This morning, the National Cyber Security Centre (NCSC) published its two-year review, detailing findings from its second year of operations. The report found that there is “little doubt” that a major cyber attack will happen in the near future and whilst the NCSC has cut the UK’s share of phishing attacks targeting the UK in half from 5.3% to 2.4%, most worryingly, it has also had to prevent multiple attacks from hostile nation states. IT security experts commented below.
Fraser Kyne, EMEA CTO at Bromium:
“Currently, enterprises are relying on threat detection tools to estimate where lightning is going to strike, so they can attempt to intercept hackers before they cause disruption. However, all too often these tools throw up a deluge of alerts that only allow operations teams to react and mitigate once a breach has taken place. It’s time for a change in mindset that focuses on protection first, containing threats before they can do any damage. Detection alone cannot protect organisations from advanced threats. Instead, organisations need to adopt layered cybersecurity defences that allow them to proactively defend against common attack vectors in real-time, instead of reacting after the fact.”
Bill Evans, senior director at One Identity:
Provided those charged with cybersecurity remain focused on their mission during the upheaval that has and will ensue as a result of Brexit, the UK should remain at least as safe as it is today. The biggest potential threat to our cyber defences is if a parliamentarian, who may not be well-versed in cyber security, decides to enact a law that prevents our security professionals from effectively defending our cyber borders.
In order for organisations to play their part in effort to reduce the threat of cyberattack, all enterprises should focus on the “big four” of cyber defences: using multi-factor authentication, implementing a strong privileged access management programme, governance and end user education.”
Javvad Malik, Security Advocate at AlienVault:
The opinions expressed in this article belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.