This morning, the National Cyber Security Centre (NCSC) published its two-year review, detailing findings from its second year of operations. The report found that there is “little doubt” that a major cyber attack will happen in the near future and whilst the NCSC has cut the UK’s share of phishing attacks targeting the UK in half from 5.3% to 2.4%, most worryingly, it has also had to prevent multiple attacks from hostile nation states. IT security experts commented below.
“This report should raise the alarm for any organisation unprepared for attacks from hostile nation states. Whether it’s a sophisticated zero day attack, or a simplistic phishing attempt, organisations must ensure they are ready to proactively prevent nation states from disrupting operations. However, current systems are woefully ill-equipped to deal with common attack vectors like email or downloads, so a determined hacker with the resources of a nation state behind them can easily bypass cyber-defences.
“Currently, enterprises are relying on threat detection tools to estimate where lightning is going to strike, so they can attempt to intercept hackers before they cause disruption. However, all too often these tools throw up a deluge of alerts that only allow operations teams to react and mitigate once a breach has taken place. It’s time for a change in mindset that focuses on protection first, containing threats before they can do any damage. Detection alone cannot protect organisations from advanced threats. Instead, organisations need to adopt layered cybersecurity defences that allow them to proactively defend against common attack vectors in real-time, instead of reacting after the fact.”
“The figures within the NCSC’s report, to my mind, are surprisingly low. This might be due to the limited types of breaches or attempted breaches investigated by the NCSC. In terms of the eventuality of a Category 1 cyberattack, it’s nearly impossible to measure readiness for cyber threats. However, there have been more than 1,000 investigated breaches in the past several years – very few of which have been successful. This suggests that the UK is doing a fine job at averting disaster. As threat actors are continually evolving their strategies for cyberwarfare, the UK needs to continue updating its defences on a daily basis and avoid complacency.
Provided those charged with cybersecurity remain focused on their mission during the upheaval that has and will ensue as a result of Brexit, the UK should remain at least as safe as it is today. The biggest potential threat to our cyber defences is if a parliamentarian, who may not be well-versed in cyber security, decides to enact a law that prevents our security professionals from effectively defending our cyber borders.
In order for organisations to play their part in effort to reduce the threat of cyberattack, all enterprises should focus on the “big four” of cyber defences: using multi-factor authentication, implementing a strong privileged access management programme, governance and end user education.”
Javvad Malik, Security Advocate at AlienVault:
“The comments by NCSC are very interesting and deserve close attention. With the spread of IoT into so many aspects of daily life and critical infrastructure, a cyber attack can have far greater impact and consequences. Companies of all sizes should be wary of cyber attacks and have in place appropriate and adequate security controls to help detect threats so that this information can be shared to better protect everyone.”
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.