UK Cyber Chief: Company Directors Are Devolving Responsibility For Hacks

Uploaded on 2017-06-06 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

GCHQ has demanded that directors start taking charge of cyber security, warning that they are “devolving responsibility” for protecting businesses from hackers.

Ciaran Martin, the head of the agency’s National Cyber Security Centre (NCSC), said it is unacceptable for boards to plead ignorance about the threat from cyber-attacks.

It comes after this month’s debilitating “WannaCry” ransomware outbreak, which caused chaos in the NHS and brought operations at factories and train stations to a halt.

“Our business leaders need to stop saying that cyber security is too complicated, and stop devolving responsibility,” Mr Martin said at The Telegraph Cyber Security Conference in London recently.

“Boards must start to treat cyber threats with the same level of critical importance as they do financial or legal issues. It needs to be unthinkable that a board member would say that cyber issues are too complex for them to make judgements about.”

The NCSC was set up last year to help businesses and public organisations counter hackers, and faced its first major test two weeks ago when the ransomware outbreak infected hundreds of thousands of Windows PCs. Security experts have linked the attack to North Korea, although Pyongyang has denied any involvement.

As well as forcing the NHS to cancel operations and shut some services, production at Renault and Nissan factories was stopped, computer systems at O2’s owner Telefonica were hit and FedEx’s logistics operations were affected.

Mr Martin said the NSC’s investigation into who was responsible were ongoing and warned businesses to “expect further significant incidents”. Security analysts have criticised large companies for a lack of boardroom responsibility for IT safeguards, claiming this makes the type of attacks that have hit TalkTalk and Tesco Bank more likely.

Many corporate computer systems continue to run outdated software without the latest security updates, making them vulnerable to hackers.

Telegraph

You Might Also Read:

Ignoring Software Updates…:

Mandatory Requirement on Business To Disclose Cyber Attacks:

Directors Report: Cyber Security Checklist For Management (£):

4 Signs a Board thinks Security is Better than it Is (£):

Special Report: CEOs And IT Innovation (£):

 

« Fake Microsoft Tech-Support Using WannaCry
Disney Says Film Hack Threat Was A Hoax »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CERT-In

CERT-In

CERT-In is a functional organisation of the Ministry of Information & Electronics Technology, Government of India, with the objective of securing Indian cyber space.

SI-CERT

SI-CERT

SI-CERT (Slovenian Computer Emergency Response Team) is the national cyber scurity incident response center for Slovenia.

Infiltrate

Infiltrate

INFILTRATE is a deep technical conference that focuses entirely on offensive security issues.

ESG Elektroniksystem- und Logistik-GmbH

ESG Elektroniksystem- und Logistik-GmbH

ESG offer a comprehensive portfolio of cyber and IT services ranging from consulting, solutions and operations to testing, simulation and training.

NRD Cyber Security

NRD Cyber Security

NRD Cyber Security create a secure digital environment for countries, governments, and organisations and implement cybersecurity resilience enhancement projects around the world.

Azeti Networks

Azeti Networks

Azeti Networks is a global provider of IoT technology to a variety of verticals including telecomms, oil/gas, manufacturing, finance and healthcare.

National Information Technology Development Agency (NITDA) - Nigeria

National Information Technology Development Agency (NITDA) - Nigeria

The National Information Technology Development Agency (NITDA) is committed to implementing the Nigerian National Information Technology Policy.

FarrPoint

FarrPoint

FarrPoint is a specialist telecoms consultancy providing a range of services including cyber security assessments and technical assurance to safeguard your data.

Mantix4

Mantix4

Mantix4’s M4 Cyber Threat Hunting Platform actively defends against cyber threats.

California Cybersecurity Institute (CCI) - Cal poly

California Cybersecurity Institute (CCI) - Cal poly

The CCI provides a hands-on research and learning environment to explore new cyber technologies and train and test tactics alongside law enforcement and cyberforensics experts.

Trava Security

Trava Security

Trava simplifies cyber risk management for business owners and IT professionals. Automated assessments, mitigation advising, and data-driven cyber insurance.

ENSCO

ENSCO

The ENSCO group of companies provides engineering, science and advanced technology solutions that guarantee mission success, safety and security to governments and private industries worldwide.

Nicoll Curtin

Nicoll Curtin

Nicoll Curtin is a global company with over 20 years of experience in connecting outstanding talent with industry leading companies within Technology, Change and Cyber Security.

European Data Protection Supervisor (EDPS)

European Data Protection Supervisor (EDPS)

The EDPS is the European Union’s independent data protection authority. We monitor and ensure the protection of personal data and privacy when EU institutions and bodies process personal information.

Unciphered

Unciphered

Unciphered was created as the first company providing services for opening locked hardware cryptocurrency wallets.

NetBird

NetBird

NetBird combines a WireGuard-based overlay network with Zero Trust Network Access, providing a unified platform for reliable and secure connectivity.