Cyber attacks bolder and more aggressive than ever before, says cyber security centre
The National Cyber Security Centre has said that cyber attacks have reached a “scale and boldness not seen before” – and can only be tackled by a collaborative effort between government, industry and law enforcement agencies.
In its 2016-17 report on cyber threats to UK businesses, the centre said it tackled 188 high-level attacks in the UK in the past three months.
It stressed that the government had a central role to play in ensuring cyber security across the UK, and that it was “committed to making the UK a secure and resilient digital nation”.
The report said: “A key aspect of this strategy is through robust engagement and an active partnership between government, industry and law enforcement to significantly enhance the levels of cyber security across UK networks.”
This includes work by government departments to promote device security, for instance on smart meters and Internet of Things-connected devices.
“Active cyber defence”: UK’s first National Cyber Security Centre chief sets out strategy
National Cyber Security Centre to publish rankings for departmental email security
Cyber Security Demystified: Your key cloud security questions answered
The document set out a new wave of cyber threats, including an increase in the use of extortion as attacks become “more aggressive and confrontational”, more large-scale attacks from IoT botnets and a growing use of mobile malware, such as malicious or fake apps and SMS phishing attacks.
However, the report said that the most impactful attacks in 2017 would be “directed at building blocks on which the Internet runs, rather than innovative technology”.
There will also be more targeted attacks on industrial connected devices, such as energy smart meters, networked security cameras and automation like connected indoor lighting.
“A stark example of this was seen in Finland in 2016, when denial of service conditions disabled residential automated heating systems in apartment blocks for more than a week,” the report said.
Organisations should also be prepared for attacks that tamper with data, rather than simply stealing or denying access to it, and for attribution of attacks to become more difficult as malware becomes more tailored to each victim.
The document says organisations must report attacks, promote awareness within teams, encourage stronger “cyber hygiene” and boost training for staff, and integrate their cyber security measures with risk management.
The NCSC has also worked with the Crown Commercial Service to add its weight to the second iteration of the procurement framework for cyber security services for public sector bodies.
The Cyber Security Services 2 framework, which went live on 13 March, offers a central route for the public sector to procure cyber services and will only list suppliers with current NCSC certification.
The CCS said this would increase “the technical and qualitative assurance attributed to the suppliers on Cyber Security Services 2”.
Suppliers can add services at any time during the life of the agreement – which is 12 months initially, with the option of extending this to 24 months – and a ‘once only’ process means they can reuse selection questionnaire responses when bidding for other public sector procurements.
The CCS has also simplified the bidding process to make it easier for these small companies to supply the government, and of the 121 suppliers listed, 71% are SMEs.
There are four lots in the framework: cyber consultancy for risk assessment, risk management, and audit and review; CHECK penetration testing – which identifies weaknesses in systems; incident response; and tailored assurance.
The launch of framework and the report coincide with national cyber security conference, CyberUK, which is being held in Liverpool this week.
David Norgrove writes to ask parties to make sure their campaign materials don’t mislead the public
2016 State of Policing report calls for a single decision-making mechanism for ICT to bring forces into the...
Westminster and Whitehall face scramble to pass legislation and policies before parliament dissolves in two weeks, says Institute for Government
The prime minister’s announcement of a general election on 8 June comes as influential House of Commons committee urges...
BT, TechHub and the Cabinet Office have announced the winners of their Securing the Nation competition at an event at the iconic BT Tower
BT has appointed a new senior executive, Mark Sexton, to head up its public sector business in London and the South East and implement a new strategic direction to increase its local presence
BT has appointed a new senior executive, David Wallace, to head up its public sector business in Scotland and implement a new strategic direction to increase local focus nationwide
BT outlines how SME innovations can power public services