfish Cyber Evolution & Empowerment Model™ empowers SMBs to prepare and protect themselves against cyber threats using a unique combination of on-demand training, support and managed services.

North American International Cyber Summit

North American International Cyber Summit

The North American International Cyber Summit brings together experts from around the globe to provide timely content and address a variety of cybersecurity issues impacting the world.

KSOC Labs

KSOC Labs

KSOC is an event-driven SaaS platform built to automatically remediate Kubernetes security risks.

HiSolutions

HiSolutions

HiSolutions is a renowned consulting firms for IT governance, risk & compliance in Germany, combining highly specialized know-how in the field with profound process competence.

SPIE Switzerland

SPIE Switzerland

SPIE Switzerland AG, a subsidiary of the SPIE Group, is a Swiss full-service provider of ICT, multi-technical and integral facility services.

RIoT Secure

RIoT Secure

RIoT Secure AB is a technology enabler within the IoT industry - created with a vision to ensure security technology exists in the foundations of software development for IoT solutions.