The UK Will Be Hit By A Category One Cyber-Attack

The UK has not yet faced what would be considered a ‘category one’ cyber-attack, but there is little doubt that it will happen in the years ahead, according to Peter Yapp, the deputy director at the National Cyber Security Centre, which is a core part of the UK government intelligence agency, GCHQ.

Speaking at the inaugural Cyber Security Connect UK conference held in Monaco recently, Yapp explained that since the NCSC was launched over two years ago, it had dealt with 1100 cyber security incidents, or more than 10 a week.

“The majority of these incidents were from hostile nation states, meaning computer hackers that are directed, sponsored or tolerated by governments of those countries and these are the most acute and direct cyber security threats to our national security,” he said.

As a result of these continuing attacks, and the looming prospect of being hit by a devastating category one attack, Yapp suggested that the UK had to be alert to the threat from countries who sought to attack its critical national networks.

“That’s why earlier this year, the NCSC joined forces with the US government to publish evidence that Russia had attacked critical parts of our national infrastructure. This was a landmark act, as it called out both unacceptable practices but also provided the tools to clean up that particular attack,” Yapp claimed.

However, while the nation states represent the most acute threat, it is low sophistication, high volume cyber-attacks that are the ones most likely to cause the average British citizen harm, he added. This is because the incidents themselves can damage individuals and businesses but more importantly, can undermine the confidence citizens have in the digital economy.

Yapp emphasised that the NCSC has some of the best experts in the world working at NCSC to help combat the threat, but said that cybercrime doesn’t need to be beaten as this is unrealistic, but that NCSC and other government agencies need to make it as challenging, unprofitable and risky as possible for perpetrators.

One example of the work that NCSC has done is the active cyber defence (ACD) initiative, which uses automation to reduce some of the most common weaknesses in the UK’s cyber security defences.

“The programme aims to take away as much of the harm from as many people as we can, as often as we can, and this reduces the damage done by high volume cyber-attacks and frees our world class experts to focus on the most potent attacks,” Yapp said.

The programme has helped to slash the proportion of phishing sites hosted in the UK by 5.3% to 2.4%.

Yapp, who was speaking to C-level information security executive delegates, suggested that the next step was to equip every organisation with the tools they needed to protect themselves, starting with a better understanding of the risks.

“We aren’t asking organisations and citizens to have the same security as a nation state, but they do need to be good enough to repel the most common threats and contain those threats that do make it through. So understanding how cyber-attacks work is vital of getting ahead of the programme,” he said.

Forbes:

You Might Also Read:

Why Has The US Not Been Hit With A Devastating Cyber Attack?

Britain Needs A Cyber Army To Defend Against Prolific Attacks:

 

« Five Questions CEOs Are Asking About AI
How To Get Into Cyber Security: Tips, Strategy And Skills »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

European Internet Forum (EIF)

European Internet Forum (EIF)

EIF’s mission is to help provide European political leadership for the political, economic and social challenges of the worldwide digital transformation.

DTEX Systems

DTEX Systems

DTEX Systems is the global leader for insider risk management. We empower organizations to prevent data loss by proactively stopping insider risks from becoming insider threats.

Center for Identity - University of Texas at Austin

Center for Identity - University of Texas at Austin

The mission of the Center is to deliver the highest-quality discoveries, applications, education, and outreach for excellence in identity management, privacy, and security.

Privacy Analytics

Privacy Analytics

Privacy Analytics enables healthcare organizations to unleash the value of sensitive data for secondary purposes without compromising personal health information.

Romanian Association for Information Security Assurance (RAISA)

Romanian Association for Information Security Assurance (RAISA)

RAISA promotes and supports information security activities and creates a community for the exchange of knowledge between specialists, academic and corporate environment in Romania.

Neupart

Neupart

Neupart provides Information Security Management System, Secure ISMS, allowing organisations to automate IT Governance, Risk and Compliance management.

Cyber Army Indonesia (CyberArmyID)

Cyber Army Indonesia (CyberArmyID)

Cyber Army Indonesia (CyberArmyID) is the first platform in Indonesia to collect and validate reports from hackers (referred to as Bug Hunter) regarding vulnerabilities that exist in an organization.

BlueKrypt

BlueKrypt

BlueKrypt is a consulting firm for the security of IT systems and their management.

State Service of Special Communications & Information Protection of Ukraine (SSSCIP)

State Service of Special Communications & Information Protection of Ukraine (SSSCIP)

State Service of Special Communications and Information Protection is the technical security and intelligence service of Ukraine, under the control of the President of Ukraine.

Arkphire

Arkphire

Arkphire provide solutions across every aspect of IT to help your business perform better.

Strata Identity

Strata Identity

Strata is pioneering identity orchestration to unify on-premises and cloud-based authentication and access systems for consistent identity management in multi-cloud environments.

Logically.ai

Logically.ai

Logically combines artificial intelligence with expert analysts to tackle harmful and manipulative content at speed and scale.

8com

8com

8com is an established Managed Security Service Provider (MSSP) with over 75 employees and customers in over 40 countries.

Singularico

Singularico

Singularico help secure your software using the power of AI.

Chestnut Hill Technologies (CHT)

Chestnut Hill Technologies (CHT)

CHT provide Best Practices IT Cybersecurity and Technology Solutions and Consulting Support to the Mid Cap through Fortune 1000 Nationwide.

Codenotary

Codenotary

Codenotary provide a comprehensive suite of verification and enforcement services to guarantee the integrity of your software throughout its entire lifecycle.

Evolve Business Group

Evolve Business Group

Evolve is an independently-owned managed network solutions provider, creating bespoke packages for customers globally since 2005.