“When, not if”
The head of the UK’s National Cyber Security Centre, Ciaran Martin, has stated that a major cyber attack on the UK is a case of “when, not if.” Mr Martin is of the opinion that the UK has been fortunate to so far have avoided a category one (C1) cyber attack and that such an attack could impact elections or cripple infrastructure in the energy or financial sectors.
By way of comparison the WannaCry attack, which had a significant impact on the NHS last May, is classified as a category two (C2) cyber attack. The apparent inevitability of a C1 attack, possibly as a move by a hostile state, is backed up by assertions made by Ian Levy, one of the National Cybersecurity Centre’s directors, in September 2017 that a C1 cyber attack WILL happen “sometime in the next few years.”
WannaCry was eventually blamed on North Korea but there have been other examples of foreign states engaging in cyber espionage. Last week, Defence Secretary Gavin Williamson made statements suggesting that Russia could be looking to launch a cyber attack on the UK. He predicted that if Russia were to attack the UK, it would do so by targeting the UK’s critical energy infrastructure, speculating that any attack would come either by missile attack or cyber attack.
Whilst the Defence Secretary’s warning is chilling, it is worth noting that the Government is not ignoring the issue. Following Mr Martin’s interview with the Guardian newspaper, the Government has warned organisations involved in critical industry and services that they could face major fines, said to be £17m, if their cyber security preparations are not up to standard.
This is at a time where the introduction of the General Data Protection Regulation (GDPR) is only a matter of months away. GDPR comes into force on 25 May 2018 and will carry massive fines for organisations that fail to comply.
Cyber Essentials
The first step to keeping your organisation safe from potential future cyber attacks is to be certified with the Government’s Cyber Essentials scheme.
Certification will protect your organisation from 80% of common cyber threats. It is also a mandatory requirement for organisations wishing to win business with the MOD, and can help your organisation prepare and defend itself against malicious cyber attacks, regardless of the sector you operate in.
You can learn more about Cyber Essentials by downloading our free Cyber Essentials Scheme Summary or by downloading a sample of the Self-Assessment Questionnaire you will be required to complete to become Cyber Essentials certified.
