A Major UK Cyber Attack Will Happen Soon

A “category one” cyber-attack, the most serious tier possible, will happen “sometime in the next few years”, a director of the National Cybersecurity Centre has warned.

According to the agency, which reports to GCHQ, and has responsibly, for ensuring the UK’s information security, a category one cybersecurity incident requires a national government response.

In the year since the agency was founded, it has covered 500 incidents, according to Ian Levy, the technical director, as well as 470 category three incidents and 30 category two, including the WannaCry ransomworm that took down IT in multiple NHS trusts and bodies.

But speaking at an event about the next decade of information security, Levy warned that “sometime in the next few years we’re going to have our first category one cyber-incident”. The only way to prevent such a breach, he said, was to change the way businesses and governments think about cybersecurity.

Rather than obsessing about buying the right security products, Levy argued, organisations should instead focus on managing risk: understanding the data they hold, the value it has, and how much damage it could do if it was lost, for instance.

His words at the Symantec event come against the background of a major breach at the US data broker Equifax, which lost more than 130 million Americans’ personal information in a hacking attack in May. The data stolen is extremely sensitive, including names, addresses, social security numbers and dates of birth – all the information needed to steal someone’s identity online.

A further 400,000 British residents were affected by the hack, as well as a number of Canadian residents. The information stolen about them was much less personal in nature, however, consisting only of names, dates of birth, email addresses and telephone numbers.

Striking a dour note, Levy warned that it may take the inevitable category one attack to prompt such changes, since only an attack of that scale would result in an independent investigation or government inquiry.

“Then what will really come out is that it was entirely preventable… It will turn out that the organisation that has been breached didn’t really understand what data they had, what value it had or the impact it could have outside that organisation.”

Levy’s advice to organisations who want to prevent such a catastrophic breach from affecting them is to stop putting their faith in off-the-shelf security solutions, and instead work with employees to uncover what is actually possible.

“Cybersecurity professionals have spent the last 25 years saying people are the weakest link. That’s stupid!” he said, “They cannot possibly be the weakest link – they are the people that create the value at these organisations.

“What that tells me is that the systems we’ve built, as technical systems, are not built for people. Techies build systems for techies, they don’t build technical systems for normal people.”

Guardian:

You Might Also Read: 

GCHQ Unveils Its Cybersecurity Playbook:

UK Cyber Chief: Company Directors Are Devolving Responsibility For Hacks:

 

« Facebook's Algorithm And Russian Ads
Firefighters Get AR Powered Glasses »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Tresorit

Tresorit

Tresorit helps teams to collaborate securely and easily by protecting their data with end-to-end encryption.

DMH Stallard

DMH Stallard

DMH Stallard is a mid-market law firm. Areas of expertise include cyber security and cyber crime.

IntSights

IntSights

IntSights is an intelligence driven security provider offering rapid, accurate cyberthreat intelligence and incident mitigation in real time

Crosser

Crosser

The Crosser Platform enables real-time processing of streaming or batch data for Industrial IoT, Data Transformation, Analytics, Automation and Integration.

NeuShield

NeuShield

NeuShield is the only anti-ransomware technology that can recover your damaged data from malicious software attacks without a backup.

FortifyData

FortifyData

FortifyData is the next generation of cyber risk management–a comprehensive platform that continuously evaluates your third-party, internal and people risks.

Maven Security Consulting

Maven Security Consulting

Maven Security Consulting helps companies secure their information assets and digital infrastructure by providing a wide range of customized consulting and training services.

ISTC Foundation

ISTC Foundation

ISTC Foundation is one of the leading innovation centers in Armenia, founded by joint initiative of IBM, USAID, Armenian Government and Enterprise Incubator Foundation.

TryHackMe

TryHackMe

TryHackMe is an online platform that teaches cyber security through short, gamified real-world labs. We have content for both complete beginners and seasoned hackers.

6clicks

6clicks

6clicks is an easy way to implement your risk and compliance program or achieve compliance with ISO 27001, SOC 2, PCI-DSS, HIPAA, NIST, FedRAMP and many other standards.

WheelHouse IT

WheelHouse IT

WheelHouse IT secures, manages, and advances businesses with innovative, cost-effective IT solutions.

Hawk AI

Hawk AI

Hawk AI’s mission is to help financial institutions detect financial crime more effectively and efficiently using AI to enhance rules and find anomalies.

Domotz

Domotz

Domotz enables IT teams to monitor and manage their networks remotely, while ensuring that the security and the operational efficiency of their organizations are properly maintained.

Convergence Networks

Convergence Networks

Convergence Networks is one of North America's leading Managed Services & Security Providers.

Piiano

Piiano

Piiano offers developer-friendly privacy and security products. Reduce risk and protect your data by using our specialized security and privacy SaaS tools.

Liberty Technology

Liberty Technology

Liberty Technology has a host of highly trained, certified experts who assist our clients with immediate remote support as well as on-site service.