Cyber attacks bolder and more aggressive than ever before, says cyber security centre

Written by Rebecca Hill on 14 March 2017 in News

The National Cyber Security Centre has said that cyber attacks have reached a “scale and boldness not seen before” – and can only be tackled by a collaborative effort between government, industry and law enforcement agencies. 

Attack, DDOS

Cyber attacks are becoming more aggressive - Photo credit: Flickr, FabianOrtiz CC BY 2.0

In its 2016-17 report on cyber threats to UK businesses, the centre said it tackled 188 high-level attacks in the UK in the past three months.

It stressed that the government had a central role to play in ensuring cyber security across the UK, and that it was “committed to making the UK a secure and resilient digital nation”.

The report said: “A key aspect of this strategy is through robust engagement and an active partnership between government, industry and law enforcement to significantly enhance the levels of cyber security across UK networks.”

This includes work by government departments to promote device security, for instance on smart meters and Internet of Things-connected devices.

Related content

“Active cyber defence”: UK’s first National Cyber Security Centre chief sets out strategy
National Cyber Security Centre to publish rankings for departmental email security
Cyber Security Demystified: Your key cloud security questions answered

The document set out a new wave of cyber threats, including an increase in the use of extortion as attacks become “more aggressive and confrontational”, more large-scale attacks from IoT botnets and a growing use of mobile malware, such as malicious or fake apps and SMS phishing attacks.

However, the report said that the most impactful attacks in 2017 would be “directed at building blocks on which the Internet runs, rather than innovative technology”.

There will also be more targeted attacks on industrial connected devices, such as energy smart meters, networked security cameras and automation like connected indoor lighting.

“A stark example of this was seen in Finland in 2016, when denial of service conditions disabled residential automated heating systems in apartment blocks for more than a week,” the report said.

Organisations should also be prepared for attacks that tamper with data, rather than simply stealing or denying access to it, and for attribution of attacks to become more difficult as malware becomes more tailored to each victim.

The document says organisations must report attacks, promote awareness within teams, encourage stronger “cyber hygiene” and boost training for staff, and integrate their cyber security measures with risk management.

The NCSC has also worked with the Crown Commercial Service to add its weight to the second iteration of the procurement framework for cyber security services for public sector bodies.

The Cyber Security Services 2 framework, which went live on 13 March, offers a central route for the public sector to procure cyber services and will only list suppliers with current NCSC certification.

The CCS said this would increase “the technical and qualitative assurance attributed to the suppliers on Cyber Security Services 2”.

Suppliers can add services at any time during the life of the agreement – which is 12 months initially, with the option of extending this to 24 months – and a ‘once only’ process means they can reuse selection questionnaire responses when bidding for other public sector procurements.

The CCS has also simplified the bidding process to make it easier for these small companies to supply the government, and of the 121 suppliers listed, 71% are SMEs.

There are four lots in the framework: cyber consultancy for risk assessment, risk management, and audit and review; CHECK penetration testing – which identifies weaknesses in systems; incident response; and tailored assurance.

The launch of framework and the report coincide with national cyber security conference, CyberUK, which is being held in Liverpool this week.

Share this page


Add new comment

Related Articles

Scottish flag Scottish digital strategy set out plans for assurance, training and common platforms
22 March 2017

The Scottish government will implement a “tough” assurance process for digital projects, mandate the use of common technologies and offer training to make sure civil servants “get digital”.

Person hacking computer ICO: Councils need to sharpen up on data protection ahead of GDPR
22 March 2017

Survey shows lack of preparedness as data protection watchdog slaps £60,000 fine on Norfolk County Council

Technology Councils told to embrace ‘radical outcomes’ of smart technology
21 March 2017

Councils should be in the “driving seat” of technological change, but need to rethink the role they play in their locality and invest in long-term planning, a report has said.

Networking image Government bodies still need to be PSN compliant, says GDS
17 March 2017

Public sector organisations have been told they still have to meet the common Public Sector Network assurance standards while work is carried out to move away from the network.

Related Sponsored Articles