The UK Will Be Hit By A Category One Cyber-Attack

The UK has not yet faced what would be considered a ‘category one’ cyber-attack, but there is little doubt that it will happen in the years ahead, according to Peter Yapp, the deputy director at the National Cyber Security Centre, which is a core part of the UK government intelligence agency, GCHQ.

Speaking at the inaugural Cyber Security Connect UK conference held in Monaco recently, Yapp explained that since the NCSC was launched over two years ago, it had dealt with 1100 cyber security incidents, or more than 10 a week.

“The majority of these incidents were from hostile nation states, meaning computer hackers that are directed, sponsored or tolerated by governments of those countries and these are the most acute and direct cyber security threats to our national security,” he said.

As a result of these continuing attacks, and the looming prospect of being hit by a devastating category one attack, Yapp suggested that the UK had to be alert to the threat from countries who sought to attack its critical national networks.

“That’s why earlier this year, the NCSC joined forces with the US government to publish evidence that Russia had attacked critical parts of our national infrastructure. This was a landmark act, as it called out both unacceptable practices but also provided the tools to clean up that particular attack,” Yapp claimed.

However, while the nation states represent the most acute threat, it is low sophistication, high volume cyber-attacks that are the ones most likely to cause the average British citizen harm, he added. This is because the incidents themselves can damage individuals and businesses but more importantly, can undermine the confidence citizens have in the digital economy.

Yapp emphasised that the NCSC has some of the best experts in the world working at NCSC to help combat the threat, but said that cybercrime doesn’t need to be beaten as this is unrealistic, but that NCSC and other government agencies need to make it as challenging, unprofitable and risky as possible for perpetrators.

One example of the work that NCSC has done is the active cyber defence (ACD) initiative, which uses automation to reduce some of the most common weaknesses in the UK’s cyber security defences.

“The programme aims to take away as much of the harm from as many people as we can, as often as we can, and this reduces the damage done by high volume cyber-attacks and frees our world class experts to focus on the most potent attacks,” Yapp said.

The programme has helped to slash the proportion of phishing sites hosted in the UK by 5.3% to 2.4%.

Yapp, who was speaking to C-level information security executive delegates, suggested that the next step was to equip every organisation with the tools they needed to protect themselves, starting with a better understanding of the risks.

“We aren’t asking organisations and citizens to have the same security as a nation state, but they do need to be good enough to repel the most common threats and contain those threats that do make it through. So understanding how cyber-attacks work is vital of getting ahead of the programme,” he said.

Forbes:

You Might Also Read:

Why Has The US Not Been Hit With A Devastating Cyber Attack?

Britain Needs A Cyber Army To Defend Against Prolific Attacks:

 

« Five Questions CEOs Are Asking About AI
How To Get Into Cyber Security: Tips, Strategy And Skills »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

SecureAuth

SecureAuth

SecureAuth delivers cutting edge identity and information security solutions for cloud, mobile, web, and VPN systems.

InAuth

InAuth

InAuth Security Platform delivers advanced device identification, risk detection, and analysis capabilities to help organizations limit risk and reduce fraud.

MixMode

MixMode

MixMode's PacketSled platform delivers network monitoring, deep forensic analysis and incident response.

Lynxspring

Lynxspring

Lynxspring provides edge-to-enterprise solutions and IoT technology for intelligent buildings, energy management, equipment control and specialty machine-to-machine applications.

CybExer Technologies

CybExer Technologies

CybExer provide an on-premise, easily deployable solution for complex technical cyber security exercises based on experience in military grade ranges.

GroupSense

GroupSense

GroupSense helps governments and enterprises take control of digital risk with cyber reconnaissance, counterintelligence and monitoring for breached credentials.

INVISUS

INVISUS

INVISUS protects businesses against the latest cyber risks – including business and employee identity theft, data breaches, and cybersecurity compliance.

OmniCyber Security

OmniCyber Security

Omni is a cyber security firm specialising in Penetration Testing, Managed Security and Compliance.

ServerScan

ServerScan

ServerScan specializes in providing server scanning & compliance services to organizations of all types and sizes.

Rimini Street

Rimini Street

Rimini Street is a global provider of enterprise software support products and services, and the leading third-party support provider for Oracle and SAP software products.

Evo Security

Evo Security

Evo Security is an Identity and Access Management company focused exclusively on serving MSPs, MSSPs and their SMB and Mid-Market customers.

Nokod Security

Nokod Security

Nokod Security delivers an application security platform for low-code / no-code custom applications and Robotic Process Automation (RPA).

EPIQ Infotech

EPIQ Infotech

EPIQ Infotech is a trusted consulting and implementation partner for Oracle JD Edwards and Amazon Web Services (AWS).

Allstate Identity Protection

Allstate Identity Protection

Allstate make it easy to provide complete identity protection, so everyone can live more confidently online.

Cyrex

Cyrex

Cyrex is a Web3 security and development company. Our mastery over decentralized applications, smart contracts and blockchain will keep you secure across Web3.

Swick Technologies (SWICKtech)

Swick Technologies (SWICKtech)

SWICKtech offer IT managed services to increase IT security, stability, and performance for your organization.