Cyber attacks bolder and more aggressive than ever before, says cyber security centre

Written by Rebecca Hill on 14 March 2017 in News

The National Cyber Security Centre has said that cyber attacks have reached a “scale and boldness not seen before” – and can only be tackled by a collaborative effort between government, industry and law enforcement agencies. 

Cyber attacks are becoming more aggressive - Photo credit: Flickr, FabianOrtiz CC BY 2.0

In its 2016-17 report on cyber threats to UK businesses, the centre said it tackled 188 high-level attacks in the UK in the past three months.

It stressed that the government had a central role to play in ensuring cyber security across the UK, and that it was “committed to making the UK a secure and resilient digital nation”.

The report said: “A key aspect of this strategy is through robust engagement and an active partnership between government, industry and law enforcement to significantly enhance the levels of cyber security across UK networks.”

This includes work by government departments to promote device security, for instance on smart meters and Internet of Things-connected devices.

Related content

“Active cyber defence”: UK’s first National Cyber Security Centre chief sets out strategy
National Cyber Security Centre to publish rankings for departmental email security
Cyber Security Demystified: Your key cloud security questions answered

The document set out a new wave of cyber threats, including an increase in the use of extortion as attacks become “more aggressive and confrontational”, more large-scale attacks from IoT botnets and a growing use of mobile malware, such as malicious or fake apps and SMS phishing attacks.

However, the report said that the most impactful attacks in 2017 would be “directed at building blocks on which the Internet runs, rather than innovative technology”.

There will also be more targeted attacks on industrial connected devices, such as energy smart meters, networked security cameras and automation like connected indoor lighting.

“A stark example of this was seen in Finland in 2016, when denial of service conditions disabled residential automated heating systems in apartment blocks for more than a week,” the report said.

Organisations should also be prepared for attacks that tamper with data, rather than simply stealing or denying access to it, and for attribution of attacks to become more difficult as malware becomes more tailored to each victim.

The document says organisations must report attacks, promote awareness within teams, encourage stronger “cyber hygiene” and boost training for staff, and integrate their cyber security measures with risk management.

The NCSC has also worked with the Crown Commercial Service to add its weight to the second iteration of the procurement framework for cyber security services for public sector bodies.

The Cyber Security Services 2 framework, which went live on 13 March, offers a central route for the public sector to procure cyber services and will only list suppliers with current NCSC certification.

The CCS said this would increase “the technical and qualitative assurance attributed to the suppliers on Cyber Security Services 2”.

Suppliers can add services at any time during the life of the agreement – which is 12 months initially, with the option of extending this to 24 months – and a ‘once only’ process means they can reuse selection questionnaire responses when bidding for other public sector procurements.

The CCS has also simplified the bidding process to make it easier for these small companies to supply the government, and of the 121 suppliers listed, 71% are SMEs.

There are four lots in the framework: cyber consultancy for risk assessment, risk management, and audit and review; CHECK penetration testing – which identifies weaknesses in systems; incident response; and tailored assurance.

The launch of framework and the report coincide with national cyber security conference, CyberUK, which is being held in Liverpool this week.

Share this page


Add new comment

Related Articles

Councils have ‘limited understanding’ of digital skills needed by frontline staff
28 April 2017

Eduserv report finds that just 3% of local government HR leaders rate digital literacy of frontline staff as ‘good’ -...

Socitm Spring 2017: IT professionals association to team up with CCS
28 April 2017

G-Cloud contract term to be extended from two to four years as Socitm president says Crown Commercial Service “is really listening” to local government

Don’t abuse stats during election campaign, UK Statistics Authority chair tells party leaders
24 April 2017

David Norgrove writes to ask parties to make sure their campaign materials don’t mislead the public

Public safety ‘imperilled’ by lack of interoperable police ICT network
24 April 2017

2016 State of Policing report calls for a single decision-making mechanism for ICT to bring forces into the...

Related Sponsored Articles

Schools can win £10,000 to spend with BT following the return of the Tech Factor competition
27 April 2017

BT has launched Tech Factor 2017, a competition inviting schools to show how they would use technology to help pupils prepare for the challenges of the evolving jobs market

UK SMEs showcase projects in competition final to help millions of businesses and citizens stay safe from online crime
19 April 2017

BT, TechHub and the Cabinet Office have announced the winners of their Securing the Nation competition at an event at the iconic BT Tower

BT appoints senior executive to lead public sector business in London and the South East
5 April 2017

BT has appointed a new senior executive, Mark Sexton, to head up its public sector business in London and the South East and implement a new strategic direction to increase its local presence

BT appoints senior executive to lead Public Sector business in Scotland
27 March 2017

BT has appointed a new senior executive, David Wallace, to head up its public sector business in Scotland and implement a new strategic direction to increase local focus nationwide