A Major UK Cyber Attack Will Happen Soon

A “category one” cyber-attack, the most serious tier possible, will happen “sometime in the next few years”, a director of the National Cybersecurity Centre has warned.

According to the agency, which reports to GCHQ, and has responsibly, for ensuring the UK’s information security, a category one cybersecurity incident requires a national government response.

In the year since the agency was founded, it has covered 500 incidents, according to Ian Levy, the technical director, as well as 470 category three incidents and 30 category two, including the WannaCry ransomworm that took down IT in multiple NHS trusts and bodies.

But speaking at an event about the next decade of information security, Levy warned that “sometime in the next few years we’re going to have our first category one cyber-incident”. The only way to prevent such a breach, he said, was to change the way businesses and governments think about cybersecurity.

Rather than obsessing about buying the right security products, Levy argued, organisations should instead focus on managing risk: understanding the data they hold, the value it has, and how much damage it could do if it was lost, for instance.

His words at the Symantec event come against the background of a major breach at the US data broker Equifax, which lost more than 130 million Americans’ personal information in a hacking attack in May. The data stolen is extremely sensitive, including names, addresses, social security numbers and dates of birth – all the information needed to steal someone’s identity online.

A further 400,000 British residents were affected by the hack, as well as a number of Canadian residents. The information stolen about them was much less personal in nature, however, consisting only of names, dates of birth, email addresses and telephone numbers.

Striking a dour note, Levy warned that it may take the inevitable category one attack to prompt such changes, since only an attack of that scale would result in an independent investigation or government inquiry.

“Then what will really come out is that it was entirely preventable… It will turn out that the organisation that has been breached didn’t really understand what data they had, what value it had or the impact it could have outside that organisation.”

Levy’s advice to organisations who want to prevent such a catastrophic breach from affecting them is to stop putting their faith in off-the-shelf security solutions, and instead work with employees to uncover what is actually possible.

“Cybersecurity professionals have spent the last 25 years saying people are the weakest link. That’s stupid!” he said, “They cannot possibly be the weakest link – they are the people that create the value at these organisations.

“What that tells me is that the systems we’ve built, as technical systems, are not built for people. Techies build systems for techies, they don’t build technical systems for normal people.”

Guardian:

You Might Also Read: 

GCHQ Unveils Its Cybersecurity Playbook:

UK Cyber Chief: Company Directors Are Devolving Responsibility For Hacks:

 

« Facebook's Algorithm And Russian Ads
Firefighters Get AR Powered Glasses »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

KoolSpan

KoolSpan

KoolSpan’s security and privacy solutions address the growing threat of loss or theft of intellectual property, information, and proprietary assets.

CERT-GOV-MD

CERT-GOV-MD

CERT-GOV-MD is the national Computer Emergency Response Team for Moldova.

AVG Technologies

AVG Technologies

AVG is focused on providing home and business computer users with the most comprehensive and proactive protection against computer security threats.

Industrial Cyber-Physical Systems Center (iCyPhy)

Industrial Cyber-Physical Systems Center (iCyPhy)

The goal of iCyPhy is to conduct pre-competitive research on architectures and design, modeling, and analysis techniques for cyber-physical systems.

Indeed

Indeed

Indeed is a worldwide employment-related search engine for job listings covering job types in all industries, including cybersecurity.

Sponge

Sponge

Cybersecurity Sorted by Sponge is a seriously engaging training game to make your staff the first line of defence against cyber threats.

SearchInform

SearchInform

SearchInform is a leading risk management product developer, protecting business and government institutions against data theft, harmful human behavior, compliance breaches and incomplete audit.

Wayra

Wayra

Wayra connects Telefónica and technological disruptors around the world. As their preferred strategic partner, we scale them up to accelerate their business and ours.