In response to the report from NCSC which says that the UK has faced ten cyberattacks per week for the last two years, please see below comments from IT security experts.
Adam Bacchus, Director of Program Operations at HackerOne:
“Brexit may exacerbate the growing talent gap within the field of information security, and potentially reduce the ability to share and receive threat intelligence. Working with the wider white hat hacking community via disclosure or bounty programs can help organizations simulate realistic attacks to safely test DFIR capabilities, as well as find and fix vulnerabilities before they’re exploited by criminals. Encouraging vendors of any third-party software in use to have a vulnerability disclosure or bounty program in place can provide some peace of mind that the software your organization is using is undergoing a continuous security assessment.
There are a variety of threat actors across the world that develop their own exploits for commonly used third party software, identify vulnerabilities in organizations’ self-developed software, and seek out any low hanging fruit, such as exposed administrative interfaces with default creds, or tricking an employee into giving up credentials or opening up a malicious attachment. To reduce risk, organizations should employ phishing awareness exercises and training, develop solid patch and vulnerability management processes, and invest in threat intelligence and DFIR to better know if they are under attack and to respond accordingly.”
Corin Imai, Senior Product Manager at DomainTools:
“The NCSC’s annual review is eye opening to the cyber threats in the UK. While we can remain thankful that none of the 1,167 incidents the centre has dealt with since 2016 constituted a threat to life, we need to all be aware that the capability is there. With nation-states such as Russia and North Korea leveraging cyberspace to flex their muscles, Western democracies need to remain vigilant; We’ve already seen attempts to compromise political structures in the 2016 US election and during the Brexit campaign, so it’s only a matter of time before physical infrastructure is successfully targeted.”
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.