Tag Archives: NCSC

Major life-threatening cyber attack on UK “in little doubt”

The National Cyber Security Centre (NCSC) has published its second Annual Review, in turn revealing that the organisation has prevented Britain from falling victim to nearly 1,200 attacks in the past two years. The NCSC has also warned of the likelihood of a major life-threatening cyber attack on the UK in the near future.

The NCSC states that the UK is hit by ten serious cyber attacks every week. 70% of these attacks are “undertaken by groups of computer hackers directed, sponsored or tolerated by the Governments of [hostile] countries”.

Commenting on these figures, Mishcon de Reya’s cyber security lead Joe Hancock informed Risk Xtra: “1200 attacks may seem like a large number, but the reality is that this is the tip of the iceberg. The majority of these attacks on business, Government and third sector organisations go unreported and often undetected. Behind these high profile attacks there are the millions of online crimes that affect individuals every day.”

NCSCLogoWeb

Focusing on that last point, Hancock continued: “We routinely deal with the often unreported issues. More needs to be done to back law enforcement in supporting both victims and responders to better detect and recover from cyber episodes. A focus on critical infrastructure is welcomed by everyone, but it doesn’t help the millions of victims of cyber fraud. The recent Facebook breach shows the potential downsides of large-scale data collection and reliance on single points, provided by social media to access a wide variety of services across the Internet which can act as a gateway for attackers to further data and services.”

Further, Hancock observed: “Cyber security practices are not consistent globally and an attack against a weaker link in the supply or data chain can have unanticipated consequences for companies and individuals. More is needed to help protect everyday victims of these crimes, and especially so in the international arena. It’s difficult to see how mass cyber crime can be tackled without an international consensus and consequences for nations that turn a blind eye.”

Also, Hancock outlined: “Many of the cyber incidents we deal with have a financial component, often involving the traditional banking system and not only cryptocurrencies such as Bitcoin. Driving cyber criminals out of the financial system will have an impact on cyber crime levels.”

Actions and behaviours

There are specific actions and behaviours that should be adopted now to aid readiness for inevitable cyber attacks. Steve Mulhearn, director of enhanced technologies for the UK and Ireland and DACH at Fortinet, has listed them as prevention, the harnessing of Artificial Intelligence (AI) and adaptive technology and better visibility across the network.

Prevention

Prevention is easier when all employees in the business, not just the IT Department, take responsibility for the security of the business. For example, breaches like the Bupa or Waymo hacks have raised the appreciation of the number of breaches that occur because employees are targeted. The Fortinet Global Enterprise Security Survey 2017 found that 67% of businesses say they’re planning IT security and awareness training for employees in 2018.

Harness AI and adaptive technology

Harnessing the power of AI to learn from breaches, as well analyse data and automate reactions to shut down breaches when they occur, are vital actions. Threats evolve and adapt over time as applications, technologies, configurations, controls and behaviours change, making security an arms race wherein a static solution simply will not do.

Better visibility across the network

A vital tool in this struggle is visibility. You cannot secure what you cannot see. This means control across the distributed network, including endpoints, the Internet of Things and the cloud. According to the Fortinet 2017 Survey, only a small cohort of respondents feel confident that they have full visibility and control of employee access.

*The National Cyber Security Centre’s Annual Review can be accessed online at https://www.ncsc.gov.uk/news/annual-review-2018

Leave a comment

Filed under Risk Xtra

Hikvision awarded Cyber Essentials Plus accreditation by National Cyber Security Centre

Hikvision has been awarded Cyber Essentials Plus status – the highest accreditation in the programme. Operated by the National Cyber Security Centre (NCSC), the Cyber Essentials scheme is an independently assessed accreditation supported by the Government. The scheme is designed to carry out rigorous testing of Internet-enabled products connected to a given company’s infrastructure – in this case that of Hikvision – in order to ensure that, when connected to a network, those products are safe, secure and don’t provide a risk to devices on the rest of the network.

In partnership with five independent test houses, the Cyber Essentials Plus accreditation process covers a number of different areas to ensure users of Internet-enabled devices are assured of the highest level of protection against potential cyber threats and attacks. These independent test houses assess products through internal testing and vulnerability scanning. Cyber Essentials Plus accreditation is only awarded when testers are fully satisfied that the tested products don’t pose a risk to the wider network.

CyberEssentialsPLUSLogo

“Cyber security is really hot topic in the security industry so naturally we’re delighted to have been awarded Cyber Essentials Plus status,” explained Gary Harmer, sales director for Hikvision UK and Ireland. “As the only manufacturer in our industry to have received this level of accreditation, it’s confirmation of the confidence we at Hikvision have in our own operations.”

Hikvision will continue to work with the NCSC and other authorised bodies to maintain, develop and enhance the security of its products, operating environments and processes.

*An earlier version of the Press Release suggested that the Cyber Essentials Plus status relates to products and has caused some confusion. To clarify, Hikvision has been awarded Cyber Essentials Plus accreditation, which relates directly to the security and robustness of its own infrastructure within the company’s UK operation. It was never Hikvision’s intention to mislead the reader with any inference that the accreditation related in any way to the company’s own products. Hikvision sincerely apologises for the unclear statement about the award

*To find out more about Hikvision’s plans for enhanced cyber security, visit Stand D300 at IFSEC International between 19-21 June. IFSEC International runs at London’s ExCeL

Leave a comment

Filed under Risk Xtra