The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

National Warning as Major Cyber Attack Detected

05 April 2017 | Updated 01 January 1970
 

Third parties who manage large organisations’ IT services have been attacked by suspected cyber terrorists the government's  National Cyber Security Centre has said as it issues a severe warning and advice on managing enterprise security.

The organisation is leading an investigation in partnership with its Cyber Incident Response partners but it was feared at one time that the terrorists could affect the stability of major organisations in a variety of ways. One feared target, was the UK's network of nuclear power stations.

The attacks were (and still are as they commenced in 2016) against global Managed Service Providers (MSPs), which are third parties who help to manage large organisations’ IT infrastructure and services. MSPs are particularly attractive to attackers because they have privileged access to other organisations’ systems and data.

Ciaran Martin, CEO of the National Cyber Security Centre (NCSC) aid: “This scale of hostile activity is significant and our intervention is aimed at giving the UK the ability to tackle this threat head-on by giving organisations the tools and information they need.

“We always encourage enterprises to discuss this threat with their MSP, even if they have no reason to believe they have been affected. This incident should remind organisations that entire supply chains need to be managed and they cannot outsource their risk.

“The response to this attack is an example of the new NCSC at work with our partners. It would not have been possible to uncover the scale and significance of this incident as quickly without our close partners in Cyber Incident Response (CIR) initiative, including PWC and BAE Systems.”

 

Advice

'Organisations who outsource IT infrastructure are recommended to have an open dialogue with their provider and to understand what model they use to manage your services. If their model is unsatisfactory, the organisation should demand that they change it immediately.

The NCSC recommends that MSPs who are unwilling to work closely with customers or are unwilling to share information should be treated with extreme caution. They also advise that having an independent audit of your MSP is critical for security management – an organisation that neglects such monitoring is unlikely to ever be able to effectively manage the risk'.

The NCSC, which is part of GCHQ, is the UK’s technical authority on cyber security and provides a single, central body for cyber security at a national level.

Picture: Major users of MSPs such as nuclear power stations and airports may be at risk from terrorists and hacktivists

 

 

Article written by Brian Shillibeer | Published 05 April 2017

Share



Related Articles

123456 - 23.2 Million Cyber Victims Used This Password

The most hacked passwords have been revealed as a UK cyber survey exposes gaps in online security with global breach analysis finding 23.2 million victims used 123456 as...

 Read Full Article
Attack On Critical National Infrastructure Imminent

Over half of the respondents to a survey have said they believe an attack on critical national infrastructure is imminent. Most respondents also think the convergence...

 Read Full Article
£17 Million Or 4% Of Turnover - Will Hacked Sodexo Face Crippling Fine?

Sodexo Engage has been hacked - seriously hacked - with the company having to advise users of one of its services to cancel their credit and debit cards as a...

 Read Full Article
From Russia With Loath - World Cyber War Happening

A joint US-UK statement has been made on malicious cyber activity carried out by the Russian government. The National Cyber Security Centre (NCSC), Federal Bureau of...

 Read Full Article
Is Cybersecurity a Home Working Health and Safety Issue?

Bureau Veritas is urging businesses who are remote working to prioritise cybersecurity as a health and safety risk. As Britain looks set to embrace a long-term shift...

 Read Full Article
24% of Planners Say Smart Cities Will be a Security Challenge 

Urban design professionals believe that the use of smart technology in public spaces could pose a security threat. Smart city technology can bring a great many...

 Read Full Article
Amey IT Security Attack Still Unresolved

A “complex IT security incident” of Amey’s systems in December 2020 remains unresolved, meaning parts of their system are still offline. As stated on...

 Read Full Article
2021 New Year's Resolutions for Employers

As we prepare to wave goodbye to a difficult 2020, what positive changes as employers can we bring to the new year?   Join the Race at Work...

 Read Full Article
Cybersecurity – Are Smart Buildings and its Data Vulnerable to Malware Attacks?

As more and more of a building’s functions are automated and controlled via smart technology systems, has cybersecurity been an afterthought? In Boris...

 Read Full Article
Health Passports – The Future of Leisure and Travel?

As a British tech firm launches its secure five in one digital health passport, might this become the solution for reviving global economies? According to a...

 Read Full Article