UK Cyber Chief: Company Directors Are Devolving Responsibility For Hacks

Uploaded on 2017-06-06 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

GCHQ has demanded that directors start taking charge of cyber security, warning that they are “devolving responsibility” for protecting businesses from hackers.

Ciaran Martin, the head of the agency’s National Cyber Security Centre (NCSC), said it is unacceptable for boards to plead ignorance about the threat from cyber-attacks.

It comes after this month’s debilitating “WannaCry” ransomware outbreak, which caused chaos in the NHS and brought operations at factories and train stations to a halt.

“Our business leaders need to stop saying that cyber security is too complicated, and stop devolving responsibility,” Mr Martin said at The Telegraph Cyber Security Conference in London recently.

“Boards must start to treat cyber threats with the same level of critical importance as they do financial or legal issues. It needs to be unthinkable that a board member would say that cyber issues are too complex for them to make judgements about.”

The NCSC was set up last year to help businesses and public organisations counter hackers, and faced its first major test two weeks ago when the ransomware outbreak infected hundreds of thousands of Windows PCs. Security experts have linked the attack to North Korea, although Pyongyang has denied any involvement.

As well as forcing the NHS to cancel operations and shut some services, production at Renault and Nissan factories was stopped, computer systems at O2’s owner Telefonica were hit and FedEx’s logistics operations were affected.

Mr Martin said the NSC’s investigation into who was responsible were ongoing and warned businesses to “expect further significant incidents”. Security analysts have criticised large companies for a lack of boardroom responsibility for IT safeguards, claiming this makes the type of attacks that have hit TalkTalk and Tesco Bank more likely.

Many corporate computer systems continue to run outdated software without the latest security updates, making them vulnerable to hackers.

Telegraph

You Might Also Read:

Ignoring Software Updates…:

Mandatory Requirement on Business To Disclose Cyber Attacks:

Directors Report: Cyber Security Checklist For Management (£):

4 Signs a Board thinks Security is Better than it Is (£):

Special Report: CEOs And IT Innovation (£):

 

« Fake Microsoft Tech-Support Using WannaCry
Disney Says Film Hack Threat Was A Hoax »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Egress Software Technologies

Egress Software Technologies

Egress Software Technologies is a leading provider of data security services designed to protect shared information throughout its lifecycle.

CloudInsure

CloudInsure

CloudInsure is a Cloud Insurance platform designed to specifically address emerging liabilities within the Cloud environment.

IoTium

IoTium

Secure Cloud Managed Software Defined IoT Networks. IoTium simplifies establishing and managing secure network infrastructure for Industrial IoT.

Malta Information Technology Agency (MITA)

Malta Information Technology Agency (MITA)

MITA is the central driver of Government Information and Communications Technology (ICT) policy, programmes and initiatives in Malta.

Xcina Consulting (XCL)

Xcina Consulting (XCL)

Xcina Consulting provides high quality business and technology risk assurance and advisory services.

ISARA Corp

ISARA Corp

ISARA Corporation is a security solutions company specializing in creating class-defining quantum-safe cryptography for today's computing ecosystems.

HoxHunt

HoxHunt

HoxHunt is an automated cyber training program that transforms the way your employees react and respond to the growing amount of phishing emails.

Featurespace

Featurespace

Featurespace is a world-leader in Adaptive Behavioural Analytics and creator of the ARIC platform for fraud and risk management.

GlobalPlatform

GlobalPlatform

GlobalPlatform’s specifications are highly regarded as the international standard for enabling digital services and devices to be trusted and securely managed throughout their lifecycle.

Greylock Partners

Greylock Partners

Greylock Partners is a leading venture capital firm based in Silicon Valley. We invest in all sectors of enterprise software technology including applications, cloud/SaaS, networking and security.

HackHunter

HackHunter

HackHunter’s passive sensor network continuously monitors, detects and alerts when a malicious WiFi network and/or hacking behaviour is identified.

CounterFind

CounterFind

CounterFind is turnkey technology that allows brands to find and remove counterfeit and infringing merchandise from online marketplaces and social media sites.

drie

drie

drie is an end-to-end cloud services company based in Bahrain, Dubai and London. We enable businesses to adopt, scale on and build for cloud.

Open Source Security Foundation (OpenSSF)

Open Source Security Foundation (OpenSSF)

OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.

Brightworks Group

Brightworks Group

BrightWorks Group offer comprehensive technology operations and security operations consulting services, tailored to meet your specific needs.

Cyabra

Cyabra

Cyabra is leading the fight against disinformation. Our AI shields companies and the public sector by uncovering malicious actors, bot networks, and GenAI content.