According to a 2015 PwC survey, nearly 9 out of 10 large organizations suffer from some form of security breach in the UK; the starting point for breach costs commences at £1.46 million. Nearly three-quarters of small organizations report a security breach; the starting point for breach costs commences at £75,200. Nearly 7 out of 10 attacks on all firms involve viruses, spyware or malware. Although, the UK government spent a record £1.9 billion to protect the country, it now wants the industry to protect itself.
In order to tackle cyber-security, ensure online safety of both public and private sector organizations as well as general public and the UK’s critical national infrastructure, the Theresa May government has set up National Cyber Security Centre (NCSC) as a public-facing part of the Government Communications Headquarters (GCHQ, a British intelligence and security agency). Matt Hancock, the minister for the cabinet office and paymaster general, stated in a statement:
“The UK faces a growing threat of cyber-attacks from states, serious crime gangs, hacking groups as well as terrorists. The NCSC will help ensure that the people, public and private sector organizations and the critical national infrastructure of the UK are safer online.
“It will bring the UK’s cyber expertise together to transform how the UK tackles cyber security issues. It will be the authoritative voice on information security in the UK and one of its first tasks will be to work with the Bank of England to produce advice for the financial sector for managing cyber security effectively.”
Speaking at the Wired Security conference in London, NCSC’s technical director Dr Ian Levy said NCSC’s core idea is to provide a one-stop-shop for “consistent, coherent advice,” and to do so “in public, transparently.”
“The way you talk about something fundamentally changes the way you evaluate risk about it. The context in which you judge something also determines how you interpret it. So if you’re told that cyber security attacks are purported by winged ninja cyber monkeys who sit in a foreign country who can compromise your machine just by thinking about it you’re going to have a fear response. And that’s where we are today.”
Dr Levy believes a fear response overrides a rational analysis of security issues, which leads to ineffective or misdirected solutions. Therefore, the UK government wants to reset the security narrative to something closer to reality.
“The security companies are incentivized to make it sound as scary as possible because they want you buy their magic amulets. This is what we’re doing today. You buy a cyber security product and you throw it at the problem because you’ve no idea what the problem actually is anymore. If we talk about things as they really are, we have a different set of responses to them.”
In 2013, business consultancy firm KPMG warned that cyber-attacks or massive systems outages could cause the next systemic shock to the UK banking industry, rather than a liquidity crunch. According to a recent study, cyber security incidents cost UK firms £34.1 billion in 2015. Managing malware alone cost £7.5 billion, while data theft incidents cost £6.2 billion. 7% of organizations polled were hit by hackers with the average cost of each attack estimated to be £16,264.
The threat to the UK’s national security from cyber-attacks is real and growing. The government understands that terrorists, hostile states and cyber criminals are among those targeting computer systems in the UK. It recently committed £265 million to help enhance British military cyber systems. Therefore, Critical National Infrastructure (CNI) security expert Barrie Millett believes the NCSC is a step in the right direction.
“Essentially this is moving forward with the government’s Cyber-Security Information Sharing Partnership [CiSP], which has been the starting point of sharing best practice, challenges and collectively trying to bring a plan together,” he told Computer Weekly.
While the NCSC will focus on defensive work, it will be able to call on offensive capabilities developed by GCHQ and the Ministry of Defence. According to SC Magazine, the NCSC will have specialist teams for the City, Whitehall, intelligence and security services, energy, telecoms and other parts of the critical national infrastructure.
This article (As Hackers Speed Up Attacks, UK Gears Up to Tackle Cyber Security Threats Head-On) is a free and open source. You have permission to republish this article under a Creative Commons license with attribution to the author and AnonHQ.com.