NCSC published its annual review, finding among other things that it has thwarted more than one million cases of suspected payment card fraud.
Every organisation should have a vulnerability disclosure program – a formal process to accept vulnerability reports from external hackers.
A Vulnerability Disclosure Policy or [email protected] email is the best way to ensure that anyone who sees a security loophole, has a way to raise the alarm.
More and more Government agencies deliver services online. It is very easy to release code that can be hacked. The best way to prevent getting hacked is to get hacked by people you trust. That is why it is great to see that the NCSC is promoting the importance of Vulnerability Disclosure and alerting people to the process of vulnerability reporting. There are over 60 million people in the UK, and together we can create a safer digital Britain.
The latest report from NCSC highlights that cybercrime is a growing problem for businesses and consumers, but that the government is taking steps to make it more challenging for cyberattacks to be successful.
However, the attacks documented are only a fraction of what consumers and businesses are actually facing today. The reality is businesses and consumers are subject to hundreds of attacks every year and should always be on guard for hacking attempts.
Research has shown time and time again that humans are the weakest link in cybersecurity so more education around cybercrime for consumers and businesses is essential.
While the NCSC’s report does a great job of informing us about how it protects UK citizens and SMEs, information for larger organisations feels lacking. Most noticeable is that we still don’t seem to have a recognised professional body that accredits CISOs and other senior cyber security professionals, despite the NCSC saying last year that they were working on it. This makes hiring a tough task for boards, who may all have their own opinions on what a good cyber hire looks like.
Relative to other business risks, cybersecurity is still an emerging threat. Due to its dynamic nature, boards often appoint CISOs for the here and now; focusing on somebody who can get the job done in the current climate, rather than looking for somebody with a more strategic, long-term vision. Whenever this cyber body appears, it must educate boards on the benefits of a strategic CISO, rather than somebody who’s job is solely reactive.
With the private sector – including the growing cyber startup scene – continually innovating, the NCSC should look to collaborate with these businesses in order to ensure they are offering best-in-class training to cyber professionals, while setting a high bar for cyber security accreditation.
Cyberattacks represent one of the most dangerous threats to businesses today and the latest figures from the NCSC demonstrate the importance of a responsible approach to tackling modern-day cybersecurity issues – that is, being proactive not reactive. As technology makes payments easier for customers, it is critical that organisations work with government institutions to better secure the infrastructure and security posture of UK businesses.
Organisations are starting to recognise that the effect of cybercrime is more than just a bad headline and in compromising the data of their customers, they are also breaching the most golden of pacts – trust – that can cause more problems in the aftermath of an attack. We found that 39% of UK citizens admitted to having less trust in organisations than they did five years ago – showing the long-term impact that incidents such as cyberattacks have had on the public’s opinion towards how their data is handled.
Cybercriminals are becoming increasingly creative, better equipped and resourceful; it is therefore important for all organisations to think about how they can work with the government to safeguard their data and business assets. By collaborating and communicating on the matters, businesses can make the transition to a proactive stance in identifying and containing breaches.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics