It’s being reported that the National Cyber Security Centre has exposed a campaign by the GRU (Russian Military Service) of ‘reckless and indiscriminate’ cyberattacks on the UK targeting business, media, politics and sport. IT security experts commented below.
Ross Rustici, Senior Director, Intelligence Services at Cybereason:
Additionally, the UK’s attempt to cast Russia as a malign international actor falls into the category of too little too late. There are no norms when it comes to acceptable use of cyber capabilities. Each country has its own definition of what it will tolerate and what it wont. Currently, there has never been an instance of hacking that has gone above a covert action threshold. The United States and its allies failed to create a consensus around the acceptable use of cyber capabilities by countries, in part because they wanted to preserve their own freedom of action in this space. Now, it is too late to put the genie back in the bottle and we all must suffer the consequences of an unrestrained cyber capability.”
Patrick Hunter, EMEA Director at One Identity:
The NCSC has been a huge investment by the UK government and their work has already seen a massive improvement in our defences. From education to implementation of good practice in every vertical and walk-of-life. So, the statement has been made and what comes next is crucial to getting the upper hand on these types of political/criminal organisations. The UK government and its allies have to be seen to do something, not just continue to talk. The fact that we’ve seen this statement today leads me to believe we’re going to see some results in the near future. We have to believe this, and we have to continue to educate our staff and citizens on how to protect themselves from the basic forms of attack. Keep desktops patched, keep the firewalls and anti-virus software up to date, keep our privileged passwords locked away and use multi-factor authentication where ever possible. We all have our role to play in these battles so let’s play that part well and be a part of the solution.”
The opinions expressed in this article belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.