Slashdot Mirror

← Back to Stories (view on slashdot.org)

Major Cyber-Attack Will Happen Soon, Warns UK's Security Boss (theguardian.com)

Posted by msmash on from the up-next dept.

Alex Hern, writing for The Guardian: A "category one" cyber-attack, the most serious tier possible, will happen "sometime in the next few years", a director of the National Cybersecurity Centre has warned. According to the agency, which reports to GCHQ and has responsibly for ensuring the UK's information security, a category one cybersecurity incident requires a national government response. Speaking at an event about the next decade of information security, Levy warned that "sometime in the next few years we're going to have our first category one cyber-incident." The only way to prevent such a breach, he said, was to change the way businesses and governments think about cybersecurity. Rather than obsessing about buying the right security products, Levy argued, organisations should instead focus on managing risk: understanding the data they hold, the value it has, and how much damage it could do if it was lost, for instance.

4 of 66 comments (clear)

  1. MORE FUNDING! by brian.stinar · · Score: 4, Insightful

    Well, it sounds like the only reasonable thing to do would be to provide the National Cybersecurity Centre with much more funding!!

    1. Re:MORE FUNDING! by Train0987 · · Score: 5, Insightful

      Don't forget abolishing any privacy or encryption.

  2. Managing risk by tomhath · · Score: 4, Interesting

    Rather than obsessing about buying the right security products, Levy argued, organisations should instead focus on managing risk: understanding the data they hold, the value it has, and how much damage it could do if it was lost, for instance.

    He has a good point. When an all out attack does happen you won't be able to stop it. So before it does, make sure your backups work, make sure your restores work, put fences up to stop the spread of an attack, etc, etc.

    In other words, assume the attack will succeed. Then what will you do?

  3. They're So Good That... by ytene · · Score: 4, Informative

    ... it took lone-contributor security researcher, Marcus Hutchins, to stop the WannaCry ransomware outbreak [by registering a domain name].

    Ian Levy, the Director of the UK National Cybersecurity Centre and the individual quoted in the OP, heads an agency that is so good, so capable, so on-the-ball, that it took a private individual to identify a means of neutering WannCry.

    Never mind the fact that it would have been Levy's organisation that was responsible for preventing the NHS and other UK government agencies from being compromised in the first place...

    To give you an idea for just how misguided the man's thinking is, here's another of his quotes, from the same article:-

    "“Cybersecurity professionals have spent the last 25 years saying people are the weakest link. That’s stupid!” he said, “They cannot possibly be the weakest link – they are the people that create the value at these organisations."

    So, let's just get this right. When we have an abundance of evidence that shows that it is people, not technology, who select easily-guessed passwords, people, not technology, that click the links in phishing emails, people, not technology, that try and promote code that hasn't been properly tested, "because they know it's OK, they don't need to test..." ... Mr Levy is certain that all this evidence is wrong, and he is correct.

    I think that having Mr Levy in charge at the NCC is actually more scary than his claims of a "Major Cyber Attack Happening Soon" ...