The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

Saturday, 23 November

National Warning as Major Cyber Attack Detected

Third parties who manage large organisations’ IT services have been attacked by suspected cyber terrorists the government's  National Cyber Security Centre has said as it issues a severe warning and advice on managing enterprise security.

The organisation is leading an investigation in partnership with its Cyber Incident Response partners but it was feared at one time that the terrorists could affect the stability of major organisations in a variety of ways. One feared target, was the UK's network of nuclear power stations.

The attacks were (and still are as they commenced in 2016) against global Managed Service Providers (MSPs), which are third parties who help to manage large organisations’ IT infrastructure and services. MSPs are particularly attractive to attackers because they have privileged access to other organisations’ systems and data.

Ciaran Martin, CEO of the National Cyber Security Centre (NCSC) aid: “This scale of hostile activity is significant and our intervention is aimed at giving the UK the ability to tackle this threat head-on by giving organisations the tools and information they need.

“We always encourage enterprises to discuss this threat with their MSP, even if they have no reason to believe they have been affected. This incident should remind organisations that entire supply chains need to be managed and they cannot outsource their risk.

“The response to this attack is an example of the new NCSC at work with our partners. It would not have been possible to uncover the scale and significance of this incident as quickly without our close partners in Cyber Incident Response (CIR) initiative, including PWC and BAE Systems.”

 

Advice

'Organisations who outsource IT infrastructure are recommended to have an open dialogue with their provider and to understand what model they use to manage your services. If their model is unsatisfactory, the organisation should demand that they change it immediately.

The NCSC recommends that MSPs who are unwilling to work closely with customers or are unwilling to share information should be treated with extreme caution. They also advise that having an independent audit of your MSP is critical for security management – an organisation that neglects such monitoring is unlikely to ever be able to effectively manage the risk'.

The NCSC, which is part of GCHQ, is the UK’s technical authority on cyber security and provides a single, central body for cyber security at a national level.

Picture: Major users of MSPs such as nuclear power stations and airports may be at risk from terrorists and hacktivists

 

 

Article written by Brian Shillibeer

Share



Related Articles

Yahoo Cyber Breach Was Bigger

Yahoo has announced (week ending Oct 6) that it is providing notice to additional user accounts affected by an August 2013 data theft previously disclosed by the company...

 Read Full Article
FTSE 350 - General Data Protection Awareness Good

The Government will soon be introducing its new Data Protection Bill to Parliament. With this almost certain to come into effect next May, implementing the General Data...

 Read Full Article
FTSE 350 Cyber Governance Health Check

Britain’s top firms and charities urgently need to do more to protect themselves from online threats, according to new Government research and a ‘cyber health...

 Read Full Article
123456 - 23.2 Million Cyber Victims Used This Password

The most hacked passwords have been revealed as a UK cyber survey exposes gaps in online security with global breach analysis finding 23.2 million victims used 123456 as...

 Read Full Article
Attack On Critical National Infrastructure Imminent

Over half of the respondents to a survey have said they believe an attack on critical national infrastructure is imminent. Most respondents also think the convergence...

 Read Full Article
Is It Your Time For Body Worn Cameras?

Traka has launched a new downloadable paper to open a discussion on the opportunities and challenges of introducing body worn technology. The paper, entitled 'Body...

 Read Full Article
Officers of Distinction

The British Security Industry Association's Security Personnel Awards has seen Securitas staff recognised in three categories. Meanwhile, three Axis Security Officers...

 Read Full Article
£17 Million Or 4% Of Turnover - Will Hacked Sodexo Face Crippling Fine?

Sodexo Engage has been hacked - seriously hacked - with the company having to advise users of one of its services to cancel their credit and debit cards as a...

 Read Full Article
From Russia With Loath - World Cyber War Happening

A joint US-UK statement has been made on malicious cyber activity carried out by the Russian government. The National Cyber Security Centre (NCSC), Federal Bureau of...

 Read Full Article
Top 10 IT Security Predictions for 2018

As the headline implies...in fact, blatantly states, we have the top ten IT security predictions - courtesy of Ian Kilpatrick.   1. Security blossoms in the...

 Read Full Article